Datadog + D3 Morpheus AI
Orchestrated Response to IT and Security Issues
Datadog’s Application Performance Monitoring (APM) solution can detect IT and security issues from across integrated cloud applications, networks, and infrastructure. While this solution can generate analytics and integrate with communication tools like Slack to help coordinate response, it does not have a true incident response capability. The integration with Morpheus AI fills this gap.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have studied Datadog’s APIs and capabilities closely in order to provide a powerful joint solution that can be seamlessly added to our codeless playbooks. The integration enables SOC teams to:
- Enrich Datadog alerts with third-party threat intelligence for improved triage
- Investigate potential security implications of cloud performance issues
- Run incident-specific playbooks for Datadog alerts
- Orchestrate SecOps and IR workflows, with actions across hundreds of other security tools
Use CAse
Cryptojacking Detection and Response
Cryptomining scripts can potentially be detected by Amazon GuardDuty and that information can be forwarded to Datadog—or Datadog APM could detect the drop in performance from the hijacked machine—but neither tool has the ability to fully investigate and remediate the threat on its own. Morpheus AI can retrieve the event, correlate against other tools to identify MITRE ATT&CK tactics and techniques, and extract IOCs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required.
- Morpheus AI has a prebuilt automation-powered playbook for cryptojacking, which includes domain analysis and EC2 instance analysis.
- Automatically escalate alerts to Morpheus AI based on Datadog filters.
- Turn Datadog alerts into high-fidelity, fully contextualized incidents.
Use Case
Security Alert Response Orchestration
By combining Datadog Security Monitoring for threat detection with Morpheus AI for incident enrichment and response, you can automatically escalate security threats to Morpheus AI and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Morpheus AI can then trigger an automated response playbook, all within a single window.
- Eliminate the need for manual coordination of triage and response tasks across tools.
- Orchestrate across cloud-based and on-premise tools.
- Capture all incident data, evidence, and timelines in a single, audit-friendly platform.
Why Morpheus AI?
Joint users of Datadog and D3 Morpheus AI don’t just get automated response orchestration to cryptojacking and other incidents; they also get the countless other features that make Morpheus AI the leading autonomous SOC solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Hyperpipe, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Datadog Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
