Datadog Integration with TigerTrust
TigerTrust integrates with Datadog to provide comprehensive certificate observability. Monitor certificate health, track expiration timelines, and receive intelligent alerts alongside your existing Datadog monitoring.
Integration Setup
Configure the Datadog integration:
# TigerTrust Datadog configuration integrations: datadog: enabled: true api_key: ${DATADOG_API_KEY} app_key: ${DATADOG_APP_KEY} site: datadoghq.com # or datadoghq.eu metrics: enabled: true prefix: tigertrust tags: - "env:production" - "service:certificate-management" logs: enabled: true source: tigertrust service: certificate-management events: enabled: true priority: normal
Custom Metrics
TigerTrust sends the following metrics to Datadog:
tigertrust.certificates.total{environment, issuer}
tigertrust.certificates.expiring{days_remaining, environment}
tigertrust.certificates.expired{environment}
tigertrust.certificates.issued{issuer, key_type}
tigertrust.certificates.renewed{issuer, auto_renewed}
tigertrust.certificates.days_until_expiry{common_name, environment}
tigertrust.policy.violations{policy_name, severity}
tigertrust.discovery.certificates_found{source}
Pre-built Dashboards
Import TigerTrust dashboards:
{ "title": "TigerTrust Certificate Overview", "widgets": [ { "definition": { "title": "Certificates by Expiration", "type": "query_value", "requests": [ { "q": "sum:tigertrust.certificates.expiring{days_remaining:30}", "aggregator": "last" } ] } }, { "definition": { "title": "Certificate Expiration Timeline", "type": "timeseries", "requests": [ { "q": "sum:tigertrust.certificates.days_until_expiry{*} by {common_name}" } ] } } ] }
Alert Monitors
Set up intelligent certificate alerts:
# Certificate Expiration Alert name: "Certificate Expiring Soon" type: metric alert query: | max(last_5m):max:tigertrust.certificates.days_until_expiry{environment:production} by {common_name} < 30 message: | {{#is_warning}} Certificate {{common_name.name}} expires in {{value}} days. {{/is_warning}} {{#is_alert}} URGENT: Certificate {{common_name.name}} expires in {{value}} days! {{/is_alert}} @slack-cert-alerts @pagerduty-oncall options: thresholds: critical: 7 warning: 30
Log Integration
Forward certificate logs to Datadog:
{ "timestamp": "2024-03-15T10:30:00Z", "level": "info", "source": "tigertrust", "service": "certificate-management", "message": "Certificate renewed successfully", "attributes": { "certificate_id": "cert-123", "common_name": "api.example.com", "issuer": "DigiCert", "validity_days": 365, "auto_renewed": true } }
APM Correlation
Correlate certificate issues with application traces:
from ddtrace import tracer @tracer.wrap() def handle_request(request): # TigerTrust adds certificate context to traces span = tracer.current_span() span.set_tag('certificate.common_name', cert.common_name) span.set_tag('certificate.days_until_expiry', cert.days_until_expiry) span.set_tag('certificate.issuer', cert.issuer) # Process request return process(request)
Service Catalog
Register certificate services in Datadog Service Catalog:
schema-version: v2 dd-service: certificate-management team: platform-security contacts: - type: slack contact: "#certificate-alerts" integrations: tigertrust: dashboard-url: https://app.datadoghq.com/dashboard/abc-123
SLO Tracking
Define certificate SLOs:
name: "Certificate Availability SLO" type: metric query: | sum:tigertrust.certificates.valid{environment:production}.as_count() / sum:tigertrust.certificates.total{environment:production}.as_count() target_threshold: 99.9 warning_threshold: 99.95 timeframe: 30d
Achieve complete certificate observability with TigerTrust and Datadog.