On the March episode of This Month in Datadog, Jeremy Garcia (VP of Technical Community and Open Source) covers Attacker Clustering, Auto Test Retries, and new Observability Pipelines features, including keyword dictionaries and several integrations. Later in the episode, Jinwu Liu (Product Manager) spotlights Reference Tables, which is now generally available, and Yash Kumar (Product Lead, Cloud SIEM) shows how these tables can be used to add context to detection rules in Cloud SIEM.
Also featured is a pair of blog posts about how to create an effective paging strategy and how Datadog teams structure on-call rotations, as well as a quick look at upcoming Datadog events and webinars.
This Month in Datadog is a monthly update of the company’s latest features, product announcements, and more. Subscribe to our YouTube channel to get notifications about future episodes.
New features
Enrich Datadog telemetry with metadata using Reference Tables
Now generally available, Reference Tables enables teams to upload custom metadata so they can enrich their Datadog telemetry with business-critical context, like human-readable names or threat intelligence, which can speed up real-time investigations and troubleshooting. Check out this blog post to read about a security-related use case: fine-tuning detection rules in Cloud SIEM.
New Observability Pipelines integrations and keyword dictionaries
Datadog Observability Pipelines now integrates with Amazon S3, Amazon Data Firehose, and AWS Lambda, as well as SentinelOne, helping teams to collect, process, and cost-effectively route their logs. We also added new keyword dictionaries, which are part of the Sensitive Data Scanner processor and allow teams to define terms that refine a scanner’s detection rules when routing logs.
Visit these blog posts to learn more about our integrations with SentinelOne and AWS. And you can read more about keyword dictionaries.
Identify and group attacker behaviors with Attacker Clustering
Today, distributed attacks are more challenging than ever to detect and respond to. Attacker Clustering is a new feature of Datadog Application Security Management that’s designed to identify and group together attacker behaviors during distributed attacks. When an attack is detected, this new feature automatically clusters attributes based on shared occurrences and creates a table with the cluster and key attributes of the attack. Learn more by reading this blog post.
Mitigate the impact of flaky tests with Auto Test Retries
With Auto Test Retries, teams can automatically retry failing tests up to five times, which helps to mitigate the impact of flaky tests on CI pipelines. Not only does this help teams avoid the need to manually re-run test jobs or entire pipelines, but when a test fails across all retries, engineers can trust that the test is broken. Read the release note to learn more. In the platform, Auto Test Retries can be enabled for repositories in Test Optimization Settings.
Additional updates
More new features and updates released this month:
- Vulnerability Management for Amazon ECR and ECS Fargate is now generally available
- Monitor Unity gaming apps with the SDK for Datadog RUM
- Track changes to detection rules in Cloud SIEM, ASM, and CWS
- Get guided steps to write detections with the Rule Editor in Cloud SIEM
- Easily manage multiple suppressions of detection rules in Cloud SIEM
- Quickly and securely upload images directly to Datadog
- Instrument Google Cloud Run apps with one step using the new Datadog Agent sidecar
See you next month
Check out our release notes for a full list of new features and updates. You can see these features and updates in action by logging on to the Datadog platform today or signing up for a 14-day free trial. We will see you next month.