Setting up Cloud Security Management
To get started with Cloud Security Management (CSM), review the following:
The simplest way to get started with Cloud Security Management is by enabling Agentless Scanning. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent.
To learn more about Agentless Scanning, see Cloud Security Management Agentless Scanning.
For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see Setting up Cloud Security Management on the Agent.
Maximize the benefits of CSM Identity Risks with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out Setting up AWS CloudTrail Logs for Cloud Security Management.
Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see Setting up IaC Scanning for Cloud Security Management.
Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see Setting up IaC Remediation for Cloud Security Management.
Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see Deploying Cloud Security Management via Cloud Integrations.
For information on disabling CSM, see the following:
Additional helpful documentation, links, and articles:
