Cloud SIEM noob here, is it possible to curtail logs that are ingested by Cloud SIEM ? i.e We have configured Cloudtrail and Salesforce to push to push logs to cloud SIEM, and I am not sure whether we are pushing more logs than those that would indicate potential security issues. Is there a way to configure these streams in Datadog?
Do you mean, like to include/exclude? I think you can specify detailed filter on which logs you want to include into SIEM
example:
"query": "source:cloudtrail"
Pretty sure that you can extend this query/filter, with the danger of loosing something also right…