Shortlist fit
Cloud-native teams already using Datadog for logs, infrastructure monitoring or APM
Provider handles
Service monitors or routes alerts. Your team investigates and responds.Check before buying
Triage, investigation and response decisions after Datadog creates a signalAlso fits
- Security and platform teams that want alerting tied to observability context
- Buyers with internal staff to tune rules, review cases and run response
- Organizations that need published usage-based SIEM pricing rather than a managed-service quote
Can replace
- Some standalone cloud SIEM collection, detection and notification workflow
- Some manual routing of security signals into cases, Slack, Jira or PagerDuty
- Some separate dashboards for cloud, application and infrastructure security context
Coverage
Provider covers
- Cloud SIEM detection rules that analyze ingested logs in real time
- Security Signals Explorer for searching, filtering and assigning signals
- Notification rules for routing high-severity security signals to teams
Your team still owns
- Tuning detection rules, routing notifications and managing false positives
- Connecting log sources, agents, cloud accounts and security integrations
- Running containment actions through internal tools or customer-configured workflows
Tradeoffs
Works well
- Clear first-lane fit for buyers that want security monitoring and notification, not outsourced response
- Works naturally for teams already sending logs, traces and infrastructure telemetry to Datadog
- Published event-based Cloud SIEM pricing is easier to compare than most managed SOC quotes
Watch out for
- No Datadog-managed SOC analysts investigate or contain threats for the buyer
- Buyers need internal security ownership for rule tuning, triage, response and after-hours coverage
- Pricing can expand when Cloud SIEM is combined with log retention, CSM, AAP, workload protection or observability modules
Reviews
Review synthesis
Gartner Cloud SIEM reviews describe useful cloud visibility, log correlation and real-time detection, while critical themes focus on cost, learning curve and on-prem source forwarding. G2 and Reddit discussion are broader Datadog signals, but they repeat the same buying caveat: the platform can work well when teams govern usage and own tuning.Customers like
- Gartner themes mention cloud visibility, centralized log monitoring and event correlation
- G2 reviewers value Datadog's ability to connect logs, metrics, traces and alerts during incidents
- Reddit users often separate Datadog's technical value from its pricing complexity
Watch out for
- Gartner critical themes mention high cost, setup effort and source-forwarding friction
- G2 reviewers repeatedly describe a broad interface and learning curve
- Reddit pricing threads warn that ingestion, indexing, retention and negotiated terms can make bills hard to forecast
Pricing
- Price
- Published from $5 per 1M analyzed events/month
- Billing
- Tiered, Custom
Questions to ask
- Which signals only notify our team, and which workflows can safely run without manual approval?
- What event volume, retention and Datadog log-management costs are assumed in the quote?
- Who will own rule tuning, case assignment, after-hours triage and containment when a high-severity signal fires?
Integrations
- SIEM
- Datadog Cloud SIEM
- Datadog Log Management
- EDR / Endpoint
- CrowdStrike Falcon
- Microsoft Windows
- Cloud
- Microsoft 365
- Google Workspace
- Other
- AWS CloudTrail
- Okta
- Auth0
- 1Password
- Cisco Meraki
- Palo Alto Networks
- PagerDuty
- Slack
- Jira
Editorial notes
Why monitor and notify
Datadog Cloud SIEM creates security signals, notifications, cases and workflow triggers, but the buyer operates the SIEM. Public sources do not show Datadog analysts taking ownership of alert triage or incident response for this product.
Scope boundary
This profile covers Datadog Cloud SIEM and closely related security monitoring workflow, not Datadog's whole observability and cloud security portfolio. CSM, workload protection, application protection, code security and incident management can be separately licensed.
Pricing boundary
Datadog publishes Cloud SIEM event pricing, but buyers still need to model ingestion, retention, event volume, cloud egress and adjacent Datadog modules. Public reviews and Reddit discussions repeatedly warn that Datadog costs can be hard to forecast.
AI and workflow boundary
Datadog markets AI investigations and workflow automation, but those features support the buyer's team. They do not make Datadog a managed investigation or response provider unless a separate service owns that work.