To integrate Datadog and perform searches with Query:
- Generate Datadog API Key and Application Key from your Datadog's Organization Settings
- Using above values, configure connection to Datadog from your Go Query interface
- Perform searches using the new connection
Datadog is an application monitoring and security platform that collects and bring together logs, metrics, and security events from your environment. If you are using Datadog, you can now query logs and events from your tenant.
Login to Datadog and go to
Organization Settings -> API Keys page to get a key that Query can use. Note that Datadog will provide you with separate KEY ID and KEY. Ensure that you use the KEY and not the KEY ID.
Next, go to
Organization Settings -> Application Keys page to get an application key that Query can use. Note that Datadog will provide you with separate KEY ID and KEY. Ensure that you use the KEY and not the KEY ID.
For querying Events from Datadog, as of writing, you have to contact your Datadog support (via a support ticket) to enable the Events API (beta) feature in your tenant. This step is needed only if your use-case needs querying Events from Datadog. This step is not needed, if you are just querying Logs.
Connections page in Query, add a new connection to Datadog, providing your Datadog tenant's URL, along with the API and Application keys obtained above.
You can search for any device's logs by the device's hostname.
Search results will contain:
- Events from Datadog Service Management. These get mapped to Security Finding in Query's OCSF schema.
- Logs from Datadog. These get mapped to Process Activity in Query's OCSF schema.
Please refer to Datadog Documentation here on Key Management https://docs.datadoghq.com/account_management/org_settings/
Updated 3 months ago