Datadog
Last updated
Was this helpful?
Last updated
Was this helpful?
This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Datadog.
Datadog is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis.
The Dropzone platform integrates with the Datadog security SIEM. Many customers ingest other alert sources into DataDog (e.g. IDPs) and integrate Dropzone into DataDog rather than the source systems.
Datadog requires both an API Key and an Application Key to enable.
To obtain an API Key, do the following:
In the bottom left hand corner of your Datadog Dashboard, click on your organization icon
Navigate to Organization Settings > API Keys
Click "New Key"
Name your token something memorable, such as "dropzone.ai," then click "Create Key"
Copy the key generated for use later in the Dropzone UI where it is called "API Key," then click "Finish"
To obtain an Application Key, do the following:
In the bottom left hand corner of your Datadog Dashboard, click on your organization icon
Navigate to Organization Settings > Application Keys
Click "New Key"
Name the key something memorable, such as "dropzone.ai," then click "Create Key"
In the "Scope" section, select "Edit"
Assign the key the following scopes, then click "Save":
logs_read_data
security_monitoring_signals_read
Copy the key generated for use later in the Dropzone UI where it is called "Application Key," then click "Finish"
To enable the Data Source integration, you will need the following information:
API Key
The API key value you generated earlier
Application Key
The Application key value you generated earlier
Datadog site
The same as your url in Datadog, eg datadoghq.com, us3.datadoghq.com, etc
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Available"
In the Search bar, search Datadog, then click "Configure"
Under the Data Source heading, input the API Key, Application Key, and your Datadog site
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
To enable the Data Source integration, you will need the following information:
API Key
The API key value you generated earlier
Application Key
The Application key value you generated earlier
Datadog site
The same as your url in Datadog, eg datadoghq.com, us3.datadoghq.com, etc
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Available"
In the Search bar, search Datadog, then click "Configure"
Under the Alert Source heading, input the API Key, Application Key, and your Datadog site
Under "Excluded Titles", you may choose Datadog signal titles to exclude from searches
Under "Enabled Severities", check the box for each known Datadog Security Monitoring Signal source you want to retrieve signals for
Input your desired Poll interval and lookback
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
