Datadog Sensitive Data Scanner provides complete visibility into the flow of PII data. As we migrate to the cloud, it has become a critical part of our data loss prevention strategy.

Kevin McGill

VP Cloud Services, Citizens Bank

Datadog Sensitive Data Scanner helps our small team quickly find and redact sensitive data in RUM sessions and logs. It streamlines the once time-consuming task of detecting and masking exposed secrets, credentials, and PII across our microservices and mobile apps to prevent data leaks.

Sola Ajayi

Lead Engineer, Infrastructure, DevOps & Security Team, Shara

Sensitive Data Scanner is core to our data loss prevention (DLP) strategy. It gives us the confidence that our logs and events are continuously monitored for inadvertent exposure of sensitive information, so that we can identify and respond swiftly to anomalies or potential risks.

Kelly Bettendorf

Staff Security Engineer, Stavvy

Feature Overview

Datadog’s Sensitive Data Scanner helps businesses meet security and compliance goals by discovering, classifying, and redacting sensitive data across logs, traces, RUM, and events — in real-time and at scale. Datadog scans sensitive data at or prior to ingestion, and hashes or redacts this data following built-in or user-defined rules to help businesses stay compliant with GDPR, HIPAA, CCPA, and more.

Build a scalable and holistic data security and compliance strategy

Define exactly which data you want to scan using filters, across logs, APM spans, RUM events, and other telemetry data
Proactively scan your data in real-time and at scale to support a holistic loss prevention strategy
Scan and redact sensitive data before it leaves your environment via Observability Pipelines

Configure Sensitive Data Scanner to build a scalable and holistic compliance strategy

Get a comprehensive understanding of sensitive data across cloud environments

Discover where sensitive data lives across cloud environments, such as AWS S3 and RDS instances
Quickly and easily prioritize sensitive data matches in the cloud and kickstart remediation efforts as needed
Correlate sensitive data issues with Cloud Security Management for contextualized vulnerability assessment

Classify sensitive data based on its content, source, or designated risk level

Standardize data classification across dev, ops, and security teams and across different cloud platforms and hybrid environments
Accelerate classification through out-of-the-box rules that capture common patterns, such as credit card numbers, API keys, tokens, AWS secret keys, and others
Inform data governance policies with searchable tags on risk level, data source and priority

Redact sensitive data and monitor user activity to support data security initiatives

Scrub sensitive data with predefined scanners from Datadog’s Data Scanner Library or custom scanners
Use audit events to keep a full record of user activity on the Datadog platform with Datadog Audit Trail
Manage who can access sensitive data by combining sensitive data scanning with Datadog’s fully integrated role-based access control (RBAC) permissions and restriction queries

Redact sensitive data from security breaches and both insider and external threat actors

Quickly detect sensitive data issues with dashboards and alerts

Save time by scanning and tagging new hosts, containers, and applications as soon as they are spun up
Tag sensitive data to allow teams to create real-time alerts and build dashboards
Reduce false positives with the help of industry-standard detection techniques, such as the Luhn algorithm to scan and redact credit card information