Skip to content

Commit 505fbd1

Browse files
tkellclaudeapiazza-dd
authored
add anthropic compliance logs (#23664)
* [anthropic_compliance_logs] Add new integration tile Adds a new sibling tile to anthropic_usage_and_costs for collecting audit activity events from the Anthropic Compliance API (GET /v1/compliance/activities). Crawler implementation lives in DataDog/crawler-sdk under clients/anthropic_compliance_logs. Assets: - Log pipeline + tests for source:anthropic service:anthropic.compliance (flattens actor, GeoIP + UA enrichment, remaps type to evt.name) - Overview dashboard with auth/admin/API-key lifecycle widgets - Ingestion-stopped log alert monitor - Five Log Explorer saved views (all, auth, API key, admin, org membership) - CODEOWNERS entry under SaaS Integrations Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * no public docs yet * Update names and text * add schema update dataflows * codex feedback * fix dataflow id * update logs tests * update manifest * logs correctnes * fix monitor json * try changing json key order * fix monitors * update logs * fix service names * correct service names in monitor * rm tags from monitors * fix CI as per LLM * rm service tag * fix json * fix dataflow id * fix doc links, queries, pipelines --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Andrea Piazza <andrea.piazza@datadoghq.com>
1 parent 41967b2 commit 505fbd1

17 files changed

Lines changed: 1298 additions & 0 deletions

.github/CODEOWNERS

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi
243243
/adyen/manifest.json @DataDog/saas-integrations @DataDog/documentation
244244
/adyen/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-integrations-reviewers
245245

246+
/anthropic_compliance_logs/ @DataDog/saas-integrations
247+
/anthropic_compliance_logs/*.md @DataDog/saas-integrations @DataDog/documentation
248+
/anthropic_compliance_logs/manifest.json @DataDog/saas-integrations @DataDog/documentation
249+
/anthropic_compliance_logs/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-integrations-reviewers
250+
246251
/authorize_net/ @DataDog/saas-integrations
247252
/authorize_net/*.md @DataDog/saas-integrations @DataDog/documentation
248253
/authorize_net/manifest.json @DataDog/saas-integrations @DataDog/documentation

.github/workflows/config/labeler.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,10 @@ integration/anthropic:
101101
- changed-files:
102102
- any-glob-to-any-file:
103103
- anthropic/**/*
104+
integration/anthropic_compliance_logs:
105+
- changed-files:
106+
- any-glob-to-any-file:
107+
- anthropic_compliance_logs/**/*
104108
integration/anthropic_usage_and_costs:
105109
- changed-files:
106110
- any-glob-to-any-file:
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# CHANGELOG - Anthropic Compliance Logs
2+
3+
## 1.0.0 / 2026-05-13
4+
5+
***Added***:
6+
7+
* Initial Release
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# Anthropic Compliance
2+
3+
## Overview
4+
5+
Datadog's Anthropic Compliance integration ingests audit activity logs from Anthropic's [Compliance API][1]. With this integration, security and compliance teams can:
6+
7+
- **Monitor SSO sign-ins and authentication events** across your organization
8+
- **Track API key lifecycle** (creation, deletion, scope updates) for Admin, Platform, and Scoped API keys
9+
- **Audit Anthropic Console activity** including member invites, role changes, and workspace updates
10+
- **Investigate Claude usage** at the audit level (chat views, project access, file operations)
11+
- **Detect security-sensitive events** with the included Cloud SIEM detection rules
12+
13+
The Compliance API is available to Anthropic Enterprise plan customers with the Compliance API enabled in their organization settings.
14+
15+
## Setup
16+
17+
### Prerequisites
18+
19+
- An Anthropic **Enterprise plan** subscription
20+
- **Compliance API enabled** in Anthropic Organization settings under **Data and privacy**
21+
- An **Admin API key** (prefix `sk-ant-admin01-`) with the `read:compliance_activities` scope, or a dedicated **Compliance Access key** (prefix `sk-ant-api01-`)
22+
23+
### 1. Enable the Compliance API in Anthropic
24+
25+
1. Log in to the Anthropic Console as a Primary Owner.
26+
2. Navigate to **Organization settings -> Data and privacy**.
27+
3. Find the **Compliance API** section and click **Enable**.
28+
29+
### 2. Generate or locate an Admin API key
30+
31+
1. Navigate to **Organization settings -> API keys**.
32+
2. Generate a new Admin API key, or use the existing key already configured for the [Anthropic Usage and Costs][2] integration (the same key is reused).
33+
3. Copy the key to a secure location.
34+
35+
### 3. Configure the Datadog integration
36+
37+
1. In Datadog, go to [**Integrations -> Anthropic Compliance**](https://app.datadoghq.com/integrations?integrationId=anthropic-compliance-logs).
38+
2. In the configuration panel, paste your **Admin API Key**.
39+
3. Click **Save Configuration**.
40+
41+
### 4. Validate
42+
43+
1. Wait up to 5 minutes for the first crawl.
44+
2. Open [Log Explorer][3] and filter on `source:anthropic-compliance-logs`.
45+
3. Confirm logs appear with `evt.name` values such as `claude_chat_viewed`, `admin_api_key_created`, or `user_signed_in_sso`.
46+
47+
## Data Collected
48+
49+
### Logs
50+
51+
The integration collects audit activity logs from `GET /v1/compliance/activities`. Each log includes:
52+
53+
- A timestamp (`created_at`) with microsecond precision
54+
- An actor (user, API key, SCIM, or system) with email, user ID, IP address, and User-Agent when applicable
55+
- An activity `type` such as `user_signed_in_sso`, `admin_api_key_created`, `org_user_invite_accepted`, or `claude_chat_viewed` (150+ activity types across 35+ categories)
56+
- Organization and workspace context
57+
58+
Logs are tagged `source:anthropic-compliance-logs` and processed by a Datadog log pipeline that flattens the actor object into standard `usr.*` and `network.client.*` attributes and enriches the source IP with GeoIP and the User-Agent string.
59+
60+
### Metrics
61+
62+
Anthropic Compliance does not include any metrics.
63+
64+
### Service Checks
65+
66+
Anthropic Compliance does not include any service checks.
67+
68+
### Events
69+
70+
Anthropic Compliance does not include any events.
71+
72+
## Troubleshooting
73+
74+
- **No logs after 10 minutes**: Verify the Compliance API is enabled in Anthropic Organization settings under Data and privacy.
75+
- **HTTP 403**: Confirm the Compliance API is enabled and that the Admin API key has the `read:compliance_activities` scope.
76+
- **Enterprise gate**: The Compliance API is only available on the Enterprise plan.
77+
78+
Need help? Contact [Datadog support][4].
79+
80+
[1]: https://platform.claude.com/docs/en/api/compliance
81+
[2]: https://app.datadoghq.com/integrations?integrationId=anthropic-usage-and-costs
82+
[3]: https://app.datadoghq.com/logs?query=source%3Aanthropic-compliance-logs
83+
[4]: https://docs.datadoghq.com/help/
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"supported_auth_methods": [],
3+
"additional_config_fields": [
4+
{
5+
"type": "password",
6+
"key": "api_key",
7+
"label": "Admin API key",
8+
"help": "An Anthropic Admin API key with permission to read compliance logs. Generate one in the Anthropic Console under Settings > Admin Keys.",
9+
"editable": true,
10+
"required": true
11+
}
12+
],
13+
"dataflow_config": [
14+
{
15+
"dataflow_id": "anthropic-compliance-logs",
16+
"additional_config_fields": []
17+
}
18+
]
19+
}

0 commit comments

Comments
 (0)