- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
To get started with Cloud Security Management (CSM), review the following:
The simplest way to get started with Cloud Security Management is by enabling Agentless Scanning. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent.
To learn more about Agentless Scanning, see Cloud Security Management Agentless Scanning.
For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see Setting up Cloud Security Management on the Agent.
Feature | Agentless | Agentless + Agent-based deployment |
---|---|---|
CSM Identity Risks | Yes | Yes |
CSM Misconfigurations | Yes | Yes |
Host benchmarks | No | Yes |
CSM Vulnerabilities | Yes | Yes |
Vulnerability prioritization | Yes | Yes, with runtime context |
Vulnerability update frequency | 12 hours | Real time |
CSM Threats | No | Yes |
Threat detection | No | Yes |
Security Inbox | Yes | Yes, with more accurate insights |
AWS CloudTrail Logs allows you to get the most out of CSM Identity Risks. With AWS CloudTrail Logs, you gain additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. For more information, see Setting up AWS CloudTrail Logs for Cloud Security Management.
With Infrastructure as Code (IaC) remediation, you can use Terraform to open a pull request in GitHub, applying code changes that fix a misconfiguration or identity risk. For more information, see Setting up IaC Remediation for Cloud Security Management.
Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see Deploying Cloud Security Management via Cloud Integrations.
For information on disabling CSM, see the following: