Conversation
github-actions
Bot
added
Architecture
Preview links (active after the
|
|
Added an Editorial Review card: DOCS-13727 |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 556cb7b75b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| ### Key capabilities | ||
|
|
||
| Bits AI Security Analyst investigations are autonomous. If a detection rule is enabled, Bits AI autonomously investigates signals associated with it. |
There was a problem hiding this comment.
This overview sentence says any enabled detection rule is investigated, but the setup section below narrows that to eligible rules above the configured severity and notes that some custom rules are not eligible (content/en/bits_ai/bits_ai_security_analyst.md:68-75). Readers who enable a low-severity rule, apply a query filter, or use an ineligible custom rule will expect Bits AI to run and will interpret the missing investigation as a product failure.
Useful? React with 👍 / 👎.
|
|
||
| Bits AI Security Analyst investigations are autonomous. If a detection rule is enabled, Bits AI autonomously investigates signals associated with it. | ||
|
|
||
| In the [Cloud SIEM Signals Explorer][5], you can click the **Bits AI Security Analyst** tab to only show signals that Bits AI investigated. In the Severity column, a Bits AI status displays as Investigating, Benign, or Suspicious. |
There was a problem hiding this comment.
This line documents the list view as showing Investigating, Benign, or Suspicious in the Severity column, but the screenshot added in the same commit shows an Investigated badge alongside the verdict badges. As written, the page tells users to look for a state that the UI does not display, making the instructions inconsistent with the screenshot and harder to follow during triage.
Useful? React with 👍 / 👎.
rtrieu
left a comment
rtrieu
left a comment
There was a problem hiding this comment.
overall a solid PR! left a few suggestions and questions for your consideration.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3cebdc94fe
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| Bits AI Security Analyst investigations are autonomous. If a detection rule is enabled, Bits AI autonomously investigates signals associated with it. | ||
|
|
||
| In the [Cloud SIEM Signals Explorer][5], you can click the **Bits AI Security Analyst** tab to only show signals that Bits AI investigated. In the Severity column, a Bits AI status displays as Investigating, Benign, or Suspicious. |
There was a problem hiding this comment.
Inconclusive investigation outcome
The linked launch blog for this feature (updated December 18, 2025) still describes three Bits AI conclusions: benign, suspicious, and inconclusive. This sentence only documents the benign/suspicious outcomes, so when an investigated signal comes back inconclusive, readers have no matching explanation here and will likely assume the UI is inconsistent or the investigation failed.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
this blog post is outdated and will be updated Monday. We no longer have an inconclusive status.
Statuses will be updated in the future and we'll update docs accordingly.
| Bits AI can run investigations on the following Security log sources: | ||
| - AWS CloudTrail | ||
| - Azure | ||
| - GCP | ||
| - Kubernetes |
There was a problem hiding this comment.
This section currently presents Kubernetes, Microsoft Entra ID, Snowflake, SentinelOne, and Email phishing as supported sources, but the linked Bits AI Security Analyst blog (updated December 18, 2025) still scopes its domain expertise to AWS CloudTrail, Google Cloud, Azure, Google Workspace, M365, Okta, and GitHub. Customers will enable the feature on these extra source types and expect autonomous investigations that the current product docs do not promise.
Useful? React with 👍 / 👎.
* Bits AI Security Analyst docs * Make explorer screenshot more readable * Apply edits * Apply Rosa's edits * Update status wording * Add details on eligibility
4 participants
What does this PR do? What is the motivation?
New documentation for Bits AI Security Analyst.
Merge instructions
Please hold off on merging until I have approval from the PM. Thanks!Got approval over Slack; this can go out anytime!Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
AI assistance
Additional notes