Skip to content

Datadog

Datadog

About

Datadog is a monitoring and analytics tool for information technology (IT) and DevOps teams that can be used to determine performance metrics as well as event monitoring for infrastructure and cloud services. The software can monitor services such as servers, databases and tools.

Product Details

Vendor URL: Datadog

Product Type: Data Security

Product Tier: Tier II

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: JSON

Expected Normalization Rate: near 100%

Data Label: DATADOG

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
message metadata.description
date metadata.event_timestamp
"Datadog" metadata.vendor_name
"Datadog" metadata.product_name
attributes.message_type metadata.product_event_type
_id metadata.product_log_id
attributes.http.method network.http.method
attributes.http.useragent network.http.user_agent
attributes.http.url network.http.referral_url
attributes.http.status_code network.http.response_code
attributes.request_size network.sent_bytes
attributes.ssl_cipher network.tls.cipher
source principal.asset.category
service principal.application
attributes.client principal.ip
host principal.hostname
attributes.server_name target.hostname
upstream_ip src.ip
upstream_ip src.port
attributes.HOSTNAME intermediary.hostname
attributes.logger_name intermediary.application
attributes.vin principal.process.pid
attributes.region principal.asset.location.country_or_region
attributes.mqtt_host principal.asset.asset_id
attributes.@version principal.asset.software.version
attributes.level_value security_result.action_details
attributes.reason security_result.description
status security_result.severity
tags security_result.category_details
jwt_aud additional.fields
topic additional.fields
payload additional.fields
attributes.bytes_written additional.fields
attributes.thread_name additional.fields

Product Event Types

Product Event Description UDM Event
All All events GENERIC_EVENT

Log Sample

{"date":"2022-06-24T14:30:29.143Z","service":"princ_application","host":"hostname1","attributes":{"server_name":"hostname2","upstream_x_request_id":"-","ssl_cipher":"cipher","upstream_time":0.008,"client_system_name":"name","jwt_aud":"token","proxy_name":"proxy_name","date_access":"24/Jun/2022:14:30:28 +0000","duration":0.006,"bytes_written":"9","upstream_status":"200","retry_count":"-","cmd_relay_client_id":"relayId","http":{"status_code":200,"method":"POST","useragent":"agent","url":"url"},"client":"10.218.171.254","CorrelationId":"correlationID","request_size":"25842","upstream_ip":"10.97.196.29:8090"},"_id":"logid","source":"asset","status":"info","tags":["tag1","tag2","tag3"]}

Sample Parsing

metadata.product_log_id = "logid"
metadata.event_timestamp = 1656081029
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Datadog"
metadata.product_name = "Datadog"
additional.fields.bytes_written = "9"
additional.fields.jwt_aud = "token"
principal.hostname = "hostname1"
principal.ip = "10.218.171.254"
principal.asset.category = "asset"
principal.application = "princ_application"
src.ip = "10.97.196.29"
src.port = "8090"
target.hostname = "hostname2"
target.cloud.project.attributes.labels.correlationId = "correlationID"
target.cloud.project.attributes.labels.cmd_relay_client_id = "relayId"
target.cloud.project.attributes.labels.proxy_name = "proxy_name"
target.cloud.project.attributes.labels.client_system_name = "name"
security_result.category_details = "tag1"
security_result.category_details = "tag2"
security_result.category_details = "tag3"
security_result.severity = INFORMATIONAL
network.sent_bytes = "25842"
network.http.method = "POST"
network.http.referral_url = "url"
network.http.user_agent = "agent"
network.http.response_code = 200
network.tls.cipher = "cipher"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon