Integrate ContrastContrast Security ADR with Datadog® (NorthstarNorthstar)

The ContrastContrast Security ADR integration with Datadog enables ADR to send incident details to your Security Information and Event Management (SIEM), Security for Orchestration, Automation and Response (SOAR), and Extended Detection and Response (XDR) environments, which contextualizes incidents with other threat detection and response solutions.

How it works

When configured, the ContrastContrast Security ADR sends detected attack events from the ContrastContrast Security platform to your Datadog instance over HTTPs.

The ContrastContrastSecurity ADR with Datadog application enables Datadog to:

Parse and normalize the data received over HTTPs from the Datadog Logs API
Display ContrastContrast Security ADR attack events in Datadog to populate the dedicated ContrastContrast Security ADR Dashboard, or to use with search and correlation rules in Datadog Cloud SIEM

Before you begin

Before you start, you must have:

Admin Role permissions in Datadog
Applications instrumented with a ContrastContrast agent

Install the ContrastContrast Security ADR application in Datadog

In Datadog, go to the Contrast variables: Contrast Classic ADR tile and select Install Integration.
Continue to Set up the Datadog log ingestion.

Set up the Datadog log ingestion

In Datadog, go to Datadog Organization Settings > API Keys here to create a new API Key for the integration.
Once created, select Copy Key to copy it to your clipboard, since it will be needed in the following configuration step.

Configure ContrastContrast Security ADR to send attack events to Datadog

Configure the integration in ContrastContrast to send attack events to the Datadog application.

In ContrastContrast, go to the user menu and select Organization settings > Integrations.
Select the Datadog option under the ADR Integrations section.
Under the Datadog fields, enter:
- The URL is https://http-intake.logs.datadoghq.com/api/v2/logs
- The API Key from the API token created in Set up the Datadog log ingestion
Select from the modes of data to send to Datadog:
- Select All Observations and incidents to send all attack event observations detected by agents, as well as incidents and issues associated with the incident. This is recommended for SOC practices seeking deep visibility into application runtime and building custom use cases.
- Select Incidents and only incident-related observations to send incidents, associated observations, and issues to Datadog. This is recommended for SOC practices that want to minimize the volume of data sent to their SIEM and only receive alerts for security incidents and related observations
Select the Integration Enabled toggle to enable the integration. This setting allows you to temporarily disable the integration without losing your configuration.
Select Save.
Continue to View Contrast ADR data in Datadog.

View ContrastContrast ADR data in the Datadog dashboard

The integration includes a Datadog Dashboard titled Contrast Security ADR.