Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions content/en/bits_ai/bits_security_analyst.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,10 @@ Rule eligibility depends on whether Datadog has built the investigation capabili
</ol>
{{< /collapse-content >}}

### Get notifications for completed investigations

You can create security notification rules to get a notification when Bits Security Analyst completes an investigation. To do so, follow the instructions in [Create notification rules][7]. When specifying the tags and attributes that must be present for the notification rule to be triggered, add the tag `@workflow.bits_investigator.state:*`.

## Disable Bits Security Analyst

1. In Datadog, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > [{{< ui >}}Bits Security Analyst{{< /ui >}}][3].
Expand All @@ -136,3 +140,4 @@ Rule eligibility depends on whether Datadog has built the investigation capabili
[4]: /actions/connections/
[5]: https://app.datadoghq.com/security/siem/signals
[6]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html
[7]: /security/notifications/rules/#create-notification-rules
3 changes: 2 additions & 1 deletion content/en/security/notifications/rules.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ To create a notification rule, specify the conditions under which the rule shoul
- **Finding**: A potential security flaw in your infrastructure.
- **Signal**: Suspicious activity that poses an active threat against your infrastructure.
1. Select one or more severity levels.
1. Specify the tags and attributes that must be present in order for the notification rule to be triggered.
1. Specify the tags and attributes that must be present for the notification rule to be triggered.
<div class="alert alert-tip">If you selected <strong>Signal</strong> in step 3, you can get notifications for completed <a href="/bits_ai/bits_security_analyst">Bits Security Analyst</a> investigations by adding the tag <code>@workflow.bits_investigator.state:*</code>.</div>
1. If you selected **Finding** in step 3, select the frequency of the notifications:
- **Aggregate results over**: Select this option, followed by a time frame from the list, to only get one notification for detections that occurred over that time frame.
- **Trigger immediately for each individual issue meeting the criteria**: Select this option to get one notification for each detection.<br />**Note**: Selecting this option can result in a large number of notifications.
Expand Down
Loading