惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Datadog | The Monitor blog

Reduce CVE noise with OpenVEX assessments in Datadog How we made a SQL query optimization agent 59% more accurate using autoresearch and LLM Observability How to audit and clean up monitors effectively Diagnose slow PostgreSQL queries faster with explain plan correlation Explore Datadog metrics with Natural Language Queries Toto 2.0: Time series forecasting enters the scaling era Simplify micro-frontend observability with Datadog RUM Attribute AI costs across providers with Datadog Cloud Cost Management Diagnose and resolve database performance issues faster with Database Investigator Datadog for Government achieves FedRAMP® High certification Analyze cloud costs with flexible spreadsheets in Datadog Sheets Inside Datadog’s AI Research Lab: Meet two PhD candidates behind Toto Connect triage and investigation in a single workflow with Datadog Cloud SIEM This Month in Datadog - April 2026 Monitor and optimize Supabase query performance with Datadog Database Monitoring Add dynamically updating context to logs with Reference Tables and Observability Pipelines Introducing ARFBench: A time series question-answering benchmark based on real incidents The product signal latency gap slowing your growth Test network paths with TCP, UDP, and ICMP in Datadog Turn developer feedback into operational insight with Datadog Forms and Sheets How to investigate cloud credential compromise with Bits AI Security Analyst Evaluate, optimize, and secure your Google Cloud AI stack with Datadog Bringing observability data hosting to the UK on AWS Steganography at scale: Embedding share URLs in Datadog widget screenshots Identify and fix code issues faster with Datadog’s Azure DevOps Source Code integration Every team should be A/B testing Centralize observability management with Datadog Governance Console Route OTel data from AI apps to ClickHouse and Datadog using Observability Pipelines Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions with Datadog IaC Security Manage service tracing across hosts with Single Step Instrumentation rules Offline evaluation for AI agents: Best practices Detect runtime threats in Python Lambda functions with Datadog AAP Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API How we built a real-world evaluation platform for autonomous SRE agents at scale Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure When upserts don't update but still write: Debugging Postgres performance at scale Annotate traces to improve LLM quality with Datadog LLM Observability What's new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog's platform in the AI age: The role of observability data Closing the verification loop: Observability-driven harnesses for building with agents Closing the verification loop, Part 2: Fully autonomous optimization When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Designing MCP tools for agents: Lessons from building Datadog's MCP server Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Fine-tune Toto for turbocharged forecasts Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog How we reduced the size of our Agent Go binaries by up to 77% Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage
Automate Cloud SIEM investigations with Bits AI Security Analyst
2025-06-10 · via Datadog | The Monitor blog
Vera Chan

Vera Chan

Ron Feldman

Ron Feldman

Rex Guo

Rex Guo

Security analysts face unprecedented challenges in today’s cloud landscape. Security operations center (SOC) teams are chronically understaffed, and cybersecurity threats are skyrocketing—further intensified by GenAI-driven attacks. High false positive rates add to this strain, fueling alert fatigue and delaying the detection of real threats. These hurdles make it harder for analysts to keep pace, which ultimately drives up mean time to resolution (MTTR).

Datadog Cloud SIEM has continually evolved to help SOC teams meet these challenges with powerful investigative capabilities, including:

Bits AI Security Analyst, announced in Preview in June 2025, is now generally available. Bits AI has investigated tens of thousands of security alerts for Preview customers, saving hundreds of person-years of manual investigation time. It autonomously triages Datadog Cloud SIEM signals, conducts in-depth investigations of potential threats, and delivers clear, actionable recommendations without human prompting.

This is one of three AI agents, each designed to support cross-functional roles across security, SRE, and development. Since its launch, Bits AI has expanded its capabilities to support DevOps by investigating alerts, managing incidents, resolving coding errors, and more. With Bits AI Security Analyst, we’re taking Cloud SIEM to the next level by fundamentally transforming how security teams investigate and resolve security signals.

Let’s take a closer look at how Bits AI Security Analyst works.

Autonomous Cloud SIEM triage

Bits AI asynchronously investigates SIEM signals across the following attack surfaces and sources (additional surfaces and source coverage coming soon):

CategoryTools / Services
Cloud Control PlaneAWS CloudTrail, Azure, GCP, Kubernetes
IdentityOkta, Entra ID, Google Workspace
SaaS and CollaborationMS365, Google Workspace
Dev ToolsGitHub, Snowflake
Endpoint Detection and Response (EDR)SentinelOne
EmailUser-reported phishing

Each investigated signal is clearly marked with a dedicated facet, allowing you to filter the Cloud SIEM Signals list or trigger targeted notifications. To view a finding, just click the signal in the list or notification to open the Bits AI investigation side panel. In the following screenshot, Bits AI automatically investigated actions taken by an authorized Okta administrator, without human intervention.

Datadog Bits AI security analyst for Okta phishing.

In-depth, evidence-based investigations

Bits AI Security Analyst draws on the expertise of Datadog’s internal Security and Security Research teams. Using the MITRE ATT&CK framework as a foundation, the agent methodically plans and executes each step of its investigation, adapting its approach based on observed evidence. It also expertly pivots between indicators of compromise (IOCs) and pulls in relevant data from across the Datadog platform by querying historical signals and logs, linking to those queries, and providing clear, contextual analysis.

After completing its investigation, Bits AI provides one of the following verdict recommendations:

  • Benign: No security concern detected
  • Suspicious: Requires further investigation

In the following screenshot, Bits AI Security Analyst investigated endpoint alerts, classified them as benign based on historical patterns of legitimate Kafka operations, and surfaced all of that context as part of its in-depth analysis.

Datadog Bits AI security analyst for EDR.

Bits AI Security Analyst will provide the same detailed analysis for suspicious activity, such as user-reported phishing attempts. As seen in the example signal below, it confirmed that a reported email was worth investigating further based on activity consistent with common phishing tactics.

Datadog Bits AI security analyst for user reported phishing.

The agent’s reasoning at each step of its investigation and its final conclusions are thoroughly evaluated for reliability. Bits AI Security Analyst has been rigorously tested against historical datasets containing both benign and malicious signals to ensure its efficacy—and we’re continuously refining its accuracy over time.

Once you review a security signal, you can archive it, declare an incident for further investigation, edit suppressions, or run a workflow. Each option gives you a different way to respond, from archiving benign activity to automatically remediating the issue. For example, you can suspend a user flagged as suspicious by Bits AI Security Analyst by running a workflow directly from within the security signal.

Cloud SIEM showing actions you can take on a signal.

Automate investigations with Bits AI Security Analyst

Bits AI Security Analyst is now generally available. Activate it in-app to get started or explore the documentation to learn more.

New to Datadog? Start a free 14-day trial to take advantage of autonomous Cloud SIEM investigations.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。