diff --git a/tools/sigma/backends/datadog.py b/tools/sigma/backends/datadog.py
new file mode 100644
index 000000000..51e051ddd
--- /dev/null
+++ b/tools/sigma/backends/datadog.py
@@ -0,0 +1,13 @@
+from sigma.backends.base import SingleTextQueryBackend
+
+
+class DatadogBackend(SingleTextQueryBackend):
+    identifier = "datadog"  # TODO: more specific?
+    active = True
+    config_required = False
+
+    andToken = " AND "
+    orToken = " OR "
+    notToken = "-"
+    subExpression = "(%s)"
+    mapExpression = "%s:%s"