Datadog’s Application Performance Monitoring (APM) solution can detect IT and security issues from across integrated cloud applications, networks, and infrastructure. While this solution can generate analytics and integrate with communication tools like Slack to help coordinate response, it does not have a true incident response capability. The integration with Smart SOAR fills this gap by turning Datadog’s comprehensive information into automation-powered playbooks with full enrichment, orchestrated actions, and proven workflows for everything from cloud service outages to security breaches.
Cryptomining scripts can potentially be detected by Amazon GuardDuty and that information can be forwarded to Datadog—or Datadog APM could detect the drop in performance from the hijacked machine—but neither tool has the ability to fully investigate and remediate the threat on its own. Smart SOAR can retrieve the event, correlate against other tools to identify MITRE ATT&CK tactics and techniques, and extract IOCs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required. Smart SOAR has a prebuilt automation-powered playbook for cryptojacking, which includes domain analysis and EC2 instance analysis.
By combining Datadog Security Monitoring for threat detection with Smart SOAR for incident enrichment and response, you can automatically escalate security threats to Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook, all within a single window.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.