Skip to main content
All CollectionsControl Tests
Test: Logs Are Monitored For Suspicious Activity
Test: Logs Are Monitored For Suspicious Activity

Drata inspects the company infrastructure logs to determine that it is configured to monitor web traffic and suspicious activity.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago


BEFORE DIVING IN

At the moment, this test is only supported by Datadog connections. Make sure you have a Datadog Connection with SIEM functionality enabled.

Warning: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature. You can check if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you see the "Cloud SIEM" dashboard. If this product is not enabled, you should disable this test.

HERE'S HOW IT WORKS

This test checks that you're using all 5 supported Detection Rule types in your Datadog Security Notification Rules. You will need to set this section up, as it is a paid Datadog feature. The five rule types Drata will check for coverage across all notification rules are:

  1. Application Security

  2. Log Detection

  3. Cloud Configuration

  4. Infrastructure Configuration

  5. Workload Security

The simplest way to pass this test is to:

  • Navigate to the Notification Rules page.

  • Add a new Notification Rule with the "+ New Notification Rule" button.

  • Add a name and recipient.

  • By default, having one Notification Rule that has all 5 detection rule types selected will pass this test. But you could also split each rule type into a different notification rule.

  • Click the "Save and Activate" button to create the rule.

See more details in our Datadog Connection Details article.

Did this answer your question?