Table: datadog_security_monitoring_signal - Query Datadog Security Monitoring Signals using SQL

Datadog Security Monitoring is a feature within Datadog that allows real-time threat detection across your applications and infrastructure. It provides a centralized way to set up and manage alerts for various security incidents, including potential vulnerabilities, unauthorized access, and more. Datadog Security Monitoring helps you stay informed about the security status of your resources and take appropriate actions when predefined conditions are met.

Table Usage Guide

The datadog_security_monitoring_signal table provides insights into Security Monitoring Signals within Datadog. As a Security Analyst, explore signal-specific details through this table, including threat levels, incident times, and associated metadata. Utilize it to uncover information about security incidents, such as those related to potential vulnerabilities, the severity of the incidents, and the verification of incident responses.

Examples

Basic info

Explore the various signals from your Datadog security monitoring system. This allows you to gain insights into the events and notifications, helping you better understand your system's security status.

select
  id,
  title,
  timestamp,
  message,
  jsonb_pretty(attributes) as attributes
from
  datadog_security_monitoring_signal;

select
  id,
  title,
  timestamp,
  message,
  attributes
from
  datadog_security_monitoring_signal;

List signals created in the last 5 days

Discover the segments that have generated signals in the past 5 days. This can help in identifying recent security issues or changes within the system that may require attention.

select
  id,
  title,
  timestamp,
  message,
  jsonb_pretty(attributes) as attributes
from
  datadog_security_monitoring_signal
where
  timestamp >= (current_date - interval '5' day);

select
  id,
  title,
  timestamp,
  message,
  attributes
from
  datadog_security_monitoring_signal
where
  timestamp >= date('now', '-5 day');

List high status signals

Explore high-priority security signals in your Datadog environment to proactively address potential threats and maintain system integrity.

select
  id,
  title,
  timestamp,
  jsonb_pretty(attributes) as attributes
from
  datadog_security_monitoring_signal
where
  filter_query = 'status:(critical OR high OR medium)';

select
  id,
  title,
  timestamp,
  attributes
from
  datadog_security_monitoring_signal
where
  filter_query = 'status:(critical OR high OR medium)';

List AWS S3 signals created in the last 7 days

Determine the areas in which AWS S3 signals have been created in the past week. This is useful for monitoring recent activity and identifying potential security issues.

select
  id,
  title,
  timestamp,
  jsonb_pretty(attributes) as attributes
from
  datadog_security_monitoring_signal
where
  filter_query = 'scope:s3'
  and timestamp >= (current_date - interval '7' day);

select
  id,
  title,
  timestamp,
  attributes
from
  datadog_security_monitoring_signal
where
  filter_query = 'scope:s3'
  and timestamp >= date('now', '-7 day');

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- datadog

You can pass the configuration to the command with the --config argument:

steampipe_export_datadog --config '<your_config>' datadog_security_monitoring_signal