Need to curtail logs ingested by Cloud SIEM in Datadog

Cloud SIEM noob here, is it possible to curtail logs that are ingested by Cloud SIEM ? i.e We have configured Cloudtrail and Salesforce to push to push logs to cloud SIEM, and I am not sure whether we are pushing more logs than those that would indicate potential security issues. Is there a way to configure these streams in Datadog?

Do you mean, like to include/exclude? I think you can specify detailed filter on which logs you want to include into SIEM

https://docs.datadoghq.com/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api/#create-a-custom-filter

example:

"query": "source:cloudtrail"

Pretty sure that you can extend this query/filter, with the danger of loosing something also right…