Cloud Security Management Vulnerabilities
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Cloud Security Management Vulnerabilities is not supported for your selected
Datadog site (
).
Overview
Cloud Security Management Vulnerabilities (CSM Vulnerabilities) helps you proactively secure your cloud infrastructure by detecting, prioritizing, and managing vulnerabilities across your container images and hosts. It leverages deep observability context and industry insights to help you remediate vulnerabilities that are most important to you at a given point in time.
Note: If you’re looking for vulnerability management for your application libraries and custom application code, see Software Composition Analysis.
Explore vulnerabilities
The Vulnerabilities Explorer shows a complete list of vulnerabilities detected across your infrastructure, ordering them based on their severity, offering grouping, filtering, and triaging capabilities so you can investigate, assign, and remediate problems.
Select a specific vulnerability to see its details, including which containers and hosts are affected, severity breakdown score, and recommended remediation steps.
The severity of a vulnerability is modified from the base score to take into account the following:
- Whether the underlying infrastructure is running and how wide-spread the impact is.
- The environment in which the underlying infrastructure is running. For example, if the environment is not production, the severity is downgraded.
- Whether there is an active exploit for a given vulnerability from sources such as CISA KEV catalog.
You can also view vulnerabilities in your container images on the container images page. Sort by source, image tag, repo digest, and more. View additional details about any vulnerability by clicking the container image and reviewing the Vulnerabilities tab.
On the details explorer, you can also view impacted resources in CSM to gain better insights to your overall risk.
All vulnerabilities include a collection of links and references to websites or information sources that help you understand the context behind each vulnerability.
The Vulnerabilities Explorer also offers triaging options for detected vulnerabilities that enable you to change the status of a vulnerability, and assign it to individual members for remediation and tracking.
Note: To help you focus on the vulnerabilities that truly matter, vulnerabilities are auto-closed for infrastructure that is either no longer running, or contains the remediated fixed version of the previously-vulnerable package.
Explore infrastructure packages
The Infrastructure Packages Catalog provides a real-time inventory of all packages across hosts, host images, and container images deployed in your infrastructure. It offers an interface you can use to investigate your SBOMs, enriched with vulnerability and runtime context.
Quickly assess the impact of a critical emerging vulnerability by searching for affected package versions and identifying all of the resources that use it.
Video walkthrough
The following video provides an overview of how to enable and use CSM Vulnerabilities:
Further reading