diff --git a/content/en/bits_ai/bits_security_analyst.md b/content/en/bits_ai/bits_security_analyst.md index a8294185a42..eb5ad2ce11f 100644 --- a/content/en/bits_ai/bits_security_analyst.md +++ b/content/en/bits_ai/bits_security_analyst.md @@ -120,6 +120,10 @@ Rule eligibility depends on whether Datadog has built the investigation capabili {{< /collapse-content >}} +### Get notifications for completed investigations + +You can create security notification rules to get a notification when Bits Security Analyst completes an investigation. To do so, follow the instructions in [Create notification rules][7]. When specifying the tags and attributes that must be present for the notification rule to be triggered, add the tag `@workflow.bits_investigator.state:*`. + ## Disable Bits Security Analyst 1. In Datadog, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > [{{< ui >}}Bits Security Analyst{{< /ui >}}][3]. @@ -136,3 +140,4 @@ Rule eligibility depends on whether Datadog has built the investigation capabili [4]: /actions/connections/ [5]: https://app.datadoghq.com/security/siem/signals [6]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html +[7]: /security/notifications/rules/#create-notification-rules diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index 6a5d8ab65ec..96bae76620d 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -47,7 +47,8 @@ To create a notification rule, specify the conditions under which the rule shoul - **Finding**: A potential security flaw in your infrastructure. - **Signal**: Suspicious activity that poses an active threat against your infrastructure. 1. Select one or more severity levels. -1. Specify the tags and attributes that must be present in order for the notification rule to be triggered. +1. Specify the tags and attributes that must be present for the notification rule to be triggered. +
@workflow.bits_investigator.state:*.