Despliega Cloud Security con integraciones de la nube

Utiliza las siguientes instrucciones para activar Misconfigurations and Identity Risks (CIEM) en AWS, Azure y GCP.

Activar la exploración de recursos

Para activar el análisis de recursos para tus cuentas en la nube, primero debes configurar la integración y, a continuación, activar Cloud Security para cada cuenta de AWS, Azure y Google Cloud.

Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.

    Set up the Datadog AWS integration

    If you haven’t already, set up the Amazon Web Services integration. You must also enable resource collection by attaching the AWS-managed SecurityAudit Policy to the Datadog IAM role in your AWS account.

    Enable Cloud Security for your AWS accounts

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the AWS section and click the account you want to enable Cloud Security for. A side panel with configuration options for that account opens.
    3. Under Features, beside each feature you want to enable, turn on the Enable toggle.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, under Evaluation Filters, click Limit to Specific Resources. Then, click Add Resource Tags, add key:value tags as required, and click Save. For more information, see Use Filters to Exclude Resources from Evaluation.

    Set up the Datadog Azure integration

    If you haven’t already, set up the Microsoft Azure integration.

    Note: To access the full set of Azure compliance rules—including Identity Risks—you must enable the following permissions for the Microsoft Graph API.

    • AuditLog.Read.All
    • AdministrativeUnit.Read.All
    • Application.Read.All
    • Directory.Read.All
    • Domain.Read.All
    • Group.Read.All
    • Policy.Read.All
    • PrivilegedAssignmentSchedule.Read.AzureADGroup
    • PrivilegedEligibilitySchedule.Read.AzureADGroup
    • RoleManagement.Read.All
    • User.Read.All

    Enable Cloud Security for your Azure subscriptions

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the Azure section.
    3. To enable resource scanning for a subscription, switch the Resource Scanning toggle to the on position.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
    5. Click Done.

    Set up the Datadog Google Cloud Platform integration

    The Datadog Google Cloud Platform integration uses service accounts to create an API connection between Google Cloud and Datadog. To enable metric collection, create a service account, and then provide Datadog with the service account credentials to begin making API calls on your behalf. For step-by-step instructions, see Create your Google Cloud service account.

    Note: Google Cloud billing, the Cloud Monitoring API, the Compute Engine API, and the Cloud Asset API must all be enabled for the projects you wish to monitor.

    Datadog

    1. In Datadog, navigate to the Google Cloud Platform Integration page.
    2. On the Configuration tab, locate the service account and select Upload Private Key File to integrate the project with Datadog.
    3. Upload the JSON file, then click Update Configuration.
    4. To monitor multiple projects, use one of the following methods:
      • Repeat the process above to use multiple service accounts.
      • Use the same service account by updating the project_id in the downloaded JSON file. Then, upload the file to Datadog as described in steps 1-3.

    Enable Cloud Security for your Google Cloud projects

    1. On the Cloud Security Setup page, click Cloud Integrations.
    2. Expand the GCP section.
    3. To enable resource scanning for a project, switch the Resource Scanning toggle to the on position.
    4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the Plus (+) icon under Resource Evaluation Filters (Optional). For more information, see Use Filters to Exclude Resources from Evaluation.
    5. Click Done.

    Desactivar la exploración de recursos

    Puedes acceder a los resultados históricos de los últimos 15 meses incluso si la exploración de recursos está desactivada.
      1. En la page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations > AWS (Integraciones en la nube > AWS).
      2. Si es necesario, utiliza filtros para buscar la cuenta para la que deseas detener el análisis de recursos. Haz clic en la cuenta para abrir el panel lateral que contiene sus parámetros.
      3. En la pestaña Features (Funciones), junto a Posture Management (Gestión de la postura), cambia el conmutador Enable (Activar) a la posición de desactivado.
      1. En la page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations > Azure (Integraciones en la nube > Azure).
      2. Para detener el análisis de recursos para una cuenta, cambia el conmutador Resource Scanning (Análisis de recursos) a la posición de desactivado.
      3. Haz clic en Done (Listo).
      1. En la page (página) Cloud Security Setup (Configuración de Cloud Security), haz clic en Cloud Integrations > GCP (Integraciones en la nube > GCP).
      2. Para detener el análisis de recursos para una cuenta, cambia el conmutador Resource Scanning (Análisis de recursos) a la posición de desactivado.
      3. Haz clic en Done (Listo).