Datadog Capabilities

Last updated: October 7, 2024

After this article...

You'll understand the capabilities our Datadog integration provides, and how Lumos interacts with the Datadog API.

View users

The mapping between Datadog user statuses and Lumos user account statuses is below.

Datadog User Status

Lumos Account Status

active

Active

disabled

Suspended

deleted (Datadog no longer returns a user)

Deprovisioned

Datadog API endpoint: https://docs.datadoghq.com/api/latest/users/#list-all-users

View a user's entitlements

Lumos can retrieve the following user entitlements from Datadog.

  • Role - The roles associated with the user's Datadog user account.

Datadog API endpoints:

Role: https://docs.datadoghq.com/api/latest/users/#get-user-details

Suspend a user

AppStore

Offboarding

Access Reviews

License Management

N/A

In Lumos, suspending a Datadog user marks their Account Status as "Suspended".

In Datadog, this action disables the user and prevents them from being able to log in.

This action does not reclaim a license in Datadog.

Datadog API endpoint: https://docs.datadoghq.com/api/latest/users/#disable-a-user

Post SIEM logs

Events that happen in Lumos can be posted to your Datadog connection that you configured.

More details on the event logging format and types of events we send can be found here:📄 How Lumos Logs to Your SIEM

Datadog API endpoint: https://docs.datadoghq.com/api/latest/logs/#send-logs

Datadog API documentation