steampipe plugin install datadog

Table: datadog_security_monitoring_signal - Query Datadog Security Monitoring Signals using SQL

Datadog Security Monitoring is a feature within Datadog that allows real-time threat detection across your applications and infrastructure. It provides a centralized way to set up and manage alerts for various security incidents, including potential vulnerabilities, unauthorized access, and more. Datadog Security Monitoring helps you stay informed about the security status of your resources and take appropriate actions when predefined conditions are met.

Table Usage Guide

The datadog_security_monitoring_signal table provides insights into Security Monitoring Signals within Datadog. As a Security Analyst, explore signal-specific details through this table, including threat levels, incident times, and associated metadata. Utilize it to uncover information about security incidents, such as those related to potential vulnerabilities, the severity of the incidents, and the verification of incident responses.

Examples

Basic info

Explore the various signals from your Datadog security monitoring system. This allows you to gain insights into the events and notifications, helping you better understand your system's security status.

select
id,
title,
timestamp,
message,
jsonb_pretty(attributes) as attributes
from
datadog_security_monitoring_signal;
select
id,
title,
timestamp,
message,
attributes
from
datadog_security_monitoring_signal;

List signals created in the last 5 days

Discover the segments that have generated signals in the past 5 days. This can help in identifying recent security issues or changes within the system that may require attention.

select
id,
title,
timestamp,
message,
jsonb_pretty(attributes) as attributes
from
datadog_security_monitoring_signal
where
timestamp >= (current_date - interval '5' day);
select
id,
title,
timestamp,
message,
attributes
from
datadog_security_monitoring_signal
where
timestamp >= date('now', '-5 day');

List high status signals

Explore high-priority security signals in your Datadog environment to proactively address potential threats and maintain system integrity.

select
id,
title,
timestamp,
jsonb_pretty(attributes) as attributes
from
datadog_security_monitoring_signal
where
filter_query = 'status:(critical OR high OR medium)';
select
id,
title,
timestamp,
attributes
from
datadog_security_monitoring_signal
where
filter_query = 'status:(critical OR high OR medium)';

List AWS S3 signals created in the last 7 days

Determine the areas in which AWS S3 signals have been created in the past week. This is useful for monitoring recent activity and identifying potential security issues.

select
id,
title,
timestamp,
jsonb_pretty(attributes) as attributes
from
datadog_security_monitoring_signal
where
filter_query = 'scope:s3'
and timestamp >= (current_date - interval '7' day);
select
id,
title,
timestamp,
attributes
from
datadog_security_monitoring_signal
where
filter_query = 'scope:s3'
and timestamp >= date('now', '-7 day');

Schema for datadog_security_monitoring_signal

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
attributesjsonbA JSON object of attributes in the security signal.
filter_querytext=The search query for security signals. For more information refer https://docs.datadoghq.com/security_platform/explorer/
idtextThe unique ID of the security signal.
messagetextThe message in the security signal defined by the rule that generated the signal.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbAn array of tags associated with the security signal.
timestamptimestamp with time zone>, >=, =, <, <=The timestamp of the security signal.
titletextTitle of the security signal

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- datadog

You can pass the configuration to the command with the --config argument:

steampipe_export_datadog --config '<your_config>' datadog_security_monitoring_signal