This check monitors Aqua .
The Aqua check alerts the user if total high-severity vulnerability is reached, or if a container is running inside a host not registered by Aqua. Aqua also sends data alerts regarding blocked events in runtime, and it is possible to trigger a webhook to scale infrastructure if more Aqua scanners are required.
The Aqua check is not included in the Datadog Agent package, so you need to install it.
For Agent v7.21+ / v6.21+, follow the instructions below to install the Aqua check on your host. See Use Community Integrations to install with the Docker Agent or earlier versions of the Agent.
Run the following command to install the Agent integration:
datadog-agent integration install -t datadog-aqua== <INTEGRATION_VERSION>
Copy
Configure your integration similar to core integrations .
Edit the aqua.d/conf.yaml
file in the conf.d/
folder at the root of your Agent’s configuration directory to start collecting your Aqua metrics . See the sample conf.yaml for all available configuration options.:
instances :
- url : http://your-aqua-instance.com
api_user : "<API_USERNAME>"
password : "<API_USER_PASSWORD>"
Copy
Change the api_user
and password
parameter values and configure them for your environment.
Restart the Agent .
There are two types of logs generated by Aqua:
Aqua audit logs Aqua enforcer logs To collect Aqua audit logs:
Connect to your Aqua account Go to the Log Management
Section of the Integration
Page Activate the Webhook integration Enable it and add the following endpoint: http-intake.logs.datadoghq.com
/v1/input/<DATADOG_API_KEY>?ddsource=aqua
For the Aqua Enforcer logs: Available for Agent >6.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in your daemonset configuration :
# (...)
env :
# (...)
- name : DD_LOGS_ENABLED
value : "true"
- name : DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
value : "true"
# (...)
Copy
Make sure that the Docker socket is mounted to the Datadog Agent. See the Kubernetes documentation for example manifests .
Restart the Agent .
Run the Agent’s status
subcommand and look for aqua
under the Checks section.
aqua.images (gauge)The number of images seen by AquaShown as unit aqua.vulnerabilities (gauge)The number and categories of vulnerabilities detected by AquaShown as occurrence aqua.running_containers (gauge)The number of running containers seen by AquaShown as container aqua.audit.access (gauge)The number of audit events per categoryShown as event aqua.scan_queue (gauge)The number of scan queues per typeShown as occurrence aqua.enforcers (gauge)The number of host enforcers per statusShown as host
Aqua does not include any events.
aqua.can_connect Returns CRITICAL if the Agent cannot connect to Aqua to collect metrics. Returns OK otherwise.Statuses: ok, critical
Need help? Contact Datadog support .