Datadog integration
SIEM & Monitoring
Datadog is where many teams already correlate infrastructure, application, and security signals on one timeline — which makes it a natural home for your external attack surface data. The FortWatch Datadog integration (currently in development) will push findings from your continuous external scans into Datadog as events and metrics, so an exposed database or an expiring certificate shows up on the same dashboards and monitors your on-call team already watches. Instead of checking yet another tool, your external exposures become part of the observability picture you already trust.
Exposed Redis on 203.0.113.10:6379
Unauthenticated database reachable from the internet.
View finding & step-by-step fix →Datadog + FortWatch
FortWatch will connect to Datadog using a Datadog API key and send data through Datadog's standard ingestion endpoints. New findings post to the Events API as structured events tagged with severity, scanner, asset, and finding type, while rolling counts (open criticals, highs, expiring certs, exposed services) ship as custom metrics so you can graph posture over time. Each event carries the affected asset, a one-line risk summary, and a deep link back to the full finding in FortWatch. Because everything is tagged consistently (for example severity:critical, scanner:port-scan, asset:cache-prod-1), you can build Datadog Monitors on top — alert when a new critical event lands, when exposed-service metrics tick above zero, or when a TLS expiry metric crosses a threshold — and route those through Datadog's own notification channels. When a follow-up scan confirms a finding is remediated, FortWatch posts a resolution event so the timeline reflects the fix.
FortWatch scans
Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.
AI triages the finding
Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.
Delivered to Datadog
The finding lands in Datadog, routed by severity — so the right people see the right alert, fast.
What you'll be able to do
Everything the Datadog integration will bring to your security workflow.
Stream every new finding into the Datadog event stream the moment a scan detects it — an exposed Redis port, a public storage bucket, a dangling DNS record — tagged with severity and asset.
Track posture as metrics
graph open criticals, highs, exposed unauthenticated services, and certificates nearing expiry on the same dashboards as your infra metrics.
Build Datadog Monitors that fire when a new critical event arrives or when an exposed-service count rises above zero, then route through your existing Datadog notification channels.
Correlate external exposures with internal telemetry — overlay a FortWatch 'new open port' event against a deploy marker or a traffic spike on the same timeline.
Add an external-attack-surface widget to NOC and security dashboards so on-call sees internet-facing risk alongside latency, errors, and saturation.
Watch certificate and DNS hygiene as time-series — alert well before a TLS cert expires or a SPF/DMARC record drifts, instead of finding out from a browser warning.
What an alert looks like
Every finding arrives formatted for Datadog — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.
- Severity-tagged and color-coded
- The exact asset and port affected
- One click to the full finding & remediation
Datadog[Datadog Event] alert_type: error priority: normal\nTitle: FortWatch · Critical · Exposed Redis on 203.0.113.10:6379\nText: Unauthenticated Redis is reachable from the internet — anyone can read, modify, or wipe the dataset and pivot onto the host.\nTags: source:fortwatch, severity:critical, scanner:port-scan, finding:exposed-database, asset:cache-prod-1\nLink: https://app.fortwatch.ai/findings/9f3a2c → full detail and step-by-step fix\n\nMetric: fortwatch.findings.open{severity:critical} 1 → 2Set it up in minutes, once it lands
No agents, no infrastructure changes — just connect Datadog and choose where alerts go.
When it launches, open Settings → Integrations in FortWatch and choose Datadog.
Paste a Datadog API key and select your Datadog site (for example US1, US5, or EU) so events route to the right region.
Pick which severities post as events and confirm the metric names and tags FortWatch will emit.
Send a test event and verify it appears in your Datadog event stream with the expected tags.
Build Datadog Monitors and dashboard widgets on the FortWatch events and metrics, then turn the integration on.
Why route FortWatch into Datadog?
External exposures and infrastructure health are usually watched in two different tools, so attack-surface findings get noticed late — if at all. Sending FortWatch into Datadog puts internet-facing risk on the same timeline and the same monitors your team already lives in, which closes the gap between an asset getting exposed and someone acting on it. It also makes posture trackable as a metric, so you can prove exposures are trending down instead of guessing.
Frequently asked questions
Is the Datadog integration available now?
Not yet — it is in active development. Add your email on this page and we will let you know the moment it ships.
Will FortWatch send events or metrics to Datadog?
Both. Individual findings post to the Datadog event stream as tagged events, and rolling posture counts (open criticals, exposed services, expiring certs) ship as custom metrics so you can graph trends and build monitors on either.
Do I need a Datadog admin to set it up?
You only need a Datadog API key with permission to submit events and metrics, plus your Datadog site region. No agent install on your hosts is required, since FortWatch scans externally and sends data over Datadog's HTTP intake.
Want the Datadog integration when it ships?
We'll email you the moment it goes live — no spam, just the launch.
Get notified
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.