Table: datadog_security_monitoring_rule - Query Datadog Security Monitoring Rules using SQL
Datadog Security Monitoring Rules is a feature within Datadog that allows users to define and manage rules for security threats. It provides a centralized way to set up and manage rules for various types of security threats, including network intrusions, unauthorized access, and more. Datadog Security Monitoring Rules helps you stay informed about the security status of your resources and take appropriate actions when predefined conditions are met.
Table Usage Guide
The datadog_security_monitoring_rule
table provides insights into Security Monitoring Rules within Datadog. As a security engineer, explore rule-specific details through this table, including rule configurations, conditions, and associated metadata. Utilize it to uncover information about rules, such as those related to specific security threats, the conditions that trigger them, and the actions taken when those conditions are met.
Examples
Basic info
Explore which security monitoring rules have been created on your Datadog platform. This allows you to understand who created each rule, when they were created, and any filters or tags applied, helping you manage and organize your security protocols effectively.
select id, name, creation_author_id, created_at, is_default, filters, tagsfrom datadog_security_monitoring_rule;
select id, name, creation_author_id, created_at, is_default, filters, tagsfrom datadog_security_monitoring_rule;
List custom monitoring rules
Uncover the details of custom security monitoring rules in your system, focusing on those that are not default, to better understand your security landscape and identify potential areas of improvement. This query is particularly beneficial for those seeking to optimize their security settings and ensure that custom rules are properly configured and functioning as expected.
select id, name, creation_author_id, created_at, is_default, tags, filtersfrom datadog_security_monitoring_rulewhere not is_default;
select id, name, creation_author_id, created_at, is_default, tags, filtersfrom datadog_security_monitoring_rulewhere is_default = 0;
Filter monitoring rules by tags
Explore which monitoring rules have been specifically tagged for AWS cloud and S3 source. This allows you to quickly identify and review the rules applicable to your AWS S3 resources.
select id, name, creation_author_id, created_at, is_default, tags, filtersfrom datadog_security_monitoring_rulewhere tags @> '["cloud:aws", "source:s3"]' :: jsonb
Error: SQLite does not support the contains operator (@>) for JSON objects.
Schema for datadog_security_monitoring_rule
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
cases | jsonb | Cases for generating signals. | |
created_at | text | When the rule was created, timestamp in milliseconds. | |
creation_author_id | text | User ID of the user who created the rule. | |
filters | jsonb | Additional queries to filter matched events before they are processed. | |
has_extended_title | boolean | Whether the notifications include the triggering group-by values in their title. | |
id | text | = | The ID of the rule. |
is_default | boolean | Whether the rule is included by default. | |
is_deleted | boolean | Whether the rule has been deleted. | |
is_enabled | boolean | Whether the rule is enabled. | |
message | text | Message for generated signals. | |
name | text | The name of the rule. | |
options | jsonb | Additional options for security monitoring rules. | |
queries | text | Queries for selecting logs which are part of the rule. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | Tags for generated signals. | |
type | text | The security monitoring rule type. | |
update_author_id | text | User ID of the user who updated the rule. | |
version | bigint | The version of the rule. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- datadog
You can pass the configuration to the command with the --config
argument:
steampipe_export_datadog --config '<your_config>' datadog_security_monitoring_rule