Frameworks and Industry Benchmarks
Cloud Security Posture Management is not currently available in this site.
Each OOTB rule maps to one or more controls within a compliance standard or industry benchmark. Datadog OOTB rules currently map to controls and requirements for the following frameworks and benchmarks:
*To pass the Monitoring Section of the CIS AWS Foundations benchmark, you must enable Cloud SIEM and forward Cloudtrail logs to Datadog.
**Some CIS Kubernetes Benchmark rules only apply to self-hosted Kubernetes clusters.
Note: Datadog CSPM provides you with visibility into whether your resources are configured in accordance with certain rules. Datadog’s OOTB rules address various regulatory frameworks, benchmarks, and standards (“Security Posture Frameworks”). Datadog CSPM does not provide an assessment of your actual compliance with any Security Posture Framework, and the OOTB Rules may not address all configuration settings that are relevant to the Security Posture Frameworks. To be clear, just because your resources pass the OOTB Rules does not mean that you are meeting all the requirements under any particular Security Posture Framework. Datadog is not providing legal or compliance advice or guidance, and it is recommended that you use Datadog CSPM in consultation with your legal counsel or compliance experts.
Customize how your environment is scanned by each rule
On the Rules page, hover over a rule and click on the pencil icon to edit the rule. Under Define search queries, click the Advanced drop down menu to set filtering logic for how the rule scans your environment.
For example, you can remove all resources tagged with
env:staging using the Never trigger a signal when function. Or, limit the scope for a certain rule to resources tagged with
compliance:pci using the Only trigger a signal when function.
Set notification targets for rules
From the Rules page, you can add notification targets. The complete list of notification options are:
Set the severity of security posture signals. The dropdown allows you to select an appropriate severity level (INFO, LOW, MEDIUM, HIGH, CRITICAL).
In the “Notify” section, configure zero or more notification targets for each rule case.
Additional helpful documentation, links, and articles: