Critical-risk tools in Datadog
10 of the 23 tools in Datadog are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
dashboardsDestructiveAccess Datadog dashboards and visualizations. Actions: - list: Filter dashboards by name/tags - get: Retrieve full dashboard config including widgets (useful for learning patte...
-
downtimesDestructiveManage Datadog scheduled downtimes for maintenance windows. Actions: list, get, create, update, cancel, listByMonitor. Use for: scheduling maintenance, preventing false alerts d...
-
incidentsDestructiveManage Datadog incidents for incident response. Actions: list, get, search, create, update, delete. Use for: incident management, on-call response, postmortems, tracking MTTR/MTTD.
-
logs_archivesDestructiveManage Datadog Logs archives (long-term log retention to S3 / GCS / Azure Blob). Actions: list, get, create, update, delete, reorder, get_order. Archives accept destinations of ...
-
logs_pipelinesDestructiveManage Datadog Logs pipelines (parsing & processor chains). Actions: list, get, create, update, delete, reorder, get_order. Pipelines run sequentially on incoming logs; reorder ...
-
monitorsDestructiveManage Datadog monitors. Actions: list, get, search, create, update, delete, mute, unmute, top, history, preview, test_notification. Filters: name, tags, groupStates (alert/warn...
-
notebooksDestructiveManage Datadog Notebooks. Actions: list (search notebooks), get (by ID with cells), create (new notebook), update (modify notebook), delete (remove notebook). Use for: runbooks,...
-
slosDestructiveManage Datadog Service Level Objectives. Actions: list (with SLI status & error budget), get, create, update, delete, history. SLO types: metric-based, monitor-based. Each list/...
-
syntheticsDestructiveManage Datadog Synthetic tests (API and Browser). Actions: list, get, create, update, delete, trigger, results. Use for: uptime monitoring, API testing, user journey testing, pe...
-
tagsDestructiveManage Datadog host tags. Actions: list (all host tags), get (tags for specific host), add (create tags), update (replace tags), delete (remove all tags). Use for: infrastructur...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.