Skip to main content
All CollectionsMonitoringTests
Test: Logs Are Monitored For Suspicious Activity
Test: Logs Are Monitored For Suspicious Activity

Drata inspects the company infrastructure logs to determine that it is configured to monitor web traffic and suspicious activity.

Updated yesterday

BEFORE DIVING IN

At the moment, this test is only supported for Datadog connections. Make sure you have a Datadog connection with SIEM functionality enabled.

Warning: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature.

  • You can verify if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you can view the "Cloud SIEM" dashboard. If this feature is not enabled, you should disable this test.

HERE'S HOW IT WORKS

This test verifies that you're using all 5 supported Detection Rule types in your Datadog Security Notification Rules. You will need to set this section up, as it is a paid Datadog feature.

The five detection rule types Drata will check for coverage across all notification rules are:

  1. Log Detection

  2. Workload Security

  3. Cloud Configuration

  4. Infrastructure Configuration

  5. Application Security

The simplest way to pass this test is to:

  • Navigate to the Notification Rules page.

  • Select "+ New Notification Rule" button to add a new rule.

  • Enter a name and recipient.

  • Create Notification Rules that include all five detection rule types.

    • By default, a single Notification Rule covering all five detection rule types will pass this test. However, you can also assign each rule type to a separate Notification Rule if preferred.

  • Select "Save and Activate" button to create the rule.

Refer to Datadog Connection Details article for more information

Did this answer your question?