--- title: "This Month in Datadog - March 2025" description: "Get up to speed on Reference Tables, Attacker Clustering, Auto Test Retries, and more." author: "Datadog" date: 2025-04-01 tags: ["cloud siem", "threat detection"] blog_type_id: the-monitor locale: en --- On the March episode of This Month in Datadog, [Jeremy Garcia](https://www.linkedin.com/in/jeremylq/) (VP of Technical Community and Open Source) covers Attacker Clustering, Auto Test Retries, and new Observability Pipelines features, including keyword dictionaries and several integrations. Later in the episode, [Jinwu Liu](https://www.linkedin.com/in/jinwu-liu-ba13ba142/) (Product Manager) spotlights Reference Tables, which is now generally available, and [Yash Kumar](https://www.linkedin.com/in/yash-kumar-841266b/) (Product Lead, Cloud SIEM) shows how these tables can be used to add context to detection rules in Cloud SIEM. Also featured is a pair of blog posts about [how to create an effective paging strategy](https://www.datadoghq.com/blog/on-call-paging.md) and [how Datadog teams structure on-call rotations](https://www.datadoghq.com/blog/on-call-rotations.md), as well as a quick look at upcoming Datadog [events and webinars](https://www.datadoghq.com/events-webinars). This Month in Datadog is a monthly update of the company's latest features, product announcements, and more. Subscribe to our [YouTube channel](https://www.youtube.com/@DatadogHQ) to get notifications about future episodes. [Watch video](https://www.youtube.com/embed/mpYVaYaYHOk?si=JAuZpzB2BcR-ELT4) ## New features ### Enrich Datadog telemetry with metadata using Reference Tables Now generally available, [Reference Tables](https://www.datadoghq.com/blog/reference-tables.md) enables teams to upload custom metadata so they can enrich their Datadog telemetry with business-critical context, like human-readable names or threat intelligence, which can speed up real-time investigations and troubleshooting. Check out this [blog post](https://www.datadoghq.com/blog/add-context-with-reference-tables-in-cloud-siem.md) to read about a security-related use case: fine-tuning detection rules in Cloud SIEM. ### New Observability Pipelines integrations and keyword dictionaries [Datadog Observability Pipelines](https://docs.datadoghq.com/observability_pipelines.md) now integrates with Amazon S3, Amazon Data Firehose, and AWS Lambda, as well as SentinelOne, helping teams to collect, process, and cost-effectively route their logs. We also added new keyword dictionaries, which are part of the [Sensitive Data Scanner processor](https://docs.datadoghq.com/observability_pipelines/processors/sensitive_data_scanner.md) and allow teams to define terms that refine a scanner's detection rules when routing logs. Visit these blog posts to learn more about our integrations with [SentinelOne](https://www.datadoghq.com/blog/observability-pipelines-sentinelone.md) and [AWS](https://www.datadoghq.com/blog/aws-logs-observability-pipelines.md). And you can read more about [keyword dictionaries](https://www.datadoghq.com/blog/scaling-sensitive-data-scanner.md). ### Identify and group attacker behaviors with Attacker Clustering Today, distributed attacks are more challenging than ever to detect and respond to. Attacker Clustering is a new feature of Datadog [App and API Protection (AAP)](https://www.datadoghq.com/product/application-security-management/) that's designed to identify and group together attacker behaviors during distributed attacks. When an attack is detected, this new feature automatically clusters attributes based on shared occurrences and creates a table with the cluster and key attributes of the attack. Learn more by reading this [blog post](https://www.datadoghq.com/blog/attacker-clustering.md). ### Mitigate the impact of flaky tests with Auto Test Retries With Auto Test Retries, teams can automatically retry failing tests up to five times, which helps to mitigate the impact of flaky tests on CI pipelines. Not only does this help teams avoid the need to manually re-run test jobs or entire pipelines, but when a test fails across all retries, engineers can trust that the test is broken. Read the [release note](https://app.datadoghq.com/release-notes/mitigate-the-impact-of-flaky-tests-with-auto-test-retries) to learn more. In the platform, Auto Test Retries can be enabled for repositories in [Test Optimization Settings](https://app.datadoghq.com/ci/settings/test-optimization). ### Additional updates More new features and updates released this month: - Vulnerability Management for [Amazon ECR and ECS Fargate](https://app.datadoghq.com/release-notes/detect-vulnerabilities-in-aws-ecr-and-ecs-fargate-with-cloud-security-management-and-agentless-scanning) is now generally available - [Monitor Unity gaming apps](https://www.datadoghq.com/blog/datadog-rum-unity-sdk.md) with the SDK for Datadog RUM - [Track changes to detection rules](https://app.datadoghq.com/release-notes/track-detection-rule-changes-with-rule-version-history) in Cloud SIEM, AAP, and Workload Protection - Get guided steps to write detections with the [Rule Editor](https://app.datadoghq.com/release-notes/easily-write-detection-rules-with-a-new-rule-editor-experience) in Cloud SIEM - Easily [manage multiple suppressions](https://app.datadoghq.com/release-notes/manage-multiple-suppressions-easily-for-detection-rules-in-cloud-siem-and-csm-threats) of detection rules in Cloud SIEM - Quickly and securely [upload images directly to Datadog](https://app.datadoghq.com/release-notes/image-upload-in-dashboards-is-now-generally-available) - [Instrument Google Cloud Run apps with one step](https://www.datadoghq.com/blog/instrument-cloud-run-with-datadog-sidecar.md) using the new Datadog Agent sidecar ## See you next month Check out our [release notes](https://app.datadoghq.com/release-notes) for a full list of new features and updates. You can see these features and updates in action by logging on to the Datadog platform today or signing up for a . We will see you next month.