BEFORE DIVING IN
At the moment, this test is only supported for Datadog connections. Make sure you have a Datadog connection with SIEM functionality enabled.
Warning: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature.
You can verify if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you can view the "Cloud SIEM" dashboard. If this feature is not enabled, you should disable this test.
HERE'S HOW IT WORKS
This test verifies that you're using all 5 supported Detection Rule types in your Datadog Security Notification Rules. You will need to set this section up, as it is a paid Datadog feature.
The five detection rule types Drata will check for coverage across all notification rules are:
Log Detection
Workload Security
Cloud Configuration
Infrastructure Configuration
Application Security
The simplest way to pass this test is to:
Navigate to the Notification Rules page.
Select "+ New Notification Rule" button to add a new rule.
Enter a name and recipient.
Create Notification Rules that include all five detection rule types.
By default, a single Notification Rule covering all five detection rule types will pass this test. However, you can also assign each rule type to a separate Notification Rule if preferred.
Select "Save and Activate" button to create the rule.
Refer to Datadog Connection Details article for more information