Datadog
This integration allows sending all threat notifications to Datadog using the HTTP Logs endpoint.
Steps to set up the Verosint integration with Datadog:
-
Log in to Verosint and navigate to the workspace settings page.
-
Click Add next to the Datadog logo on the Threat Notifications card
-
Fill out the required details
-
URL: The URL of the HTTP Logs intake endpoint. The default value is shown for the
US1region. You can use the linked page to change the region and find the appropriate URL if the default is not acceptable. The full list of intake endpoints (see the above link for the up-to-date list):Region URL US1 https://http-intake.logs.datadoghq.com/api/v2/logsUS3 https://http-intake.logs.us3.datadoghq.com/api/v2/logsUS5 https://http-intake.logs.us5.datadoghq.com/api/v2/logsEU https://http-intake.logs.datadoghq.eu/api/v2/logsAP1 https://http-intake.logs.ap1.datadoghq.com/api/v2/logsUS1-FED https://http-intake.logs.ddog-gov.com/api/v2/logs -
API Key: The API key that is authorized to send logs.
-
Tags: Tags that should be sent with each threat notification (optional).
-
Example Datadog Threat Notification dialog
Testing Notifications
It is recommended to send a test notification to validate that all parameters are set correctly. It will also enable the Datadog administrator to see and configure alerts based on the attributes of the threat notification.
Datadog Attributes Populated In Threat Notifications
| Attribute Name | Value |
|---|---|
ddsource | verosint |
ddtags | source:verosint in addition to the configured tags |
evt.category | threat |
evt.name | Name of the threat such as CREDENTIAL_STUFFING |
evt.outcome | The status of the threat such as STARTED or ENDED |
hostname | api.verosint.com |
message | JSON formatted with the following propertiesurl: the URL of the threat in the Verosint apptimestamp: the timestamp of the threat in the UTC timezonethreat: the details of the threat as a JSON object |
service | verosint |
Updated 3 days ago