- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Use the following instructions to enable Threat Detection on Windows.
Datadog Cloud Security Management on Windows includes built-in threat detection for Windows process and network events. The out-of-the-box Windows ruleset includes the following default rules:
Note: Windows containerized workloads are not supported.
.msi
file and select Run as administrator.It can take up to 15 minutes to complete the installation. In certain cases, Microsoft Defender may cause slow installation progress. When the install finishes, you are given the option to launch the Datadog Agent Manager.
C:\ProgramData
, which is a hidden folder.C:
drive. The transparent icon indicates it is a hidden folder.C:\ProgramData\Datadog\system-probe.yaml
, set the runtime_security_config
flag:runtime_security_config:
enabled: true
C:\ProgramData\Datadog\security-agent.yaml
, set the runtime_security_config
flag:runtime_security_config:
enabled: true
When you enable CSM on Windows, the Agent sends a log to Datadog to confirm that the Windows default ruleset has been successfully deployed. To view the log, navigate to the Logs page in Datadog and search for @agent.rule_id:ruleset_loaded
.
Another method to verify that the Agent is sending events to CSM is to manually trigger a Windows security signal.
schtasks /create /?
.To get alerts whenever a Windows signal is created, create a Notification Rule that focuses on the host
tag specifically for configured Windows hosts.
C:\ProgramData
, which is a hidden folder.C:
drive. The transparent icon indicates it is a hidden folder.C:\ProgramData\Datadog\system-probe.yaml
, set the fim_enabled
flag:runtime_security_config:
fim_enabled: true
C:\ProgramData\Datadog\security-agent.yaml
, set the fim_enabled
flag:runtime_security_config:
fim_enabled: true