---
title: Aqua
description: >-
  Full dev-to-prod security solution for containers and cloud native
  applications
breadcrumbs: Docs > Integrations > Aqua
---

# Aqua
Supported OS Integration version1.0.1
## Overview{% #overview %}

This check monitors [Aqua](https://www.aquasec.com).

The Aqua check alerts the user if total high-severity vulnerability is reached, or if a container is running inside a host not registered by Aqua. Aqua also sends data alerts regarding blocked events in runtime, and it is possible to trigger a webhook to scale infrastructure if more Aqua scanners are required.

## Setup{% #setup %}

The Aqua check is not included in the [Datadog Agent](https://app.datadoghq.com/account/settings/agent/latest) package, so you need to install it.

### Installation{% #installation %}

For Agent v7.21+ / v6.21+, follow the instructions below to install the Aqua check on your host. See [Use Community Integrations](https://docs.datadoghq.com/agent/guide/use-community-integrations/) to install with the Docker Agent or earlier versions of the Agent.

1. Run the following command to install the Agent integration:

   ```shell
   datadog-agent integration install -t datadog-aqua==<INTEGRATION_VERSION>
   ```

1. Configure your integration similar to core [integrations](https://docs.datadoghq.com/getting_started/integrations/).

### Configuration{% #configuration %}

#### Metric collection{% #metric-collection %}

1. Edit the `aqua.d/conf.yaml` file in the `conf.d/` folder at the root of your [Agent's configuration directory](https://docs.datadoghq.com/agent/faq/agent-configuration-files/#agent-configuration-directory) to start collecting your Aqua metrics. See the [sample conf.yaml](https://github.com/DataDog/integrations-extras/blob/master/aqua/datadog_checks/aqua/data/conf.yaml.example) for all available configuration options.:

   ```yaml
   instances:
     - url: http://your-aqua-instance.com
       api_user: "<API_USERNAME>"
       password: "<API_USER_PASSWORD>"
   ```

Change the `api_user` and `password` parameter values and configure them for your environment.

1. [Restart the Agent](https://docs.datadoghq.com/agent/faq/agent-commands/#start-stop-restart-the-agent).

#### Log collection{% #log-collection %}

There are two types of logs generated by Aqua:

- Aqua audit logs
- Aqua enforcer logs

To collect Aqua audit logs:

1. Connect to your Aqua account
1. Go to the `Log Management` Section of the `Integration` Page
1. Activate the Webhook integration
1. Enable it and add the following endpoint: `/v1/input/<DATADOG_API_KEY>?ddsource=aqua`
   - Replace `<DATADOG_API_KEY>` by your [Datadog API Key](https://app.datadoghq.com/organization-settings/api-keys).

For the Aqua Enforcer logs: **Available for Agent >6.0**

Collecting logs is disabled by default in the Datadog Agent. Enable it in your [daemonset configuration](https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/#log-collection):

```yaml
  # (...)
  env:
    # (...)
    - name: DD_LOGS_ENABLED
        value: "true"
    - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
        value: "true"
  # (...)
```

Make sure that the Docker socket is mounted to the Datadog Agent. See the Kubernetes documentation for [example manifests](https://docs.datadoghq.com/agent/kubernetes/?tab=daemonset#installation).

[Restart the Agent](https://docs.datadoghq.com/agent/faq/agent-commands/#start-stop-restart-the-agent).

### Validation{% #validation %}

[Run the Agent's `status` subcommand](https://docs.datadoghq.com/agent/guide/agent-commands/#service-status) and look for `aqua` under the Checks section.

## Data Collected{% #data-collected %}

### Metrics{% #metrics %}

|  |
|  |
| **aqua.images**(gauge)              | The number of images seen by Aqua*Shown as unit*                                   |
| **aqua.vulnerabilities**(gauge)     | The number and categories of vulnerabilities detected by Aqua*Shown as occurrence* |
| **aqua.running\_containers**(gauge) | The number of running containers seen by Aqua*Shown as container*                  |
| **aqua.audit.access**(gauge)        | The number of audit events per category*Shown as event*                            |
| **aqua.scan\_queue**(gauge)         | The number of scan queues per type*Shown as occurrence*                            |
| **aqua.enforcers**(gauge)           | The number of host enforcers per status*Shown as host*                             |

### Events{% #events %}

Aqua does not include any events.

### Service Checks{% #service-checks %}

**aqua.can\_connect**

Returns CRITICAL if the Agent cannot connect to Aqua to collect metrics. Returns OK otherwise.

*Statuses: ok, critical*

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).