At the moment, this test is only supported by Datadog connections. Make sure you have a Datadog Connection with SIEM functionality enabled.
Warning Note: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature. You can check if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you see the "Cloud SIEM" dashboard. If this product is not enabled, you should disable this test.
How the test works
This test verifies that your Datadog Security Notification Rules include at least one of the four supported Signal Detection Rule types. Because this is a paid Datadog feature, you’ll need to configure it before the test can run successfully.
Drata checks for the following rule types:
Application Security
Log Detection
Workload Security
Signal Correlation
How to pass the test
To pass the test, create at least one Notification Rule with a supported detection rule type.
Go to the Notification Rules page.
Select + New Notification Rule.
Enter a name for your rule.
In Step 1, select Signal as the rule type.
Choose at least one supported detection rule type.
By default, this test passes if you have a Notification Rule that includes at least one supported detection rule type.
In Step 2, configure severity levels and attributes.
In Step 3, add a recipient.
Select Save and Activate.
See more details in our Datadog Connection Details article.