Datadog

Pro Custodibus can push events to Datadog through Webhooks. Pro Custodibus sends events to the Datadog Log Collection endpoints via Datadog’s generic Send Logs HTTP intake API. You must set up a Datadog API Key to receive these events.

Pro Custodibus can push several types of events to Datadog:

  1. Alerts

  2. Endpoint Stats

  3. Log Authn

  4. Log Changes

Set Up

First log into Datadog and use the Datadog app to add a Datadog API key for Pro Custodibus to use.

Then log into Pro Custodibus, and follow these steps for each type of event you want to send to Datadog:

  1. Click the Admin link in the app header.

  2. Click the Webhooks link in the Administration panel.

  3. Click the “plus” icon on the right side of the Webhooks panel.

  4. Configure the following fields, then click the Add button to submit the form:

Type

Event type. See Webhook Types for details of each type.

State

“Active” or “Inactive”. Pause the webhook by setting it to “Inactive”; unpause it by setting it to “Active”.

URL

URL of the Datadog HTTP intake API that corresponds to the Datadog site you use. For the US1 site, use the following URL:

https://http-intake.logs.datadoghq.com/api/v2/logs

Consult Datadog’s Send Logs API documentation for the URL that corresponds to the Datadog site you use (use the “Site” selector in the top-right of Datadog’s API documentation to select the appropriate site).

Headers

List of HTTP headers Pro Custodibus will include when POSTing HTTP requests. If your Datadog API key is abcdef12345678900000000000000000, use the following header to authenticate with the Datadog API:

Dd-Api-Key: abcdef12345678900000000000000000

HTTP header names are case insensitive. You can enter this header name as DD-API-KEY or dd-api-key or Dd-Api-Key; Pro Custodibus will normalize all variants to Dd-Api-Key.

Extra Fields

Optional list of extra fields to add to the JSON body of each event when POSTed. Put one field on each line, like the following:

ddsource: procustodibus
ddtags: env:prod,version:1.0

These are the extra fields you can use with the Datadog API:

  • ddsource: The technology from which the log entries originated. We recommend you set this field value to procustodibus.

  • ddtags: Tags to associate with the log entries.

  • service: The name of the application or service which generated the log entries. We recommend you set this field value to a unique value for each webhook type you add (eg wg_alerts for the “Alerts” webhook, wg_endpoint_stats for the “Endpoint Stats” webhook, and so on).

Max Events Per Request

Maximum number of events to batch into a single POST HTTP request. We reccomend using the default value (100) with Datadog.

User

For alert-type events only, the user whose alerts should be sent by webhook (the user’s alerts will also be sent to the user over email or SMS as usual, if that user has such contact methods configured to receive security alerts).

Guide

See the Push WireGuard Logs to Datadog SIEM blog post for a full getting-started guide to Datadog integration.