Datadog

Datadog is the essential monitoring and security platform for cloud applications. It brings together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable. These capabilities help businesses secure their systems, avoid downtime, and ensure customers are getting the best user experience.

Integration with LogicHub

Connecting with Datadog

To connect to Datadog following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • App Key: App Key created in Datadog for this instance.
  • API Key: API key required for authentication to Datadog.

Actions with Datadog

Get Security Signals

Fetches security signals that match a search query.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Query: Jinja templated text containing search query for listing security signals (Default is '*'). Example: host:{{column_name}}
  • Sort: Sort order for the results. (Default is Chronological)
  • Limit: Limits the number of rows from the search. (Default is 100000)
  • Start time: Jinja templated, ISO formatted minimum timestamp for requested security signals. Default is execution start time. Example: 2019-09-26T07:58:30.996+02:00
  • End time: Jinja templated, ISO formatted maximum timestamp for requested security signals. Default is execution end time. Example: 2019-09-26T07:58:30.996+02:00

Output of Action
Multiple rows, each containing json object of Security Signal.

{
   "attributes":{
      "attributes":{
         "entities":[
            "@network.client.ip:172.17.0.1",
            "host:ubuntu"
         ],
         "groupByPaths":[
            "host"
         ],
         "http":{
            "method":"GET",
            "referer":"-",
            "status_code":200,
            "url_details":{
               "path":"/"
            },
            "useragent_details":{
               "browser":{
                  "family":"curl"
               },
               "device":{
                  "family":"Other"
               },
               "os":{
                  "family":"Other"
               }
            }
         },
         "network":{
            "client":{
               "ip":"172.17.0.1"
            }
         },
         "queries":[
            {
               "groupByPaths":[
                  "host"
               ],
               "query":"@http.status_code:200"
            }
         ],
         "relatedLogsQuery":{
            "from":"2021-02-16T08:05:07.000Z",
            "query":"@http.status_code:200 host:\"ubuntu\"",
            "to":"2021-02-17T08:20:07.000Z"
         },
         "samples":[
            {
               "content":{
                  "custom":{
                     "date_access":1613463607000,
                     "http":{
                        "method":"GET",
                        "referer":"-",
                        "status_category":"OK",
                        "status_code":200,
                        "url":"/",
                        "url_details":{
                           "path":"/"
                        },
                        "useragent":"curl/7.68.0",
                        "useragent_details":{
                           "browser":{
                              "family":"curl",
                              "major":"7",
                              "minor":"68",
                              "patch":"0"
                           },
                           "device":{
                              "category":"Other",
                              "family":"Other"
                           },
                           "os":{
                              "family":"Other"
                           }
                        },
                        "version":"1.1"
                     },
                     "network":{
                        "bytes_written":5,
                        "client":{
                           "ip":"172.17.0.1"
                        }
                     }
                  },
                  "host":"ubuntu",
                  "host_id":3881504510,
                  "ingest_size_in_bytes":329,
                  "message":"172.17.0.1 - - [16/Feb/2021:08:20:07 +0000] \"GET / HTTP/1.1\" 200 5 \"-\" \"curl/7.68.0\"",
                  "service":"webapp",
                  "source":"nginx",
                  "status":"ok",
                  "tags":[
                     "docker_image:datadog-ngix:latest",
                     "short_image:datadog-ngix",
                     "source:nginx",
                     "container_name:nginx",
                     "container_id:7c7325c142c880141ec3e31ad4bbfe8ae8815f902ced70635903ebfbdc50a708",
                     "image_tag:latest",
                     "image_name:datadog-ngix",
                     "service:webapp"
                  ],
                  "tiebreaker":-1157172501,
                  "timestamp":"2021-02-16T08:20:07.000Z"
               },
               "eventId":"AQAAAXep7NbYuwby6wAAAABBWGVwN05qNEFBQkZSajBTM25FYmlRQUE",
               "id":"AXep7Nj4AABFRj0S3nEbiQAA",
               "queryIndex":0,
               "trackKey":{
                  "orgId":536355,
                  "type":"logs"
               }
            }
         ],
         "title":"200 - case 2",
         "workflow":{
            "events_matched":1,
            "first_seen":"2021-02-16T08:20:07.000Z",
            "last_seen":"2021-02-16T08:20:07.000Z",
            "rule":{
               "detectionMethod":"threshold",
               "id":"dfn-nuv-z2j",
               "name":"200",
               "type":"Log Detection",
               "version":1
            }
         }
      },
      "host":"ubuntu",
      "message":"%%%\n200\n%%%",
      "service":[
         "webapp"
      ],
      "status":"critical",
      "tags":[
         "source:nginx",
         "docker_image:datadog-ngix:latest",
         "short_image:datadog-ngix",
         "source:nginx",
         "container_name:nginx",
         "container_id:7c7325c142c880141ec3e31ad4bbfe8ae8815f902ced70635903ebfbdc50a708",
         "image_tag:latest",
         "image_name:datadog-ngix",
         "service:webapp"
      ],
      "timestamp":"2021-02-16T08:20:11.188Z"
   },
   "error":null,
   "has_error":false,
   "id":"AQAAAXep7Oc0AAAAAAAAAABkZm4tbnV2LXoyai0xLUFYZXA3Tmo0QUFCRlJqMFMzbkViaVFBQQ",
   "type":"signal"
}

Search Logs

Fetches logs that match a log search query.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Query: Jinja templated text containing search query for listing security signals (Default is '*'). Example: host:{{column_name}}
  • Index: Jinja templated text containing comma separated indices for logs (Default is '*'). Example: {{column_name}}
  • Sort: Sort order for the results. (Default is Chronological)
  • Limit: Limits the number of rows from the search. (Default is 100000)
  • Start time: Jinja templated, ISO formatted minimum timestamp for requested security signals. Default is execution start time. Example: 2019-09-26T07:58:30.996+02:00
  • End time: Jinja templated, ISO formatted maximum timestamp for requested security signals. Default is execution end time. Example: 2019-09-26T07:58:30.996+02:00

Output of Action
Multiple rows, each containing JSON log object.

{
   "attributes":{
      "attributes":{
         "hostname":"fa1e1e739d95"
      },
      "host":"fa1e1e739d95",
      "message":"hello world",
      "status":"info",
      "tags":[
         "source:agent",
         "env:prod",
         "env:prod",
         "user:joe.doe",
         "source:agent"
      ],
      "timestamp":"2021-02-16T02:30:46.022Z"
   },
   "error":null,
   "has_error":false,
   "id":"AQAAAXeorQAGojnJQQAAAABBWGVvclFBR0FBQlN1SEhvQmNsZDhBQUE",
   "type":"log"
}

Did this page help you?