Cloud Security Management Threats

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Cloud Security Management is not supported for your selected Datadog site ().

Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads.

Detect threats to your production workloads in real-time

Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine CSM Threats with Network Performance Monitoring and detect suspicious activity at the network level before a workload is compromised.

CSM Threats uses the Datadog Agent to monitor your environment. If you don’t already have the Datadog Agent set up, start with setting up the Agent on a supported operating system. There are four types of monitoring that the Datadog Agent uses for CSM Threats:

  1. Process Execution Monitoring to watch process executions for malicious activity on hosts or containers in real-time.
  2. File Integrity Monitoring to watch for changes to key files and directories on hosts or containers in real-time.
  3. DNS Activity Monitoring to watch network traffic for malicious activity on hosts and containers in real-time.
  4. Kernel Activity Monitoring to watch for kernel-layer attacks like process hijacking, container breakouts, and more in real-time.
The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate

Manage out-of-the-box and custom detection rules

CSM Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior.

Use Remote Configuration to automatically deploy new and updated rules to the Agent. Customize the rules by defining how each rule monitors process, network, and file activity, create custom rules, and set up real-time notifications for new signals.

CSM Threats detection rules in the Datadog app

Set up real-time notifications

Send real-time notifications when a threat is detected in your environment, so that your teams can take action to mitigate the risk. Notifications can be sent to Slack, email, PagerDuty, webhooks, and more.

Use template variables and Markdown to customize notification messages. Edit, disable, and delete existing notification rules, or create new rules and define custom logic for when a notification is triggered based on severity and rule type.

Investigate and remediate security signals

Investigate and triage security signals in the Signals Explorer. View detailed information about the impacted files or processes, related signals and logs, and remediation steps.

CSM Signals Explorer page

Get started