Cloud Security Management Identity Risks

Cloud Security Management is not supported for your selected Datadog site ().

CSM Identity Risks is in beta.

Cloud Security Management Identity Risks (CSM Identity Risks) provides in-depth visibility into your organization’s IAM risks. It enables you to detect and resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks.

At this time, CSM Identity Risks is available for AWS only.

Setup

To use CSM Identity Risks, you must enable resource collection for AWS and enable CloudTrail logs forwarding. If you’ve already done this, no additional setup is required.

Note: If you’ve enabled Cloud Security Management Misconfigurations for your AWS accounts, you already have cloud resource collection enabled. Similarly, if you use Cloud SIEM, you already have CloudTrail logs forwarding enabled.

Review and remediate identity risks

Review your organization’s active identity risks on the Identity Risks page. Use the Group by options to filter by Identity Risks, Resources, or None (individual identity risks). View additional details on the side panel.

CSM Identity Risks page

On the side panel, you can review the configuration of the resource on the Resource tab.

The Relationships tab shows a a graphical representation of the connections with other resources

Click Fix in AWS to open the AWS console to remediate the identity risk. You can also use the Insights tab to get additional insights about the identity risk (for example, the permissions provisioned on the resource and whether they were used in the last 15 days).

The Insights tab shows a list of permissions provisioned on the resource

Further Reading