This check monitors Aqua.
The Aqua check will alert the user if total high-severity vulnerability is reached, or if a container is running inside a host not registered by Aqua. Aqua will also send data alerts regarding blocked events in runtime, and it is possible to trigger a webhook to scale infrastructure if more Aqua scanners are required.
The Aqua check is not included in the Datadog Agent package, so you will need to install it yourself.
If you are using Agent v6.8+ follow the instructions below to install the Aqua check on your host. See our dedicated Agent guide for installing community integrations to install checks with the Agent prior to version 6.8 or the Docker Agent:
Clone the integrations-extras repository:
git clone https://github.com/DataDog/integrations-extras.git.
ddev config with the
ddev config set extras ./integrations-extras
To build the
aqua package, run:
ddev -e release build aqua
Run the following command to install the integrations wheel with the Agent:
datadog-agent integration install -w <PATH_OF_AQUA_ARTIFACT>/<AQUA_ARTIFACT_NAME>.whl
Configure your integration like any other packaged integration.
aqua.d/conf.yamlfile in the
conf.d/folder at the root of your Agent’s configuration directory to start collecting your Aqua metrics and logs. See the sample conf.yaml for all available configuration options.
Add this configuration block to your
aqua.d/conf.yaml file to start gathering your Aqua Metrics:
instances: - url: http://your-aqua-instance.com api_user: <api_username> password: <api_user_password>
password parameter values and configure them for your environment.
There are two types of logs generated by Aqua:
To collect Aqua audit logs:
Log ManagementSection of the
<DATADOG_API_KEY>by your Datadog Api Key.
.euin the endpoint.
For the Aqua Enforcer logs: Available for Agent >6.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in your daemonset configuration:
(...) env: (...) - name: DD_LOGS_ENABLED value: "true" - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL value: "true" (...)
Make sure that the Docker socket is mounted to the Datadog Agent as done in this manifest.
Run the Agent’s
status subcommand and look for
aqua under the Checks section.
|The number of images seen by Aqua|
Shown as unit
|The number and categories of vulnerabilities detected by Aqua|
Shown as occurrence
|The number of running containers seen by Aqua|
Shown as container
|The number of audit events per category|
Shown as event
|The number of scan queues per type|
Shown as occurrence
|The number of host enforcers per status|
Shown as host
Returns CRITICAL if the Agent cannot connect to Aqua to collect metrics. Returns OK otherwise.
Aqua does not include any events.
Need help? Contact Datadog support.