- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Use the following instructions to enable Misconfigurations, Threat Detection, and Vulnerability Management.
7.46
or later.For a package-based deployment, install the Datadog package with your package manager, and then update the datadog.yaml
, security-agent.yaml
, and system-probe.yaml
files.
/etc/datadog-agent/datadog.yaml
remote_configuration:
## @param enabled - boolean - optional - default: false
## Set to true to enable remote configuration.
enabled: true
runtime_security_config:
## @param enabled - boolean - optional - default: false
## Set to true to enable Threat Detection
enabled: true
compliance_config:
## @param enabled - boolean - optional - default: false
## Set to true to enable CIS benchmarks for Misconfigurations.
#
enabled: true
host_benchmarks:
enabled: true
# Vulnerabilities are evaluated and scanned against your containers and hosts every hour.
sbom:
enabled: true
# Set to true to enable Container Vulnerability Management
container_image:
enabled: true
# Set to true to enable Host Vulnerability Management
host:
enabled: true
/etc/datadog-agent/security-agent.yaml
runtime_security_config:
## @param enabled - boolean - optional - default: false
## Set to true to enable Threat Detection
enabled: true
compliance_config:
## @param enabled - boolean - optional - default: false
## Set to true to enable CIS benchmarks for Misconfigurations.
#
enabled: true
host_benchmarks:
enabled: true
/etc/datadog-agent/system-probe.yaml
runtime_security_config:
## @param enabled - boolean - optional - default: false
## Set to true to enable Threat Detection
enabled: true
remote_configuration:
## @param enabled - boolean - optional - default: false
enabled: true
Notes:
You can also use the following Agent install script to automatically enable Misconfigurations and Threat Detection:
DD_COMPLIANCE_CONFIG_ENABLED=true DD_RUNTIME_SECURITY_CONFIG_ENABLED=true DD_API_KEY=<DATADOG_API_KEY> DD_SITE="datadoghq.com" bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
By default, Runtime Security is disabled. To enable it, both the security-agent.yaml
and system-probe.yaml
files need to be updated.
If you use the Agent install script to enable Misconfigurations and Threat Detection, you must manually update the datadog.yaml
file to enable host_benchmarks
for Misconfigurations, and sbom
and container_image
for Container Vulnerability Management.
sudo cp /etc/datadog-agent/system-probe.yaml.example /etc/datadog-agent/system-probe.yaml
sudo cp /etc/datadog-agent/security-agent.yaml.example /etc/datadog-agent/security-agent.yaml
sudo chmod 640 /etc/datadog-agent/system-probe.yaml /etc/datadog-agent/security-agent.yaml
sudo chgrp dd-agent /etc/datadog-agent/system-probe.yaml /etc/datadog-agent/security-agent.yaml