Detect security threats with anomaly detection rules
Datadog Cloud SIEM introduces anomaly detection rules to enhance threat detection in modern cloud infrastructure. This method analyzes relevant logs for specific entities like hosts and IP addresses, identifying historical trends and baseline behavior. When deviations from the baseline are detected, a Security Signal is created with a timeseries graph to illustrate the event, allowing users to triage and take necessary action. Anomaly detection rules dynamically generate thresholds based on historical behavior, making it easier to monitor unusual activity across various events like unique API calls or access-denied requests. Datadog generates Security Signals when anomalies are detected, providing key event data for further investigation. These signals remain open until the anomalous behavior ceases or reaches a specified maximum signal duration.
Company
Datadog
Date published
Aug. 18, 2021
Author(s)
Jordan Obey, Justin Massey
Word count
605
Language
English
Hacker News points
None found.