Datadog Cloud SIEM has introduced a built-in detection rule to monitor cloud-based systems for unwanted cryptocurrency mining, which can quickly strain servers and cause unexpected computing costs. The rule scans log data from all cloud resources for activity from known IP or domain addresses associated with mining servers or pools. Once enabled, Datadog generates security signals when it detects suspicious activity, providing insights into affected hosts such as performance metrics and running processes. These signals help investigators identify potential threats like cryptominers, allowing them to pivot to related processes, search for unexpected activities, and mitigate attacks by killing unauthorized processes, blocking malicious IP addresses, or adding them to firewall deny lists. Additionally, Datadog's suppression lists enable users to reduce false positives by controlling when security signals are generated, preventing legitimate cryptocurrency applications from being flagged as malicious activity.