惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
博客园_首页
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
P
Palo Alto Networks Blog
V
Vulnerabilities – Threatpost
雷峰网
雷峰网
O
OpenAI News
SecWiki News
SecWiki News
小众软件
小众软件
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
N
News | PayPal Newsroom
Project Zero
Project Zero
Forbes - Security
Forbes - Security
IT之家
IT之家
A
Arctic Wolf
WordPress大学
WordPress大学
Jina AI
Jina AI
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
博客园 - 聂微东
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
Cloudbric
Cloudbric
G
GRAHAM CLULEY
博客园 - 叶小钗
H
Hacker News: Front Page
腾讯CDC
量子位
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
宝玉的分享
宝玉的分享
爱范儿
爱范儿
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recorded Future
Recorded Future
C
CERT Recently Published Vulnerability Notes

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Migrate from your existing SIEM and quickly onboard security teams with Datadog Cloud SIEM
2025-07-03 · via Datadog | The Monitor blog
Vera Chan

Vera Chan

Edith Mendez

Edith Mendez

Melanie Yu

Melanie Yu

Nimisha Saxena

Nimisha Saxena

Anthony Randazzo

Anthony Randazzo

Will Roper

Will Roper

Many organizations face significant challenges with onboarding teams to a new or existing SIEM. Security teams grapple with escalating expenses tied to data ingestion, storage, and retention at scale. Steep learning curves can make setup an ongoing and frustrating chore, leading to mistakes and gaps in coverage. Further, SIEMs with constrained ecosystem integrations block users from the tools and customizable workflows they need and are comfortable with.

A modern SIEM should offer flexible data ingestion from any source, quick out-of-the-box tools to get started, and robust integrations that enable teams to onboard quickly and scale without sacrificing flexibility. This culminates in a de-risked migration path from legacy systems, so organizations can modernize at their own pace without operational disruption.

Datadog Cloud SIEM offers an intuitive onboarding path, allowing you to reroute your logs from any source into Datadog and immediately tap into over 900 built-in integrations. Whether you’re using custom APIs, Observability Pipelines, or prebuilt Content Packs, Datadog accelerates time to value.

In this post, we’ll highlight some of the ways you can avoid onboarding complexity and immediately get the most out of Cloud SIEM, including how you can:

Manage security logs effectively with flexible ingestion and routing

Security engineers often struggle to control the volume, quality, and sensitivity of the log data entering their SIEM. Without fine-grained control at the point of ingestion, they face ballooning costs from high-volume sources, increased risk from unredacted sensitive data, and limited visibility due to rigid or one-size-fits-all log forwarding tools. These challenges make it difficult to balance compliance, cost efficiency, and threat detection needs, especially in multi-environment architectures.

Datadog Observability Pipelines enables teams to aggregate, process, and route logs before directing them to cloud platforms, SIEM tools, data lakes, or other analytics solutions. It allows you to filter, deduplicate, and transform logs on-premises, ensuring only valuable data is sent to downstream systems. This feature reduces costs and increases efficiency by enabling log-to-metrics conversion, rule-based quotas, and dual shipping (sending logs to two destinations) using built-in templates for flexible migrations, all while maintaining access to critical insights.

A Datadog Observability Pipelines set of templates.

For example, a security team can redact sensitive data from on-prem environments before logs leave their network. By using built-in transformations, they can ensure compliance with privacy standards and internal security policies, including masking, hashing, or removing sensitive fields such as personally identifiable information (PII) or proprietary data. This helps organizations mitigate risks while maintaining operational transparency and regulatory adherence.

Observability Pipelines can also enrich logs with contextual data and apply advanced parsing rules for actionable insights before ingestion. With an intuitive control plane, live data capture, and centralized monitoring, teams can design, deploy, and manage their log pipelines efficiently.

A Datadog Observability Pipelines pipeline of processors.

As soon as your logs land in Datadog, Log Management allows for the centralization and retention of logs from virtually any data source. With out-of-the-box pipelines for over 900 integrations and the ability to create custom log pipelines, you can easily collect logs from sources such as cloud audit logs, identity provider logs, SaaS and Google Workspace logs, and third-party security integrations like Amazon GuardDuty.

Retain your tools and workflows with integrations and custom APIs

As environments grow more complex, security teams often struggle with fragmented telemetry and inconsistent log coverage. Many SIEMs require manual configuration or can’t ingest data from niche tools, making it difficult to unify signals across cloud platforms, SaaS providers, and on-prem systems.

With over 900 prebuilt integrations, Datadog Cloud SIEM connects to the tools and platforms your organization relies on. These integrations enable immediate visibility across your environment, eliminating the need for complex configuration or learning new workflows. From AWS and Microsoft Azure to Kubernetes and third-party security tools, Datadog simplifies monitoring and log ingestion, giving you comprehensive coverage with minimal effort.

For organizations with unique requirements, Datadog’s flexible custom APIs provide a way to build bespoke integrations and workflows. These APIs facilitate connectivity for even niche systems, offering adaptability and customization.

Flex Logs lets you further dial ingestion and retention up or down to match each security use case, whether that’s real-time detection on firewall traffic or 15-month look-backs for compliance. You can configure which log streams Cloud SIEM should analyze right from the UI, then cost-effectively scale storage without losing investigation context.

Setting up Datadog Flex Logs.

For a deeper dive into Flex Logs strategy and advanced use cases, see our Flex Logs and SIEM use cases post.

Rapidly activate and onboard your SIEM team with Content Packs

Even after successfully migrating logs and integrating familiar tools, security teams often face a final hurdle: getting up to speed quickly. Whether onboarding new analysts or transitioning from a legacy SIEM, teams can struggle to operationalize the platform due to steep learning curves, limited documentation, and fragmented content scattered across different sources.

To accelerate adoption and reduce friction while ramping up, teams can activate Cloud SIEM by accessing Content Packs. Content Packs include bundled prebuilt threat detection rules, dashboards, graphical investigative tools, automated workflows, and written content such as blogs, configuration guides, and more, all related to specific integrations.

List of Cloud SIEM Content Packs.
List of Cloud SIEM Content Packs.

Imagine a security analyst on day three at a new company, tasked with monitoring a large distributed AWS environment before the week is over. They need immediate visibility into CloudTrail activity, baseline detections, and investigative dashboards so they can triage alerts with confidence. Let’s walk through how they can get there in minutes with the AWS CloudTrail Content Pack.

AWS CloudTrail Content Pack.

From the Cloud SIEM page, a security analyst can activate the AWS CloudTrail Content Pack in just a few clicks and unlock all its bundled content for centralized access in the overview side panel. This includes 100+ prebuilt AWS CloudTrail detection rules (aligned with the MITRE ATT&CK® Framework), out-of-the-box dashboards, and workflow blueprints to accelerate threat detection and response.

One rule from the AWS CloudTrail Content Pack detects suspicious activity associated with xlarge EC2 instances and cryptomining, a growing threat in cloud environments.

This detection rule that catches an attempt to create xlarge EC2 instances in multiple AWS Regions was created by one of Datadog’s threat detection engineers and is tagged with the TA0005-defense-evasion tactic and the T1535-unused-or-unsupported-cloud-regions technique. This helps visualize and identify gaps to strengthen detection coverage.

From the side panel, the analyst can also interact with a prebuilt AWS Cloudtrail dashboard to visualize anomalous activity, or they can scroll to the Cloud SIEM AWS Investigator to explore security logs using an interactive graphical interface. Within the AWS CloudTrail Content Pack, security teams can access a collection of 10+ prebuilt SOAR Workflow Automation blueprints designed to automate incident response and remediation. For example, the Investigate and Block Malicious IPs in AWS WAF SOAR blueprint automatically creates a notebook to help security responders quickly kick-start their investigation. The blueprint also launches a Slack prompt for responders, allowing them to block the IP or create an incident directly from Slack.

Migrate with confidence and onboard with Datadog Cloud SIEM today

By addressing the challenges of log ingestion and retention complexity, integration gaps, and limited customization, Datadog Cloud SIEM empowers organizations to modernize their approach to log management and quickly onboard their security teams.

Check out our documentation on Cloud SIEM and our detailed guide on getting started to learn more. And if you’re new to Datadog, try it out with a 14-day free trial.