search-security-signals
Search Datadog security monitoring signals using query filters and time range. Identify threats by severity, type, or custom queries.
Instructions
Search Datadog security monitoring signals with query filtering
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| query | No | Security signal search query. Example: type:log_detection status:high or * | * |
| from | Yes | Start time (ISO 8601). Example: 2026-02-26T00:00:00Z | |
| to | Yes | End time (ISO 8601). Example: 2026-02-26T23:59:59Z | |
| limit | No | Max results (default 50, max 1000) | |
| sort | No | Sort order: -timestamp (newest first) or timestamp (oldest first) | -timestamp |
| extractFields | No | Comma-separated dotted paths to project from response (e.g. 'id,name,owner.name,columns.*.name'). Use `*` as wildcard for arrays/objects. Wrap field names with dots in backticks. Reduces response tokens dramatically on large entities. |