Create custom detection rules for Datadog Cloud SIEM. Write

Learning Objectives

Describe and implement best practices for creating custom Cloud SIEM detection rules
Create custom detection rules to detect threats in a public cloud environment
Write suppression rules to suppress security signals for benign activity
Configure notification rules to automatically send notifications and execute automated workflows
Correlate signals to detect multi-step attack patterns and sophisticated threats
Manage detection rules using Infrastructure as Code and the Datadog public API

Primary Audience

Cloud security engineers, platform engineers, and incident responders working with threat detection in a public cloud environment

Prerequisites

Recommended:

Completion of the Learning Environment course
Completion of Detect and Investigate Threats with Cloud SIEM
Basic cloud computing knowledge (this course features a sandbox AWS environment)
Recommended: Completion of Getting Started with Log Explorer or previous experience with Datadog Log Management

Technical Requirements

In order to complete the course, you will need:

Google Chrome or Firefox
Third-party cookies must be enabled to access labs

Course Navigation

At the bottom of each lesson, click MARK LESSON COMPLETE AND CONTINUE so that you are marked complete for each lesson and can receive the certificate at the end of the course.

Course Enrollment Period

Please note that your enrollment in this course ends after 30 days. You can re-enroll at any time and pick up where you left off.

Learning Center

Write Custom Cloud SIEM Detection Rules

Learning Objectives

Primary Audience

Prerequisites

Technical Requirements

Course Navigation

Course Enrollment Period

Course curriculum

Course Overview

Cloud SIEM Detection Rules

Lab: Write Custom Cloud SIEM Rules

Course Conclusion

Write Custom Cloud SIEM Detection Rules

Running into an issue?