Setting up Cloud Security Management on ECS EC2
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Use the following instructions to enable Misconfigurations, Threat Detection, and Vulnerability Management.
Collecting events using Cloud Security Management will affect your billing. For more information, see
Datadog Pricing.
Prerequisites
- Datadog Agent version
7.46
or later.
Installation
Add the following environment variables to your datadog-agent
container definition:
{
"containerDefinitions": [
{
"name": "datadog-agent",
...
"mountPoints": [
{
"sourceVolume": "docker_sock",
"containerPath": "/var/run/docker.sock",
"readOnly": true
},
{
"sourceVolume": "proc",
"containerPath": "/host/proc/",
"readOnly": true
},
{
"sourceVolume": "cgroup",
"containerPath": "/host/sys/fs/cgroup",
"readOnly": true
},
{
"sourceVolume": "passwd",
"containerPath": "/etc/passwd",
"readOnly": true
},
{
"sourceVolume": "os_release",
"containerPath": "/host/etc/os-release",
"readOnly": true
},
{
"sourceVolume": "kernel_debug",
"containerPath": "/sys/kernel/debug"
},
{
"sourceVolume": "root",
"containerPath": "/host/root",
"readOnly": true
}
],
...
"environment": [
...
{
"name": "DD_COMPLIANCE_CONFIG_ENABLED",
"value": "true"
},
{
"name": "DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED",
"value": "true"
},
{
"name": "DD_RUNTIME_SECURITY_CONFIG_ENABLED",
"value": "true"
},
{
"name": "DD_SYSTEM_PROBE_ENABLED",
"value": "true"
},
{
"name": "DD_RUNTIME_SECURITY_CONFIG_REMOTE_CONFIGURATION_ENABLED",
"value": "true"
},
{
"name": "DD_SBOM_ENABLED",
"value": "true"
},
{
"name": "DD_SBOM_CONTAINER_IMAGE_ENABLED",
"value": "true"
},
{
"name": "DD_CONTAINER_IMAGE_ENABLED",
"value": "true"
},
{
"name": "DD_SBOM_HOST_ENABLED",
"value": "true"
}
]
}
],
...
"volumes": [
{
"name": "docker_sock",
"host": {
"sourcePath": "/var/run/docker.sock"
}
},
{
"name": "proc",
"host": {
"sourcePath": "/proc/"
}
},
{
"name": "cgroup",
"host": {
"sourcePath": "/sys/fs/cgroup/"
}
},
{
"name": "passwd",
"host": {
"sourcePath": "/etc/passwd"
}
},
{
"name": "os_release",
"host": {
"sourcePath": "/etc/os-release"
}
},
{
"name": "kernel_debug",
"host": {
"sourcePath": "/sys/kernel/debug"
}
},
{
"name": "root",
"host": {
"sourcePath": "/"
}
}
],
"linuxParameters": {
"capabilities": {
"add": [
"SYS_ADMIN",
"SYS_RESOURCE",
"SYS_PTRACE",
"NET_ADMIN",
"NET_BROADCAST",
"NET_RAW",
"IPC_LOCK",
"CHOWN"
]
}
},
"requiresCompatibilities": [
"EC2"
]
}
If the Agent fails to extract the SBOM from the container image, increase the Agent memory in the container definition:
{
"containerDefinitions": [
{
"name": "datadog-agent",
"memory": 256,
...
}
]
...
}