Yes, you can configure widgets to exclude results by tags. You can do this by applying a tag prepended with a ! to signify "not".
So in your case, you can set up your widget scoped over importance:ignore and then hit the little </> button on the right to expose the underlying query, and sneak a ! in front to make it !importance:ignore.
This doc has a nice example (although it's for notebooks, it works the same in dashboards as well).
Answer from stephenlechner on Stack OverflowDatadog
docs.datadoghq.com › dashboards › functions › exclusion
Exclusion
Exclude null values and apply threshold-based filtering using clamp and cutoff functions on metrics.
Christopher Davis
chrisguitarguy.com › 2024 › 05 › 16 › using-datadog-sampling-rules-to-exclude-traces
Using DataDog Sampling Rules to Exclude Traces – Christopher Davis
May 16, 2024 - Moreover, as the docs say in somewhat hard to parse wording: if you do any sort of sample on the tracer side, the tracer may choose to send traces based on sampling rate that are dropped by the agent. If you’re sending 100% of traces, then that’s not a concern, but anything with sampling involved should likely do tracer side exclusion.
Terraform Registry
registry.terraform.io › providers › DataDog › datadog › latest › docs › resources › security_monitoring_filter
datadog_security_monitoring_filter | Resources | DataDog/datadog | Terraform | Terraform Registry
query (String) Exclusion filter query. Logs that match this query are excluded from the security filter. ... # Security monitoring filters can be imported using ID, e.g. terraform import datadog_security_monitoring_filter.my_filter m0o-hto-lkbCopy
Datadog
docs.datadoghq.com › containers › guide › autodiscovery-management
Container Discovery Management
Control which containers the Datadog Agent monitors by configuring discovery rules and inclusion/exclusion patterns
Datadog
docs.datadoghq.com › tracing › guide › ignoring_apm_resources
Ignoring Unwanted Resources in APM
Learn how to exclude unwanted resources like health checks from traces using sampling rules and filtering to reduce noise and manage costs.
Datadog
docs.datadoghq.com › security › cloud_security_management › guide › resource_evaluation_filters
Use Filters to Exclude Resources from Evaluation
datadog:monitored !region:us-east1 collects metrics for resources that have the datadog:monitored tag, so long as the resource does not have the region:us-east1 tag applied to it.
Datadog
docs.datadoghq.com › logs › log_configuration › indexes
Indexes
You might not need your DEBUG logs ... of a critical version of your application. Setup a 100% exclusion filter on the status:DEBUG, and toggle it on and off from Datadog UI or through ......
GitHub
github.com › DataDog › dd-trace-dotnet › issues › 4162
Datadog.Tracer.Native flagged by antivirus as containing Malware · Issue #4162 · DataDog/dd-trace-dotnet
April 9, 2023 - Describe the bug I just received a warning from my antivirus scanner Bitdefender that the file Datadog.Tracer.Native is infected with Gen:Heur.Mint.Zitirez.uD8@bGht2Lainc and moved the file to quarantine. The full file path is C:\Users\{me}\.nuget\packages\datadog.monitoring.distribution\2.15.0-beta01\contentFiles\any\any\datadog\win-x64\Datadog.Tracer.Native.dll ·
Published May 19, 2023
Datadog
docs.datadoghq.com › security › application_security › threats › protection
Policies
For fine-grained control, you can clone a Datadog managed policy or create a custom policy and set the mode to meet your needs. If you set the policy to auto-updating, your applications are protected by the latest detections rolled out by Datadog.
Datadog
docs.datadoghq.com › metrics › advanced-filtering
Advanced Filtering
Functions do not delete datapoints from Datadog, but they do remove datapoints from your visualizations.
Datadog
docs.datadoghq.com › security
Datadog Security
To get started with Datadog Security, navigate to the Security > Setup page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform.
Datadog
docs.datadoghq.com › security › cloud_security_management › vulnerabilities
Cloud Security Vulnerabilities
Cloud Security Vulnerabilities helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products.
Datadog
datadoghq.com › blog › block-attackers-application-security-management-datadog
Block attackers in your apps with Datadog Application Security Management | Datadog
Datadog Application Security Management now includes Protection capabilities that enable you to block attack attempts and attackers (including authenticated ones) automatically.
Top answer 1 of 3
4
All of these answers are correct in their own ways, but my specific issue was that the Datadog annotations for the source and service were not properly quoted:
ad.datadoghq.com/my-service.logs: |
[{
"source": "my-service", # Needs Quotes
"service": "my-service", # Needs Quotes
"log_processing_rules": [
{
"type": "exclude_at_match",
"name": "exclude_healthcheck_logs",
"pattern": "\"RequestPath\": \"\/health\""
}
]
}]
2 of 3
1
Be sure you are applying the label com.datadoghq.ad.logs to the service container which is generating the log messages... not the Datadog agent container. (That was my mistake.)
Datadog
docs.datadoghq.com › agent › logs › advanced_log_collection
Advanced Log Collection Configurations
To send only a specific subset of logs to Datadog, use the log_processing_rules parameter in your configuration file with the exclude_at_match or include_at_match type.
Datadog
docs.datadoghq.com › logs › guide › control-sensitive-logs-data
Manage Sensitive Logs Data Access
If you’re not using Sensitive Data Scanner, determine whether you want to exclude any new logs containing sensitive data from being indexed entirely. You’ll still need to address the logs containing sensitive data already indexed in Datadog. Find which index(es) hold logs with sensitive data. For each index, add an exclusion filter based on the sensitive outline query.
Datadog
docs.datadoghq.com › security › suppressions
Suppressions
Note: To maintain your edit access to the rule, Datadog requires you to include at least one role that you are a member of before saving.
Reddit
reddit.com › r/cybersecurity › antivirus exclusions
r/cybersecurity on Reddit: Antivirus exclusions
December 7, 2022 -
Hi all, I work in a smallish global corporation in the manufacturing sector. I support a number of our software products as well as providing some networking and cybersecurity advice to people who are more mechanically minded.
We’ve encountered some issues with one of our products a installed at a particular customer and I suspect it may be the antivirus causing some conflicts. Ours is the only software running on a Windows Server VM, so Baseline install followed by our software. The software includes PostgreSQL and some file based network stuff (old technology). So in one folder there are up to 1000 files being written and deleted per second.
Sometimes files are not written that should be written, and aren’t deleted that should be deleted. We also have some issues with time outs on the database.
PostgreSQL advise to exclude the installation folder from antivirus. And I have also requested that our software folder be excluded from antivirus.
The customer‘s IT basically responded with „no“.
Is this a serious security threat? It seems standard practice for production software to require an exclusion.
How would you respond? And do you think I’m right to suspect the antivirus as the cause of our issues?
Thanks.
Top answer 1 of 4
7
Unfortunately, my experience has been vendors constantly take the lazy way out and blame everything BUT their product for issues and one of their favorite culprits is AV. Their answer is to always exclude their processes and their files because they don't have to assume the risk if the exclusions come back to bite you. Better vendors have documents that provide exclusion recommendations without it being "everything." That being said - if you can come back with something more precise in your requests that's a decent compromise, then you may get somewhere. If the files being written are of a specific file extension, ask for an exclusion specifically for that folder and those file extensions (e.g. D:\Data\*.log). If it's feasible, ask for real-time scanning to be disabled for that folder and switch to something like daily or weekly during off-hours. That way it's not being ignored and if something gets detected, it'll be delayed (with less risk but still a risk). Also, if you can provide logs either from the AV product or PostgreSQL showing that they're conflicting, that would help your case. As to whether or not I think you're right or wrong about your suspicion, I definitely think it's a possibility. Years ago at an old job, we could tell McAfee was holding files open for scanning while the file's parent process was trying to read it or write to it. Since our team was responsible for approving the exclusions, we did the above and everybody was happy.
2 of 4
4
Firstly ensure that only one AV is running. A common practice but sometimes overlooked. Secondly, it is not uncommon for certain directories or files to be excluded from AV software. Not every AV software works straight out of the box and it is common for exclusions to be put in place. Normally exclusions are put in place to allow legitimate/trusted applications/files to run. What you could do is run Procmon and see if the AV is the cause for the files not being written/deleted. You can also disabled the AV and see if the action works, or even uninstall the AV completely to see if it works or not. These are common practices to troubleshooting. Is a serious security threat ? If a file/directory is excluded from AV then there is a chance that a n incident could occur, if an attacker is able to drop a file within an excluded location, it would have a chance to run without the AV detecting.
Datadog
docs.datadoghq.com › continuous_integration › guides › ingestion_control
Set Ingestion Control for CI Visibility
Select Add an Exclusion Filter. Name the filter and define a query. After you define a query, the preview above the input fields shows ingested data that matches your query. Once your filter is created and enabled, events like the ones shown ...