This Month in Datadog - March 2025 | Datadog

This Month in Datadog - March 2025

Published: April 1, 2025

On the March episode of This Month in Datadog, Jeremy Garcia (VP of Technical Community and Open Source) covers Attacker Clustering, Auto Test Retries, and new Observability Pipelines features, including keyword dictionaries and several integrations. Later in the episode, Jinwu Liu (Product Manager) spotlights Reference Tables, which is now generally available, and Yash Kumar (Product Lead, Cloud SIEM) shows how these tables can be used to add context to detection rules in Cloud SIEM.

Also featured is a pair of blog posts about how to create an effective paging strategy and how Datadog teams structure on-call rotations, as well as a quick look at upcoming Datadog events and webinars.

This Month in Datadog is a monthly update of the company’s latest features, product announcements, and more. Subscribe to our YouTube channel to get notifications about future episodes.

New features

Enrich Datadog telemetry with metadata using Reference Tables

Now generally available, Reference Tables enables teams to upload custom metadata so they can enrich their Datadog telemetry with business-critical context, like human-readable names or threat intelligence, which can speed up real-time investigations and troubleshooting. Check out this blog post to read about a security-related use case: fine-tuning detection rules in Cloud SIEM.

New Observability Pipelines integrations and keyword dictionaries

Datadog Observability Pipelines now integrates with Amazon S3, Amazon Data Firehose, and AWS Lambda, as well as SentinelOne, helping teams to collect, process, and cost-effectively route their logs. We also added new keyword dictionaries, which are part of the Sensitive Data Scanner processor and allow teams to define terms that refine a scanner’s detection rules when routing logs.

Visit these blog posts to learn more about our integrations with SentinelOne and AWS. And you can read more about keyword dictionaries.

Identify and group attacker behaviors with Attacker Clustering

Today, distributed attacks are more challenging than ever to detect and respond to. Attacker Clustering is a new feature of Datadog Application Security Management that’s designed to identify and group together attacker behaviors during distributed attacks. When an attack is detected, this new feature automatically clusters attributes based on shared occurrences and creates a table with the cluster and key attributes of the attack. Learn more by reading this blog post.

Mitigate the impact of flaky tests with Auto Test Retries

With Auto Test Retries, teams can automatically retry failing tests up to five times, which helps to mitigate the impact of flaky tests on CI pipelines. Not only does this help teams avoid the need to manually re-run test jobs or entire pipelines, but when a test fails across all retries, engineers can trust that the test is broken. Read the release note to learn more. In the platform, Auto Test Retries can be enabled for repositories in Test Optimization Settings.

Additional updates

More new features and updates released this month:

See you next month

Check out our release notes for a full list of new features and updates. You can see these features and updates in action by logging on to the Datadog platform today or signing up for a . We will see you next month.