implementing-security-monitoring-with-datadog

Featured

Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection to detect threats, enforce compliance, and respond to security events across cloud and hybrid infrastructure. Covers Agent deployment, log source ingestion, detection rule creation, security dashboards, and automated notification workflows. Activates for requests involving Datadog security setup, Cloud SIEM configuration, CSM threat detection, or security monitoring dashboards.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Security Monitoring with Datadog ## When to Use - Deploying Cloud SIEM to detect real-time threats across cloud infrastructure (AWS, Azure, GCP) - Creating custom detection rules for attacker techniques, credential abuse, or anomalous behavior - Enabling Workload Protection (CSM Threats) to monitor file, process, and network activity on hosts and containers - Meeting compliance requirements (PCI-DSS, SOC 2, HIPAA) that mandate centralized log monitoring and alerting - Building security dashboards to provide SOC visibility into threat signals, investigation context, and response metrics **Do not use** for endpoint-only monitoring without cloud infrastructure; use a dedicated EDR solution for purely on-premises endpoint detection. ## Prerequisites - Datadog account with Security Monitoring (Cloud SIEM) and/or Cloud Security Management enabled - Datadog API Key and Application Key from Organization Settings > API Keys - Datadog Agent v7+ installed on hosts/containers that generate security-relevant logs - Log sources configured for ingestion: AWS CloudTrail, VPC Flow Logs, GuardDuty, Azure Activity Logs, GCP Audit Logs, or on-host logs (auth.log, syslog, Windows Security Events) - Python 3.9+ with `datadog-api-client` library for programmatic rule management - Network access from monitored hosts to Datadog intake endpoints (port 443) ## Workflow ### Step 1: Deploy and Configure the Datadog Agent for Security Install the Datadog Agent and enable security-re...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Google Cloud · Cloud Azure · Cloud Datadog · Monitoring

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

implementing-azure-defender-for-cloud

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

detecting-cloud-threats-with-guardduty

This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

building-cloud-siem-with-sentinel

This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

securing-azure-with-microsoft-defender

This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application protection platform for Azure, multi-cloud, and hybrid environments. It covers enabling Defender plans for servers, containers, storage, and databases, configuring security recommendations, managing Secure Score, and integrating with the unified Defender portal for centralized threat management.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-cloud-trail-log-analysis

Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.

12,642 Updated today
mukul975