Skip to main content

Test: Logs Are Monitored For Suspicious Activity

Drata inspects the company infrastructure logs to determine that it is configured to monitor web traffic and suspicious activity.

Updated this week

At the moment, this test is only supported by Datadog connections. Make sure you have a Datadog Connection with SIEM functionality enabled.

Warning Note: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature. You can check if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you see the "Cloud SIEM" dashboard. If this product is not enabled, you should disable this test.

How the test works

This test verifies that your Datadog Security Notification Rules include at least one of the four supported Signal Detection Rule types. Because this is a paid Datadog feature, you’ll need to configure it before the test can run successfully.

Drata checks for the following rule types:

  • Application Security

  • Log Detection

  • Workload Security

  • Signal Correlation

How to pass the test

To pass the test, create at least one Notification Rule with a supported detection rule type.

  1. Go to the Notification Rules page.

  2. Select + New Notification Rule.

  3. Enter a name for your rule.

  4. In Step 1, select Signal as the rule type.

    • Choose at least one supported detection rule type.

      • By default, this test passes if you have a Notification Rule that includes at least one supported detection rule type.

  5. In Step 2, configure severity levels and attributes.

  6. In Step 3, add a recipient.

  7. Select Save and Activate.

See more details in our Datadog Connection Details article.

Did this answer your question?