- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloud SIEM provides security operational metrics to help you determine the effectiveness of your team in responding to and resolving security threats to your cloud environments. These metrics are shown in the out-of-the-box Cloud SIEM dashboard and are sent in the Cloud SIEM weekly digest reports. You can also create dashboards and monitors for them.
datadog.security.siem_signal.time_to_detect
datadog.security.siem_signal.time_to_acknowledge
datadog.security.siem_signal.time_to_resolve
The TTD, TTA, and TTR metrics are calculated based on these timestamps:
T0
) of the log that triggers a security signal.T1
) of when the signal is generated.T2
) of when the signal status is changed to under_review
.T3
) of when the signal status is changed to archived
.Metric | How the metric is calculated |
---|---|
Time to Detect (TTD)datadog.security.siem_signal.time_to_detect | T1 - T0 |
Time to Acknowledge (TTA)datadog.security.siem_signal.time_to_acknowledge | T2 - T1 |
Time to Resolve (TTR)datadog.security.siem_signal.time_to_resolve | T3 - T1 |
Use the Metrics Summary to see metadata and tags for the operational metrics. You can also see which dashboards, notebooks, monitors, and SLOs are using those metrics.
Use tags to filter the metrics to specific teams, sources, and environments. You can then create dashboards for those metrics to visualize the data or create monitors to alert you if the metrics exceed a specified threshold.