Table: datadog_security_monitoring_signal - Query Datadog Security Monitoring Signals using SQL
Datadog Security Monitoring is a feature within Datadog that allows real-time threat detection across your applications and infrastructure. It provides a centralized way to set up and manage alerts for various security incidents, including potential vulnerabilities, unauthorized access, and more. Datadog Security Monitoring helps you stay informed about the security status of your resources and take appropriate actions when predefined conditions are met.
Table Usage Guide
The datadog_security_monitoring_signal
table provides insights into Security Monitoring Signals within Datadog. As a Security Analyst, explore signal-specific details through this table, including threat levels, incident times, and associated metadata. Utilize it to uncover information about security incidents, such as those related to potential vulnerabilities, the severity of the incidents, and the verification of incident responses.
Examples
Basic info
Explore the various signals from your Datadog security monitoring system. This allows you to gain insights into the events and notifications, helping you better understand your system's security status.
select id, title, timestamp, message, jsonb_pretty(attributes) as attributesfrom datadog_security_monitoring_signal;
select id, title, timestamp, message, attributesfrom datadog_security_monitoring_signal;
List signals created in the last 5 days
Discover the segments that have generated signals in the past 5 days. This can help in identifying recent security issues or changes within the system that may require attention.
select id, title, timestamp, message, jsonb_pretty(attributes) as attributesfrom datadog_security_monitoring_signalwhere timestamp >= (current_date - interval '5' day);
select id, title, timestamp, message, attributesfrom datadog_security_monitoring_signalwhere timestamp >= date('now', '-5 day');
List high status signals
Explore high-priority security signals in your Datadog environment to proactively address potential threats and maintain system integrity.
select id, title, timestamp, jsonb_pretty(attributes) as attributesfrom datadog_security_monitoring_signalwhere filter_query = 'status:(critical OR high OR medium)';
select id, title, timestamp, attributesfrom datadog_security_monitoring_signalwhere filter_query = 'status:(critical OR high OR medium)';
List AWS S3 signals created in the last 7 days
Determine the areas in which AWS S3 signals have been created in the past week. This is useful for monitoring recent activity and identifying potential security issues.
select id, title, timestamp, jsonb_pretty(attributes) as attributesfrom datadog_security_monitoring_signalwhere filter_query = 'scope:s3' and timestamp >= (current_date - interval '7' day);
select id, title, timestamp, attributesfrom datadog_security_monitoring_signalwhere filter_query = 'scope:s3' and timestamp >= date('now', '-7 day');
Schema for datadog_security_monitoring_signal
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
attributes | jsonb | A JSON object of attributes in the security signal. | |
filter_query | text | = | The search query for security signals. For more information refer https://docs.datadoghq.com/security_platform/explorer/ |
id | text | The unique ID of the security signal. | |
message | text | The message in the security signal defined by the rule that generated the signal. | |
tags | jsonb | An array of tags associated with the security signal. | |
timestamp | timestamp with time zone | >, >=, =, <, <= | The timestamp of the security signal. |
title | text | Title of the security signal |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- datadog
You can pass the configuration to the command with the --config
argument:
steampipe_export_datadog --config '<your_config>' datadog_security_monitoring_signal