Stream Network Activity to Datadog Cloud SIEM
Datadog is a monitoring and analytics platform for cloud-scale applications. Datadog Cloud SIEM provides real-time threat detection and security monitoring for cloud environments. By using the NetBird-Datadog integration, you can stream network activity to Datadog Cloud SIEM for real-time monitoring and threat detection across your private network.
NetBird integrates with Datadog using the Datadog Log Collection HTTP API and sends activity events to Datadog in real-time once they occur. The events appear in the Datadog Log Explorer, where you can search, filter, and analyze them right away.
This feature is only available in the cloud version of NetBird.
Prerequisites
Before you start creating and configuring a Datadog event streaming integration, ensure that you have the following:
- A Datadog account with permissions to create and manage API keys. If you don't have the required permissions, ask your Datadog administrator to grant them to you.
Create a Datdog API Key
- Navigate to the API Keys page
- Click
+ New Keyat the top - Give it a descriptive name like
NetBird Event Streaming - Click
Create Key - Copy the key. You will need this key when configuring an integration in NetBird.
Create an Integration in NetBird
- Navigate to the Integrations » Event Streaming tab in the NetBird Dashboard
- Enable and configure the Datadog integration
- First select the region of your Datadog account (for more details see Datadog Documentation)
- Then enter the API key you created in Step 1 and click
Connect
Verify the Integration
After configuring the Datadog integration in NetBird, you can verify that the integration is working correctly by checking the Datadog Log Explorer for incoming events. If the integration is successful, you should see two events from the netbird service in the Log Explorer:
integration testintegration created
The integration test event is sent to validate whether the provided credentials are correct and NetBird can stream events.
The integration created event is sent when the integration is successfully created.
The integration is now set up and ready to stream network activity events to Datadog.