Each OOTB rule maps to one or more controls within a compliance standard or industry benchmark. Datadog OOTB rules currently map to controls and requirements for the following frameworks and benchmarks:
**Some CIS Kubernetes Benchmark detection rules only apply to self-hosted Kubernetes clusters.
Note: Datadog CSPM provides you with visibility into whether your resources are configured in accordance with certain detection rules. Datadog’s OOTB detection rules address various regulatory frameworks, benchmarks, and standards (“Security Posture Frameworks”). Datadog CSPM does not provide an assessment of your actual compliance with any Security Posture Framework, and the OOTB rules may not address all configuration settings that are relevant to the Security Posture Frameworks. To be clear, just because your resources pass the OOTB Rules does not mean that you are meeting all the requirements under any particular Security Posture Framework. Datadog is not providing legal or compliance advice or guidance, and it is recommended that you use Datadog CSPM in consultation with your legal counsel or compliance experts.
On the Rules page, hover over a rule and click on the pencil icon to edit the rule. Under Define search queries, click the Advanced drop down menu to set filtering logic for how the rule scans your environment.
For example, you can remove all resources tagged with
env:staging using the Never trigger a signal when function. Or, limit the scope for a certain rule to resources tagged with
compliance:pci using the Only trigger a signal when function.
From the Rules page, you can add notification targets. The complete list of notification options are:
Set the severity of security posture signals. The dropdown allows you to select an appropriate severity level (INFO, LOW, MEDIUM, HIGH, CRITICAL). In the “Notify” section, configure zero or more notification targets for each rule case.