Setting up CSM Enterprise

Docs > Datadog Security > Cloud Security Management > Setting up Cloud Security Management > Setting up CSM Enterprise

The Cloud Security Management (CSM) Enterprise package includes CSM Threats, CSM Misconfigurations (cloud accounts and Agent), CSM Identity Risks, CSM Vulnerabilities (container images and hosts), and Agentless Scanning (container images and hosts). To learn more about the available CSM packages, see Setting up Cloud Security Management.

Getting started

To enable CSM Enterprise on your infrastructure, complete the following steps:

Enable resource scanning for cloud accounts

To enable resource scanning for your cloud accounts, you must first set up the integration and then enable CSM for each AWS account, Azure subscription, or Google Cloud project. For detailed instructions, see Enable CSM Enterprise for Cloud Accounts.

Set up CloudTrail logs forwarding

Set up AWS CloudTrail logs forwarding to enable CSM Identity Risks and address over-permissive entitlements and risky IAM resources. For detailed instructions, see Enable CSM Enterprise for Cloud Accounts.

Enable CSM Enterprise on the Agent

Select your infrastructure type for details on how to enable CSM Enterprise on the Agent.

Kubernetes

Docker

ECS EC2

Windows

Linux

Further reading

Additional helpful documentation, links, and articles:

Setting up Cloud Security ManagementDOCUMENTATION

Cloud Security Management ThreatsDOCUMENTATION

Cloud Security Management MisconfigurationsDOCUMENTATION

Cloud Security Management Identity RisksDOCUMENTATION

Cloud Security Management VulnerabilitiesDOCUMENTATION

Remote ConfigurationDOCUMENTATION