Datadog provides out-of-the-box (OOTB) detection rules to flag potential misconfigurations and help improve your security posture. OOTB detection rules follow the same conditional logic as all Datadog Security Platform detection rules.
Datadog Cloud Security Posture Management (CSPM) uses the following rule types to validate the configuration of your cloud infrastructure:
Cloud configuration: These detection rules analyze the configuration of resources within your cloud environment. For example, the rule Cloudfront distribution is encrypted evaluates an AWS Cloudfront distribution’s configuration for encrypted status. Customization of a cloud configuration query directly is not supported at this time, but you can customize how you environment is scanned for each rule.
Infrastructure configuration: These detection rules analyze your containers and Kubernetes clusters to find configuration issues, as defined in the popular CIS compliance benchmarks for Docker and Kubernetes. For example, the rule /etc/default/docker file permissions are set to 644 or more restrictively evaluates Docker file permissions running on a host.
These detection rules work with out-of-the-box integration configurations and map to controls within a compliance framework or industry benchmark. When new default configuration detection rules are added, they are automatically imported into your account.
To get started, choose a type of rule based on your environment:
