Frameworks and Industry Benchmarks

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Cloud Security Posture Management is not currently available in this site.

Set a findings time window using the dropdown

Overview

Each OOTB rule maps to one or more controls within a compliance standard or industry benchmark. Datadog OOTB rules currently map to controls and requirements for the following frameworks and benchmarks:

*To pass the Monitoring Section of the CIS AWS Foundations benchmark, you must enable Cloud SIEM and forward Cloudtrail logs to Datadog.

**Some CIS Kubernetes Benchmark detection rules only apply to self-hosted Kubernetes clusters.

Note: Datadog CSPM provides you with visibility into whether your resources are configured in accordance with certain detection rules. Datadog’s OOTB detection rules address various regulatory frameworks, benchmarks, and standards (“Security Posture Frameworks”). Datadog CSPM does not provide an assessment of your actual compliance with any Security Posture Framework, and the OOTB rules may not address all configuration settings that are relevant to the Security Posture Frameworks. To be clear, just because your resources pass the OOTB Rules does not mean that you are meeting all the requirements under any particular Security Posture Framework. Datadog is not providing legal or compliance advice or guidance, and it is recommended that you use Datadog CSPM in consultation with your legal counsel or compliance experts.

Customize how your environment is scanned by each rule

On the Rules page, hover over a rule and click on the pencil icon to edit the rule. Under Define search queries, click the Advanced drop down menu to set filtering logic for how the rule scans your environment.

For example, you can remove all resources tagged with env:staging using the Never trigger a signal when function. Or, limit the scope for a certain rule to resources tagged with compliance:pci using the Only trigger a signal when function.

In the Datadog app, select Advanced to populate Never trigger a signal when, and add a query.

Set notification targets for detection rules

From the Rules page, you can add notification targets. The complete list of notification options are:

Set the severity of security posture signals. The dropdown allows you to select an appropriate severity level (INFO, LOW, MEDIUM, HIGH, CRITICAL). In the “Notify” section, configure zero or more notification targets for each rule case.

Select a severity and notification target

Further reading