Vera Chan
Ron Feldman
Security analysts face unprecedented challenges in today's cloud landscape. Security operations center (SOC) teams are chronically understaffed, and cybersecurity threats are skyrocketing—further intensified by GenAI-driven attacks. High false positive rates add to this strain, fueling alert fatigue and delaying the detection of real threats. These hurdles make it harder for analysts to keep pace, which ultimately drives up mean time to resolution (MTTR).
Datadog Cloud SIEM has continually evolved to help SOC teams meet these challenges with powerful investigative capabilities, including:
- Hundreds of out-of-the-box integrations and detection rules
- Advanced graph-based visualizations
- Native Security Orchestration, Automation, and Response (SOAR) workflows and case management
- Comprehensive MITRE ATT&CK® mapping
- Intelligent, context-aware risk scoring
Now, we're introducing Bits AI Security Analyst, a new capability that autonomously triages Datadog Cloud SIEM signals, conducts in-depth investigations of potential threats, and delivers clear, actionable recommendations without human prompting. This is one of three AI agents, each designed to support cross-functional roles across security, SRE, and development.
Since its launch, Bits AI has expanded its capabilities to support DevOps by investigating alerts, managing incidents, resolving coding errors, and more. With Bits AI Security Analyst, we're taking Cloud SIEM to the next level by fundamentally transforming how security teams investigate and resolve security signals.
Let's take a closer look at how Bits AI Security Analyst works.
Autonomous Cloud SIEM triage
Bits AI asynchronously investigates SIEM signals by analyzing the detection rules that triggered them, starting with those within its domain expertise, such as AWS CloudTrail, and expanding to additional rule sets over time. Each investigated signal is clearly marked with a dedicated facet, allowing you to filter the Cloud SIEM Signals list or trigger targeted notifications.
To view a finding, just click the signal in the list or notification to open the Bits AI investigation side panel.
In-depth, evidence-based investigations
Bits AI Security Analyst draws on the expertise from Datadog's internal Security and Security Research teams. Using the MITRE ATT&CK framework as a foundation, the agent methodically plans and executes each step of its investigation, adapting its approach based on observed evidence. It also expertly pivots between indicators of compromise (IOCs) and pulls in relevant data from across the Datadog platform by querying historical signals and logs, linking to those queries, and providing clear, contextual analysis.
After completing its investigation, Bits AI provides one of three evidence-based conclusions:
- Benign: No security concern detected
- Suspicious: Potential attack requiring immediate investigation
- Inconclusive: Requires additional human investigation for definitive triage
In the previous screenshot, Bits AI Security Analyst classified a signal as benign based on historical patterns of legitimate administrative activity and surfaced that context as part of its in-depth analysis.
The agent's reasoning at each step of its investigation and its final conclusions are thoroughly evaluated for reliability. Bits AI Security Analyst has been rigorously tested against historical datasets containing both benign and malicious signals to ensure its efficacy—and we're continuously refining its accuracy over time.
Take action to remediate suspicious signals immediately
Beyond triage conclusions, Bits AI Security Analyst also recommends targeted remediations and enables direct execution of SOAR actions through the Action Interface. Even in unfamiliar scenarios, Bits helps guide your team toward the most appropriate next steps.
Bits AI only recommends actions from the vetted Action Catalog, and all executions are access-controlled via a connection. This safeguard ensures that only authorized users can make changes to your systems.
Automate investigations with Bits AI Security Analyst
Bits AI Security Analyst is now available in Preview—sign up here. You can also explore our generally available Bits AI features today. New to Datadog? Start a free 14-day trial to take advantage of autonomous Cloud SIEM investigations.
