Overview

To get started with Cloud Security, review the following:

• Overview
• Enable Agentless Scanning
• Deploy the Agent for additional coverage
• Enable additional features
  • AWS CloudTrail Logs
  • Deploy via cloud integrations
• Disable Cloud Security
• Further reading

Enable Agentless Scanning

The simplest way to get started with Cloud Security is by enabling Agentless Scanning. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent.

To learn more about Agentless Scanning, see Cloud Security Agentless Scanning.

Deploy the Agent for additional coverage

For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see Setting up Cloud Security on the Agent.

Enable additional features

AWS CloudTrail Logs

Maximize the benefits of Cloud Security Identity Risks with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out Setting up AWS CloudTrail Logs for Cloud Security.

Deploy via cloud integrations

Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see Deploying Cloud Security via Cloud Integrations.

Disable Cloud Security

For information on disabling Cloud Security, see the following:

• Disable Cloud Security Vulnerabilities

Further reading

Additional helpful documentation, links, and articles:

Supported Deployment TypesDOCUMENTATION AWS Fargate Configuration Guide for Datadog SecurityDOCUMENTATION Cloud Security Agent VariablesGUIDE