AISEC

by CipherFort Security

Sign inGet started
Integration Guide · Datadog

Datadog Integration

The Datadog connector uses an API key and application key to collect security signals from the last 7 days, status of compliance-tagged monitors, and CSPM posture findings. CSPM collection requires the Cloud Security Management licence.

Security signals (last 7 days)Compliance monitor statusCSPM posture findings (if licensed)Supports datadoghq.com and datadoghq.eu

API key + App key

Credentials needed

7 days

Security signal lookback window

A.8.16, A.8.17

Example ISO 27001 control mappings

Prerequisites

Create a Datadog API and application key

Datadog uses two keys together: an API key (identifies the org) and an application key (identifies the user/scope).

Create an API key

In Datadog → Organization Settings → API Keys → New Key.

  • Name: aisec-evidence-collector
  • Copy the key value — shown once
  • API keys do not carry scopes; they just identify the Datadog organisation

Create an application key

Application keys carry the permissions of the user who creates them. Use a service account user with minimal permissions.

  • Create a service account: Organization Settings → Service Accounts → New Service Account
  • Assign role: Datadog Read Only Role (or a custom role with Security Signals Read + Monitors Read)
  • In the service account, go to Application Keys → New Key: "aisec-evidence"
  • Copy the application key value — shown once

Configuration

Connect Datadog in AISEC

Enter the API key, application key, and your Datadog site in Settings → Integrations → Datadog → Configure.

Step-by-step

  • API Key: the key from Organization Settings → API Keys
  • App Key: the application key from your service account
  • Site (optional): datadoghq.com for US1 (default), datadoghq.eu for EU1, us3.datadoghq.com for US3, etc.
  • Sync frequency: hourly for active monitoring teams, daily for baseline posture
  • Click Connect, then Sync now

Tag your compliance monitors

Ensure monitors are discoverable

The connector only collects monitors that have the compliance tag applied. Add this tag in Datadog to include monitors in evidence collection.

  • In Datadog → Monitors → select a monitor → Edit → Tags → add "compliance"
  • Any monitor tagged "compliance" will appear in evidence regardless of its check type
  • Monitors without this tag are not included — this keeps evidence focused on relevant checks

Evidence collected

What appears in your evidence register

Up to three evidence items per sync.

Security Signals

Critical and high severity signal count from the last 7 days.

  • Maps to ISO 27001: A.8.16, A.5.25
  • Maps to SOC 2: CC7.2

Compliance Monitors

Pass/fail status of all monitors tagged "compliance" in your Datadog account.

  • Maps to ISO 27001: A.8.16, A.8.17
  • Maps to SOC 2: CC7.1

CSPM Findings

Failing cloud posture checks with high/critical severity. Requires Cloud Security Management.

  • Maps to ISO 27001: A.8.9, A.5.36
  • Maps to SOC 2: CC7.1

Troubleshooting

Common issues

  • 403 on security signals — the application key's service account lacks the Security Monitoring Read permission; update the role in Datadog.
  • Empty monitor list — no monitors have the "compliance" tag applied; add the tag to relevant monitors in Datadog.
  • CSPM returns 403 or 404 — Cloud Security Management is not part of your Datadog subscription; CSPM evidence is skipped gracefully.
  • Wrong site — if using a non-US1 Datadog site, set the Site field to match (e.g. datadoghq.eu); API calls will fail with 403 if the wrong site is used.

Related

Keep exploring

All integrations

CrowdStrike guide

AWS Config guide

Ready to connect?

Create an API key and application key in Datadog, tag your compliance monitors, then enter the credentials in AISEC.