Datadog provides default configuration rules to flag potential misconfigurations to help immediately improve your security posture. Configuration rules follow the same conditional logic as all Datadog Security Platform rules.
Datadog CSPM uses the following rule types to validate the configuration of your cloud infrastructure:
Cloud configuration: These rules analyze the configuration of resources within your cloud environment. For example, the rule Cloudfront distribution is encrypted evaluates an AWS Cloudfront distribution’s configuration for encrypted status. Customization of a cloud configuration query directly is not supported at this time, but you can customize how you environment is scanned for each rule.
Infrastructure configuration: These rules analyze your containers and Kubernetes clusters in order to find configuration issues, as defined in the popular CIS compliance benchmarks for Docker and Kubernetes. For example, the rule /etc/default/docker file permissions are set to 644 or more restrictively evaluates Docker file permissions running on a host.
These rules work with out-of-the-box integration configurations and map to controls within a compliance framework or industry benchmark. When new default configuration rules are added, they are automatically imported into your account.
To get started, choose a type of rule based on your environment: