[DOCS-11525] Update Cloud SIEM landing page #30784
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
✅ Documentation Team ReviewThe documentation team has approved this pull request. Thank you for your contribution! |
Contributor
Preview links (active after the
|
maycmlee
commented
Jul 29, 2025
jnhunsberger
requested changes
Jul 30, 2025
| Effective security response requires speed, context, insight, and automation. By continuously analyzing incoming data, Cloud SIEM detects threats, generates actionable security signals, and correlates those signals across multiple sources. This empowers your team to investigate incidents and respond quickly. | ||
|
|
||
| Threats are surfaced in Datadog as Security Signals and can be correlated and triaged in the [Security Signals Explorer][1]. Security Signals are generated by Datadog Cloud SIEM with [Detection Rules][2]. Detection Rules detect threats across different sources and are available out of the box for immediate use. You can clone any of the provided detection rules to change the configuration. You can also add a [new rule][3] from scratch to fit your specific use case. | ||
| To keep your team on top of the latest attacks, Datadog also has a team of threat researchers who analyze petabytes of telemetry across cloud and on-premises systems to identify emerging threats and attacker behaviors. See Datadog Security Labs to read articles about their recent investigations. |
Contributor
There was a problem hiding this comment.
Need a link for "Datadog Security Labs": https://securitylabs.datadoghq.com/
maycmlee
commented
Jul 30, 2025
maycmlee
commented
Jul 30, 2025
|
|
||
| Cloud SIEM embeds both cloud and on-premises telemetry directly into security workflows to accelerate investigation and response. And with a shared platform that brings DevOps and Security teams together, organizations can break down silos and respond to threats collaboratively and efficiently. | ||
|
|
||
| ### Flexible cost control |
Contributor
Author
There was a problem hiding this comment.
@jnhunsberger What do you think about changing this title to Scalable security logs cost control or Cost-efficient security logs ingestion?
maycmlee
commented
Jul 30, 2025
maycmlee
commented
Jul 30, 2025
maycmlee
commented
Jul 31, 2025
|
|
||
| ### Log search and analysis | ||
|
|
||
| Build searches in the Log Explorer using facets or by clicking fields directly in the logs. Or use Bits AI and natural language search to find important security events. With built-in group-by and table lookup functions as well as pattern analysis and visualizations, security teams can get security insights from their data. See [Log Search Syntax][10] for more information. |
Contributor
Author
There was a problem hiding this comment.
@jnhunsberger Should we link to the Log Explorer doc as well? https://docs.datadoghq.com/logs/explorer/
jnhunsberger
reviewed
Aug 1, 2025
Contributor
jnhunsberger
left a comment
jnhunsberger
left a comment
There was a problem hiding this comment.
Left several comments
|
|
||
| ### Log search and analysis | ||
|
|
||
| Build searches in the Log Explorer using facets or by clicking fields directly in the logs. Or use Bits AI and natural language search to find important security events. With built-in group-by and table lookup functions as well as pattern analysis and visualizations, security teams can get security insights from their data. See [Log Search Syntax][10] for more information. |
|
|
||
| ## Cloud SIEM Overview page | ||
|
|
||
| Navigate to the [Cloud SIEM Overview dashboard][3]. Use this dashboard to see key security insights and act on common workflows for security analysts, security and detection engineers, and Security Operations Center (SOC) managers. From the Overview page, you can: |
Contributor
There was a problem hiding this comment.
The overview page is not a dashboard per se. I recommend changing the two references to dashboard to page.
| - Complete onboarding tasks and review content‑pack health. | ||
| - View and investigate top signals by geography or ISP. | ||
| - Analyze signals and rules by MITRE ATT&CK tactics. | ||
| - Track detection performance (MTTD, false‑positive rates). |
Contributor
There was a problem hiding this comment.
should we spell out MTTD (mean time to detect)?
estherk15
approved these changes
Aug 4, 2025
Contributor
estherk15
left a comment
estherk15
left a comment
There was a problem hiding this comment.
Mostly formatting suggestions, all optional!
| Navigate to the [Cloud SIEM Overview page][3]. Use this page to see key security insights and act on common workflows for security analysts, security and detection engineers, and Security Operations Center (SOC) managers. From the Overview page, you can: | ||
| - Access important signals, open cases, and high-risk entities. | ||
| - Complete onboarding tasks and review content‑pack health. | ||
| - View and investigate top signals by geography or ISP. |
Contributor
There was a problem hiding this comment.
Does ISP need to be spelled out or is it a standard acronym in Security?
|
|
||
| See the [Getting Started Guide][4] for more detailed setup instructions. | ||
|
|
||
| ## Cloud SIEM Overview page |
Contributor
There was a problem hiding this comment.
May be outside the scope of this, but I think this could be it's own page if you're going to give a thorough breakdown.
Contributor
Author
There was a problem hiding this comment.
Yes, I was thinking maybe after the full restructure, we could think about moving this to its own page.
Contributor
There was a problem hiding this comment.
Let's save that for a separate effort. I would like to get this out as is.
| ## Overview | ||
|
|
||
| Datadog Cloud SIEM (Security Information and Event Management) unifies developer, operation, and security teams on one platform. Use a single dashboard to display DevOps content, business metrics, and security insights. Cloud SIEM detects threats to your applications and infrastructure, such as targeted attacks, communications from threat intel-listed IP addresses, and insecure configurations, in real time. Notify your team of these security issues by email, Slack, Jira, PagerDuty, or webhooks. | ||
| Datadog Cloud SIEM (Security Information and Event Management) is a security data analysis and correlation system. It enables your entire security operations team to view, detect, investigate, and respond to security issues. Leveraging Datadog's scalable platform, Cloud SIEM ingests telemetry from both cloud and on‑premises systems using the Datadog Agent and API-based integrations. |
Contributor
There was a problem hiding this comment.
Suggested change
| Datadog Cloud SIEM (Security Information and Event Management) is a security data analysis and correlation system. It enables your entire security operations team to view, detect, investigate, and respond to security issues. Leveraging Datadog's scalable platform, Cloud SIEM ingests telemetry from both cloud and on‑premises systems using the Datadog Agent and API-based integrations. | |
| Datadog Cloud SIEM (Security Information and Event Management) is a security data analysis and correlation system. It enables your entire security operations team to view, detect, investigate, and respond to security issues. Leveraging Datadog's scalable platform, Cloud SIEM ingests telemetry from both cloud and on‑premises systems through the Datadog Agent and API-based integrations. |
maycmlee
commented
Aug 4, 2025
Co-authored-by: Esther Kim <[email protected]>
jnhunsberger
requested changes
Aug 7, 2025
Contributor
jnhunsberger
left a comment
jnhunsberger
left a comment
There was a problem hiding this comment.
One sentence to be changed and a few comments in response to questions.
|
|
||
| ### Security and observability | ||
|
|
||
| Cloud SIEM embeds both cloud and on-premises telemetry directly into security workflows to accelerate investigation and response. And with a shared platform that brings DevOps and Security teams together, organizations can break down silos and respond to threats collaboratively and efficiently. |
Contributor
There was a problem hiding this comment.
I would like to keep this copy. It makes specific points about cloud/on-prem and bringing DevOps and Security together which are not directly covered in the Overview section.
|
|
||
| See the [Getting Started Guide][4] for more detailed setup instructions. | ||
|
|
||
| ## Cloud SIEM Overview page |
Contributor
There was a problem hiding this comment.
Let's save that for a separate effort. I would like to get this out as is.
maycmlee
requested review from
jnhunsberger
and removed request for
jnhunsberger
jnhunsberger
approved these changes
Aug 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
Additional notes