Datadog Workflow Automation allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools.
Workflow Automation allows you to trigger a workflow manually or automatically. In the example workflows in this article, the workflows are triggered manually by clicking the Actions > Run Workflow button on the side panels.
When you trigger a workflow, the source ID of the trigger event must be passed on to the next step in the workflow. In the examples in this article, the trigger events are a new security finding. In both cases, the source IDs are specified in the initial step of the workflow using source object variables.
This example creates a remediation workflow that sends an interactive Slack message when a public Amazon S3 bucket is detected. By clicking Approve or Reject, you can automatically block access to the S3 bucket or decline to take action.
Slack の Make a decision アクションを検索して選択し、ワークフローキャンバスにステップとして追加します。
ワークフローキャンバスのステップをクリックし、以下の情報を入力します。
Workspace: Slack ワークスペースの名前。
Channel: Slack メッセージの送信先チャンネル。
Prompt text: The text that appears immediately above the choice buttons in the Slack message, for example, “Would you like to block public access for {{ Steps.Get_security_finding.resource }} in region {{ Steps.GetRegion.data }}?”
This example creates an automated ticket routing workflow that creates and assigns a Jira issue to the appropriate team when a security finding is detected.
Click Add Trigger > Security. A workflow must have the security trigger before you can run it.
Enter a name for the workflow and click Save.
セキュリティ所見を取得する
To retrieve the finding and pass it into the workflow, use the Get security finding action. The action uses the {{ Source.securityFinding.id }} source object variable to retrieve the finding’s details from the Get a finding API endpoint.
Click Add Step to add the first step to your workflow.
Get security finding アクションを検索して選択し、ワークフローキャンバスにステップとして追加します。
ワークフローキャンバスのステップをクリックして構成します。
For Security ID, enter {{ Source.securityFinding.id }}.
Jira アクションの追加
ワークフローキャンバスのプラス (+) アイコンをクリックして、別のステップを追加します。
Search for the Create issue Jira action and select it to add it as a step on your workflow canvas.
You can trigger an existing workflow from the finding, misconfiguration, and resource side panels.
In the side panel, click Actions > Run Workflow, and select a workflow to run. The workflow must have a security trigger to appear in the list. Depending on the workflow, you may be required to enter additional input parameters, such as incident details and severity, the name of the impacted S3 bucket, or the Slack channel you want to send an alert to.