Datadog Observability Pipelines now supports centralized log enrichment using Reference Tables that dynamically sync with external data sources like Snowflake, ServiceNow CMDB, Salesforce, Databricks, and cloud storage (S3, Azure Blob, GCS). The Enrichment Table processor attaches fresh metadata to logs before routing them to SIEMs or data lakes, eliminating duplicate lookups in downstream tools. The workflow supports rehydrating archived logs with current context for threat investigations, and enables smart conditional routing based on enriched attributes such as threat classifications or customer tiers, reducing noise in expensive tools like Microsoft Sentinel or CrowdStrike.
Table of contents
Centrally enrich logs with data stored in Reference TablesApply fresh context to data during threat investigationsProcess and conditionally route enriched data to your downstream logging tool, SIEM, or data lakeStart enriching your logs with Observability PipelinesSort: