This guide provides instructions on how to:
- Integrate BI events data with Datadog. Datadog only supports events push.
Ensure that you have the following:
- You have a tenant configured for your organization and able to enroll users.
- You have a Datadog account with admin privileges
- Datadog account
- Datadog API key
You need a Datadog account that allows you to post log data. You can start free by accessing https://www.datadoghq.com and click on “GET STARTED FREE”
Fill up a similar form as below to get a free account
The Datadog API endpoint for posting logs will be used to post BI tenant events. The endpoint is https://http-intake.logs.datadoghq.com/api/v2/logs
Datadog API key
The Datadog API key is required by Beyond Identity to post the tenant events into the datadog log aggregator.
If you have an existing Datadog account, the API keys can be seen or generated by accessing Organization Settings in DataDog web console
For the Beyond Identity SIEM event collection , please create a new API. Please follow the below steps
Navigate to your Account Profile and choose Organization Settings
Click on API Keys and choose add a new key by giving a name
Please copy the value of the newly created key which will be used in the next step for the SIEM integration in the Beyond Identity console
Beyond Identity Configuration
The configuration is done using the BI admin console. Access BI admin console through your SSO integration. Click on “Integrations” and click on “SIEM”. Under “SIEM Configurations”, click on “Add SIEM integration”. In “SIEM Provider” drop down, choose DataDog
The API key is obtained from DataDog deployment. Provide a name for the configuration. From the events drop down, “select all” events or one the events you are interested in.
Once SIEM configuration is complete in BI admin console, you will be able to see the events in your Datadog. You can verify with a log search in Datadog, for example
Verification in Datadog
- Access your Datadog URL
- Select Logs in the left pane
- Use “source=beyond-identity” as the search pattern
How to get event types?
Click on arrow next to 200
Click on body
Click on events
event_type lists all the events