Skip to main content

Datadog Alert Channel

Configure the Datadog alert channel to provide a unified view of your metrics, logs, and performance data combined with your cloud security data.

Create an API Key in Datadog for Lacework

Integrating Lacework and Datadog requires you to create an API key in Datadog.

info

Make sure to create an API key, not an application key.

  1. Log into the Datadog interface and navigate to Organization Settings > API Keys.
    You can also connect to https://app.datadoghq.com/organization-settings/api-keys.
  2. Select + New Key.
  3. In the popup window, add the name for the new API key.
  4. Click Create Key.
    This adds the new API key to the list.
  5. Verify the newly created API key.

For additional information about Datadog, see: https://docs.datadoghq.com/account_management/api-app-keys/.

Create a Datadog Alert Channel

Do the following:

  1. Log in to the Lacework Console as a Lacework user with administrative privileges.
  2. Go to Settings > Notifications > Alert channels.
  3. Click + Add New.
  4. Select Datadog.
  5. Click Next.
  6. Verify that you have a Datadog API key as described in Create an API Key in Datadog for Lacework. You can have as many channels as required. Lacework recommends to have a unique Datadog API key for each.
  7. Enter a unique name for the alert channel.
  8. Click Next.
  9. For Datadog Service, select Logs Detail (default), Logs Summary, or Events Summary.
  10. For Datadog Site, select com or eu. This is where you want to store your logs, either the US or Europe.
  11. For API Key, enter the API key that you created previously. This is required to submit metrics and alerts to Datadog.
  12. Click Save.
  13. Click Alert rules and configure your required alert routing details/options by leveraging the alert channel you created.
note

If you have a Datadog license for logs, you get the most functionality from the alert channel. You can index, search, monitor, rehydrate, create dashboards, and perform other critical functions with the data. If you do not have a license for logs, you can only view data in the event stream.

Lacework recommends sending all detailed data because to receive higher-level log fidelity and details. If you want to trim data, you can send the summary only.

View Lacework Data in the Datadog Dashboard

To view data that Lacework sends, query the sent data, and set up monitors or dashboards you must log in to the Datadog Dashboard and then click the logs and search. That screen should display a new source called Lacework.

The log data shows the JSON output of Lacework alerts. When viewing detailed alerts, you can see all information from the alert itself as you can in the Lacework Console. Inside the alert there are also links to the Lacework dashboard if more triage is needed.

Create a Lacework Datadog Alert Channel Using Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework alert channels using automation.

# Configure Datadog Alert Channel in Lacework
resource "lacework_alert_channel_datadog" "example" {
  name            = "Datadog Alert Channel Example"
  datadog_site    = "eu"
  datadog_service = "Events Summary"
  api_key         = "datadog-key"
}

Additional information on the lacework_alert_channel_datadog resource can be found on the Terraform Registry.

Last updated on