Detect suspicious login activity with impossible travel detection rules
Datadog's Cloud SIEM has introduced the impossible travel detection rule type to help identify suspicious login activity indicative of security breaches. This feature analyzes user logs to detect if a user has traveled between locations at an impossible speed, which may indicate unauthorized access attempts. Users can create and apply these rules using Datadog's log search syntax and group by dimensions. To minimize false positives, users can fine-tune their rules with suppression lists or enable baseline user location tracking to exclude logs from trusted users. The feature requires the queried logs to include the standard @network.client.ip attribute for location data extraction.
Company
Datadog
Date published
March 2, 2022
Author(s)
Dany Kanes, Jordan Obey
Word count
672
Hacker News points
None found.
Language
English