Skip to main content

Category: Developer Platforms

Secure Datadog browsing

Secure Datadog browsing means protecting observability dashboards, logs, and admin sessions from phishing and session compromise—because the data inside is powerful.

Quick answer

Legba can isolate browser sessions while your team uses Datadog.

Developer platforms concentrate secrets and elevated permissions. Isolation reduces risk when users browse third‑party docs, packages, and links during Datadog work.

This page does not imply an official integration with Datadog—it’s a guide to securing browser workflows around the app.

When you need this

  • Your team uses Datadog in a browser every day.
  • You want to reduce phishing, malicious downloads, and session theft without slowing users down.
  • You need role-based policies for employees, admins, and contractors.

Last updated

2026-01-29

Common browser risks

  • Phishing that imitates “Datadog alert” or “incident” pages to steal credentials.
  • Session hijacking that provides access to logs and dashboards containing secrets and internal URLs.
  • Malicious links embedded in alerts, dashboards, or tickets that route engineers to risky destinations.
  • Copy/paste leakage of tokens, endpoints, and incident details into untrusted tools or AI prompts.
  • Admin console exposure from browsing on unmanaged devices or mixed-purpose profiles.

Typical sensitive data in Datadog

  • Logs that may include tokens, credentials, or PII if not sanitized.
  • Metrics and traces that reveal architecture and internal endpoints.
  • Dashboard URLs and incident notes.
  • API keys and integration tokens (depending on setup).
  • Alerts and notification targets.
  • User roles and access configurations.

Recommended policies by role

Engineering

  • Open unknown links from alerts and dashboards in isolation.
  • Avoid pasting secrets from logs into untrusted web tools or AI prompts.
  • Use separate profiles for production/observability access vs general browsing.

Security

  • Treat observability access as high privilege; enforce strong session controls and least privilege.
  • Use isolation for investigating suspicious domains referenced in logs and alerts.
  • Reduce sensitive data in logs to lower blast radius if access is compromised.

IT Admins

  • Enforce extension allowlists and browser permission controls for engineers with observability access.
  • Restrict downloads from unknown sites; require scanning for incident tooling.
  • Apply stronger controls for admin roles in Datadog workspaces.
See Legba for Chrome

FAQs

Why is observability data sensitive?

Logs and traces can contain tokens, internal URLs, and operational details that make attacks easier and faster.

Is phishing really a risk here?

Yes. Alert-based workflows create urgency, and attackers exploit that with fake “incident” pages and redirects.

How does isolation help incident response?

It lets teams open unknown links and investigate suspicious pages with less endpoint exposure—useful when time pressure is high.

What’s a quick win for Datadog security?

Separate browsing profiles for privileged access and isolate unknown domains clicked from alerts and dashboards.

References

Keep exploring

All guides
Threats, secure apps, and AI security pages.
All secure app guides
Browse apps by category.
Browser threats
Understand threats and mitigation patterns.
AI security guides
Prevent AI prompt leakage and prompt injection.