# Datadog {% hint style="info" %} Datadog is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis. {% endhint %} The Dropzone platform integrates with the [Datadog](https://www.datadoghq.com/) security SIEM. Many customers ingest other alert sources into DataDog (e.g. IDPs) and integrate Dropzone into DataDog rather than the source systems. ## Create an API Key and Application Key Datadog requires both an API Key and an Application Key to enable. To obtain an API Key, do the following: * In the bottom left hand corner of your Datadog Dashboard, click on your organization icon * Navigate to Organization Settings > API Keys

Navigate to API Keys

* Click "New Key"

Click "New Key"

* Name your token something memorable, such as "dropzone.ai," then click "Create Key"

Create Key

* Copy the key generated for use later in the Dropzone UI where it is called "API Key," then click "Finish"

Copy the key

To obtain an Application Key, do the following: * In the bottom left hand corner of your Datadog Dashboard, click on your organization icon * Navigate to Organization Settings > Application Keys

Navigate to Application Keys

* Click "New Key"

Click "New Key"

* Name the key something memorable, such as "dropzone.ai," then click "Create Key"

Create Key

* In the "Scope" section, select "Edit"

Edit Scopes

* Assign the key the following scopes, then click "Save": * logs\_read\_data * security\_monitoring\_signals\_read

Assign scopes

* Copy the key generated for use later in the Dropzone UI where it is called "Application Key," then click "Finish"

Copy the key

## Enable Datadog To enable the Data Source integration, you will need the following information: | Dropzone Field | Source | | --------------- | ------------------------------------------------------------------------- | | API Key | The API key value you generated earlier | | Application Key | The Application key value you generated earlier | | Datadog site | The same as your url in Datadog, eg datadoghq.com, us3.datadoghq.com, etc | * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

Integrations Dropdown

* Click "Available"

Click Available

* In the Search bar, search Datadog, then click "Configure"

The Datadog Tile

* Under the Alert Source heading, input the API Key, Application Key, and your Datadog site

The Datadog Alert Source Configuration (pt 1)

* In the "Enabled Severities" section, choose the severity levels of alerts you want Dropzone to investigate * Under "Enabled Sources," check the box for each known Datadog Security Monitoring Signal source you want to retrieve signals for

The Datadog Alert Source Configuration (pt 2)

* In the "Signal Rule Filters" section, you may choose Datadog [security signal names](https://docs.datadoghq.com/security/application_security/security_signals/#signals-explorer-columns) to include/exclude from searches. To do so, click "Add Item," then input the signals you wish to filter. Under "Rule Filter Mode," select whether to include or exclude those signals from investigation

The Datadog Alert Source Configuration (pt 3)

* In the "Excluded Tags," you may exclude [tags](https://docs.datadoghq.com/getting_started/tagging/) from analysis. To do so, click "Add Item," then input the tag Field Name (or "Key") and Value. Continue adding tags until done

The Datadog Alert Source Configuration (pt 4)

* Input your desired log ingestion delay, poll interval and lookback

The Datadog Alert Source Configuration (pt 5)

* Click "Test & Save" to finish If you have any errors engage your Dropzone AI support representative.