- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Use the following instructions to enable Misconfigurations, Threat Detection, and Vulnerability Management.
Add the following to the spec
section of the datadog-agent.yaml
file:
# datadog-agent.yaml file
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
features:
remoteConfiguration:
enabled: true
# Enables Threat Detection
cws:
enabled: true
# Enables Misconfigurations
cspm:
enabled: true
hostBenchmarks:
enabled: true
# Enables the image metadata collection and Software Bill of Materials (SBOM) collection
sbom:
enabled: true
# Enables Container Vulnerability Management
# Image collection is enabled by default with Datadog Operator version `>= 1.3.0`
containerImage:
enabled: true
# Uncomment the following line if you are using Google Kubernetes Engine (GKE) or Amazon Elastic Kubernetes (EKS)
# uncompressedLayersSupport: true
# Enables Host Vulnerability Management
host:
enabled: true
Apply the changes and restart the Agent.
Add the following to the datadog
section of the datadog-values.yaml
file:
# datadog-values.yaml file
datadog:
remoteConfiguration:
enabled: true
securityAgent:
# Enables Threat Detection
runtime:
enabled: true
# Enables Misconfigurations
compliance:
enabled: true
host_benchmarks:
enabled: true
sbom:
containerImage:
enabled: true
# Uncomment the following line if you are using Google Kubernetes Engine (GKE) or Amazon Elastic Kubernetes (EKS)
# uncompressedLayersSupport: true
# Enables Host Vulnerability Management
host:
enabled: true
# Enables Container Vulnerability Management
# Image collection is enabled by default with Datadog Helm version `>= 3.46.0`
# containerImageCollection:
# enabled: true
Restart the Agent.
Add the following settings to the env
section of security-agent
and system-probe
in the daemonset.yaml
file:
# Source: datadog/templates/daemonset.yaml
apiVersion:app/1
kind: DaemonSet
[...]
spec:
[...]
spec:
[...]
containers:
[...]
- name: agent
[...]
env:
- name: DD_REMOTE_CONFIGURATION_ENABLED
value: "true"
- name: system-probe
[...]
env:
- name: DD_RUNTIME_SECURITY_CONFIG_ENABLED
value: "true"
- name: DD_RUNTIME_SECURITY_CONFIG_REMOTE_CONFIGURATION_ENABLED
value: "true"
- name: DD_COMPLIANCE_CONFIG_ENABLED
value: "true"
- name: DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED
value: "true"
- name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT
value: "true"
[...]