Learning Objectives

  • Describe and implement best practices for creating custom Cloud SIEM detection rules
  • Create custom detection rules to detect threats in a public cloud environment
  • Write suppression rules to suppress security signals for benign activity
  • Configure notification rules to automatically send notifications and execute automated workflows
  • Correlate signals to detect multi-step attack patterns and sophisticated threats
  • Manage detection rules using Infrastructure as Code and the Datadog public API

Primary Audience

Cloud security engineers, platform engineers, and incident responders working with threat detection in a public cloud environment

Prerequisites

Recommended: 

Technical Requirements

In order to complete the course, you will need:

  • Google Chrome or Firefox
  • Third-party cookies must be enabled to access labs

Course Navigation

At the bottom of each lesson, click MARK LESSON COMPLETE AND CONTINUE so that you are marked complete for each lesson and can receive the certificate at the end of the course.

Course Enrollment Period

Please note that your enrollment in this course ends after 30 days. You can re-enroll at any time and pick up where you left off.

Course curriculum

    1. Introduction

    1. Detection Rule Components

    2. Detection Methods

    3. Notification Rules

    4. Detection as Code

    1. Lab overview

    2. Lab: Write Custom Cloud SIEM Rules

    1. Summary and Resources

    2. Feedback Survey

Write Custom Cloud SIEM Detection Rules

  • 2 hours to complete
  • 0 hours of video content
  • Advanced