BEFORE DIVING IN
At the moment, this test is only supported by Datadog connections. Make sure you have a Datadog Connection with SIEM functionality enabled.
Warning: This test depends on the Datadog Cloud Security Platform product, which is a paid Datadog feature. You can check if you have this feature enabled by navigating to https://app.datadoghq.com/security/home and verifying that you see the "Cloud SIEM" dashboard. If this product is not enabled, you should disable this test.
HERE'S HOW IT WORKS
This test checks that you're using all 5 supported Detection Rule types in your Datadog Security Notification Rules. You will need to set this section up, as it is a paid Datadog feature. The five rule types Drata will check for coverage across all notification rules are:
Application Security
Log Detection
Cloud Configuration
Infrastructure Configuration
Workload Security
The simplest way to pass this test is to:
Navigate to the Notification Rules page.
Add a new Notification Rule with the "+ New Notification Rule" button.
Add a name and recipient.
By default, having one Notification Rule that has all 5 detection rule types selected will pass this test. But you could also split each rule type into a different notification rule.
Click the "Save and Activate" button to create the rule.
See more details in our Datadog Connection Details article.
