Improving Cloud Security Visibility with ChatOps

Datadog has developed a robust serverless security monitoring and alerting pipeline for its operations in AWS cloud. The company uses CloudTrail to log all AWS API calls across multiple accounts, then narrows the focus by categorizing specific API calls into severity levels of log, notify, and alert. A centralized security orchestration framework integrates with Slack, Duo, and PagerDuty for notifications, authentication, and alerts. The pipeline architecture includes a Cloudwatch Event Rule that triggers an SNS Topic, which in turn sends the API call data to an SQS queue within the security AWS account. A lambda function processes the data from the SQS queue and interacts with Komand, a security orchestration and automation platform, for further processing and decision-making. The pipeline is monitored using Datadog, providing meaningful data and actionable intelligence to the security team.