Despliegue Cloud Security con integraciones de la nube

Utiliza las siguientes instrucciones para activar Misconfigurations and Identity Risks (CIEM) en AWS, Azure y GCP.

Activar la exploración de recursos

Para activar la exploración de recursos para tus cuentas en la nube, primero debes configurar la integración y luego activar Cloud Security para cada cuenta de AWS, suscripción de Azure y proyecto de Google Cloud.

Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.

    Set up the Datadog AWS integration

    If you haven’t already, set up the Amazon Web Services integration. You must also enable resource collection by attaching the AWS-managed SecurityAudit Policy to the Datadog IAM role in your AWS account.

    Enable Cloud Security for your AWS accounts

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the AWS section and click the account you want to enable Cloud Security for. A side panel with configuration options for that account opens.
    3. Under Features, beside each feature you want to enable, turn on the Enable toggle.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, under Evaluation Filters, click Limit to Specific Resources. Then, click Add Resource Tags, add key:value tags as required, and click Save. For more information, see Use Filters to Exclude Resources from Evaluation.

    Set up the Datadog Azure integration

    If you haven’t already, set up the Microsoft Azure integration.

    Note: To access the full set of Azure compliance rules—including Identity Risks—you must enable the following permissions for the Microsoft Graph API.

    • AuditLog.Read.All
    • AdministrativeUnit.Read.All
    • Application.Read.All
    • Directory.Read.All
    • Domain.Read.All
    • Group.Read.All
    • Policy.Read.All
    • PrivilegedAssignmentSchedule.Read.AzureADGroup
    • PrivilegedEligibilitySchedule.Read.AzureADGroup
    • RoleManagement.Read.All
    • User.Read.All

    Enable Cloud Security for your Azure subscriptions

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the Azure section.
    3. To enable resource scanning for a subscription, switch the Resource Scanning toggle to the on position.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
    5. Click Done.

    Set up the Datadog Google Cloud Platform integration

    The Datadog Google Cloud Platform integration uses service accounts to create an API connection between Google Cloud and Datadog. To enable metric collection, create a service account, and then provide Datadog with the service account credentials to begin making API calls on your behalf. For step-by-step instructions, see Create your Google Cloud service account.

    Note: Google Cloud billing, the Cloud Monitoring API, the Compute Engine API, and the Cloud Asset API must all be enabled for the projects you wish to monitor.

    Datadog

    1. In Datadog, navigate to the Google Cloud Platform Integration page.
    2. On the Configuration tab, locate the service account and select Upload Private Key File to integrate the project with Datadog.
    3. Upload the JSON file, then click Update Configuration.
    4. To monitor multiple projects, use one of the following methods:
      • Repeat the process above to use multiple service accounts.
      • Use the same service account by updating the project_id in the downloaded JSON file. Then, upload the file to Datadog as described in steps 1-3.

    Enable Cloud Security for your Google Cloud projects

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the GCP section.
    3. To enable resource scanning for a project, switch the Resource Scanning toggle to the on position.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
    5. Click Done.

    Desactivar la exploración de recursos

    Puedes acceder a los resultados históricos de los últimos 15 meses incluso si la exploración de recursos está desactivada.
      1. En la page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations (Integraciones en la nube).
      2. Amplía la sección AWS.
      3. Para detener la recopilación de recursos para una cuenta, haz clic en el botón Edit (Editar) () y cambia la alternancia Enable Resource Scanning (Activar Exploración de recursos) a la posición desactivada.
      4. Haz clic en Done (Listo).
      1. En la Page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations (integraciones en la nube).
      2. Amplía la sección Azure.
      3. Para detener la recopilación de recursos para una suscripción, cambia a alternancia Resource Scanning (Exploración de recursos) a la posición desactivada.
      4. Haz clic en Done (Listo).
      1. En la page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations (Integraciones en la nube).
      2. Amplía la sección GCP.
      3. Para detener la recopilación de recursos para un proyecto, cambie la alternancia Resource Scanning (Exploración de recursos) a la posición desactivada.
      4. Haz clic en Done (Listo).