Setting Up Cloud Security Management

Cloud Security Management is not supported for your selected Datadog site ().

Cloud Security Management offerings are now available in three separate packages: CSM Enterprise, CSM Pro, and CSM Workload Security. For more information, see Changes to Datadog Cloud Security Management.

Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation.

You can enable features that aren’t included in your package at any time by following the instructions on the CSM Setup page.

CSM is available in three packages: CSM Enterprise, CSM Pro, and CSM Workload Security. Each package includes access to a specific set of features, as shown in the following table:

PackageFeatures
CSM Enterprise
CSM Pro
CSM Workload Security

Prerequisites

CSM Enterprise requires Datadog Agent 7.46 or later. Additionally, see the following requirements for CSM Threats and CSM Vulnerabilities:

CSM Threats

CSM Threats supports the following Linux distributions:

  • Ubuntu LTS (18.04, 20.04, and 22.04)
  • Debian 10 or later
  • Amazon Linux 2 (kernels 4.15, 5.4, and 5.10) and 2023
  • SUSE Linux Enterprise Server 12 and 15
  • Red Hat Enterprise Linux 7, 8, and 9
  • Oracle Linux 7, 8, and 9
  • CentOS 7
  • Custom kernel builds are not supported.

Notes:

  • For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the Troubleshooting page.
  • Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported.

CSM Vulnerabilities

  • Helm Chart v3.33.6 or later (Kubernetes only).
  • containerd v1.5.6 or later (Kubernetes and hosts only).

Note: CSM Vulnerabilities is not available for CRI-O runtime.

CSM Identity Risks

Note: At this time, CSM Identity Risks is available for AWS only.

To use CSM Identity Risks, you must enable resource collection for AWS. If you’ve already done this, no additional setup is required.

Notes:

CSM Pro requires Datadog Agent 7.46 or later. Additionally, see the following requirements for CSM Vulnerabilities:

  • Helm Chart v3.33.6 or later (Kubernetes only).
  • containerd v1.5.6 or later (Kubernetes and hosts only).

Note: CSM Vulnerabilities is not available for CRI-O runtime.

  • Datadog Agent 7.46 or later.
  • CSM Threats supports the following Linux distributions:
    • Ubuntu LTS (18.04, 20.04, and 22.04)
    • Debian 10 or later
    • Amazon Linux 2 (kernels 4.15, 5.4, and 5.10) and 2023
    • SUSE Linux Enterprise Server 12 and 15
    • Red Hat Enterprise Linux 7, 8, and 9
    • Oracle Linux 7, 8, and 9
    • CentOS 7
    • Custom kernel builds are not supported.

Notes:

  • Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported.
  • For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the Troubleshooting page.

Next steps

To get started setting up CSM, navigate to the Security > Setup section in Datadog, which has detailed steps on how to set up and configure CSM. For detailed instructions, see the CSM Enterprise, CSM Pro, and CSM Workload Security setup docs.

Further Reading