Threat Intelligence Tools | Datadog

Threat Intelligence & Threat Hunting Tools

Automatically flag attacker techniques & misconfigurations with real-time security monitoring. Start detecting threats across your applications, network, and infrastructure within minutes.

Threat actors commonly reuse IP addresses, domains, and other resources in attempts to gain access to your systems. Threat Intelligence is the practice of developing, maintaining, and operationalizing these indivators of compromise, which can identify suspicious activity before threat actors take more serious action.

Datadog Cloud SIEM offers turn-key threat intelligence, curated by parters including IPinfo and GreyNoise, to automatically inform you of suspicious activity on your network. Datadog’s built-in Threat Detection Rules automatically look for whether known malicious IPs are interacting with your applications and services. If the IPs are on any threat intelligence feeds, Datadog will categorize the detected threat and provide additional context around why the IP was flagged.


Full-Stack Defense Across Apps, Workloads, and Infrastructure

  • Track conformance easily with out-of-the-box cloud and infrastructure industry benchmarking rules
  • See your security posture in full context with continuous scans across cloud accounts, hosts, and containers
  • Uncover threats in your hosts and containers with performant, in-kernel analysis of your workload activity
  • Analyze everything without the cost of indexing and retaining all of the data

Simplify Complexity with End-To-End, Unified Visibility

  • Analyze all layers of your cloud environment in just a few clicks; pivot seamlessly from one visualization to the next, from one telemetry to another
  • Align DevOps and Security together with full observability data and an easy-to-use, intuitive, unified platform
  • Easily access detailed observability data: workload events, application logs, infrastructure metrics, audits, and more
  • Enrich security signals with Datadog-managed threat intelligence feeds

Automatically Detect Security Threats and Misconfigurations in Real Time

  • Immediately flag threats, surface misconfigurations, and enable threshold and anomaly detection
  • Discover security issues at log ingestion and continuously; never on schedules or after costly indexing
  • Ingest, normalize, and enrich logs, as well as third-party security alerts, to accelerate investigations
  • Monitor the security of all layers of your cloud environment: infrastructure, hosts, containers, and applications

Get Set Up in Minutes with 900+ Detection Rules and 700+ Integrations

  • Improve your security and compliance posture with 900+ default detection rules mapped to the MITRE ATT&CK® and compliance frameworks
  • Discover in-depth insights into where issues are originating with 700+ vendor-backed integrations, including 100+ fully-supported AWS services
  • Create custom threat rules without learning a proprietary query language
  • Get full visibility into your network, identity providers, and SaaS applications with minimal configuration

The Essential Monitoring and Security Platform for the Cloud Age

Datadog brings together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable.

Platform Diagram

Next-Generation Security Monitoring Tools

Monitor for and proactively remediate potential security threats.


Security Investigation Dashboards

Simplify your investigations with drag-and-drop, customizable dashboards.



Detect threats and issues using machine learning.


Root cause analysis

Visualize your observability and security data together, seamlessly pivoting between related metrics, traces, and logs.

Loved & Trusted by Thousands

Washington Post logo 21st Century Fox Home Entertainment logo Peloton logo Samsung logo Comcast logo Nginx logo