Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • Datadog
  • Create an API Key and Application Key
  • Enable the Dropzone Data Source Integration
  • Enable the Dropzone Alert Source Integration

Was this helpful?

  1. Dropzone Integrations
  2. Alert + Data Source Integrations

Datadog

PreviousCrowdStrikeNextElasticsearch

Last updated 3 months ago

Was this helpful?

Datadog

This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Datadog.

Datadog is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis.

The Dropzone platform integrates with the security SIEM. Many customers ingest other alert sources into DataDog (e.g. IDPs) and integrate Dropzone into DataDog rather than the source systems.

Create an API Key and Application Key

Datadog requires both an API Key and an Application Key to enable.

To obtain an API Key, do the following:

  • In the bottom left hand corner of your Datadog Dashboard, click on your organization icon

  • Navigate to Organization Settings > API Keys

  • Click "New Key"

  • Name your token something memorable, such as "dropzone.ai," then click "Create Key"

  • Copy the key generated for use later in the Dropzone UI where it is called "API Key," then click "Finish"

To obtain an Application Key, do the following:

  • In the bottom left hand corner of your Datadog Dashboard, click on your organization icon

  • Navigate to Organization Settings > Application Keys

  • Click "New Key"

  • Name the key something memorable, such as "dropzone.ai," then click "Create Key"

  • In the "Scope" section, select "Edit"

  • Assign the key the following scopes, then click "Save":

    • logs_read_data

    • security_monitoring_signals_read

  • Copy the key generated for use later in the Dropzone UI where it is called "Application Key," then click "Finish"

Enable the Dropzone Data Source Integration

To enable the Data Source integration, you will need the following information:

Dropzone Field
Source

API Key

The API key value you generated earlier

Application Key

The Application key value you generated earlier

Datadog site

The same as your url in Datadog, eg datadoghq.com, us3.datadoghq.com, etc

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • Click "Available"

  • In the Search bar, search Datadog, then click "Configure"

  • Under the Data Source heading, input the API Key, Application Key, and your Datadog site

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Enable the Dropzone Alert Source Integration

To enable the Data Source integration, you will need the following information:

Dropzone Field
Source

API Key

The API key value you generated earlier

Application Key

The Application key value you generated earlier

Datadog site

The same as your url in Datadog, eg datadoghq.com, us3.datadoghq.com, etc

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • Click "Available"

  • In the Search bar, search Datadog, then click "Configure"

  • Under the Alert Source heading, input the API Key, Application Key, and your Datadog site

  • Under "Excluded Titles", you may choose Datadog signal titles to exclude from searches

  • Under "Enabled Severities", check the box for each known Datadog Security Monitoring Signal source you want to retrieve signals for

  • Input your desired Poll interval and lookback

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Datadog
Navigate to API Keys
Click "New Key"
Create Key
Copy the key
Navigate to Application Keys
Click "New Key"
Create Key
Edit Scopes
Assign scopes
Copy the key
Integrations Dropdown
Click Available
The Datadog Tile
Fill out the Data Source details
Integrations Dropdown
Click Available
The Datadog Tile
Fill out the Alert Source details (pt 1)
Fill out the Alert Source details (pt 2)