Ingesting audit events to Datadog¶
This article explains how to create a Datadog log ingestion channel for Afi audit logs.
To create a Datadog API key for log ingestion, please go to the API Keys tab in your Organization settings:
Step 1 - On the API Keys tab, click on the + New Key button:
Copy the value for the newly created API key:
Step 2 - Create a Datadog channel on the Configuration → SIEM tab in the Afi portal with the following parameters:
- Endpoint: Datadog log ingestion endpoint
- API key: Datadog API key value from Step 1
- Tags: Log tags (can be used for log filtering on the Datadog side)
- Source: Log ingestion source (can be used for log filtering on the Datadog side)
Once the log ingestion channel is created, you can view Afi audit logs sent to Datadog in Log Explorer: