Use the following instructions to enable Misconfigurations, Threat Detection, and Vulnerability Management.
Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.
Prerequisites
Datadog Agent version 7.46 or later.
Installation
For a package-based deployment, install the Datadog package with your package manager, and then update the datadog.yaml, security-agent.yaml, and system-probe.yaml files.
/etc/datadog-agent/datadog.yaml
remote_configuration:
## @param enabled - boolean - optional - default: false## Set to true to enable remote configuration. enabled: trueruntime_security_config:
## @param enabled - boolean - optional - default: false## Set to true to enable Threat Detection enabled: truecompliance_config:
## @param enabled - boolean - optional - default: false## Set to true to enable CIS benchmarks for Misconfigurations.# enabled: true host_benchmarks:
enabled: true# Vulnerabilities are evaluated and scanned against your containers and hosts every hour.sbom:
enabled: true# Set to true to enable Container Vulnerability Management container_image:
enabled: true# Set to true to enable Host Vulnerability Management host:
enabled: truecontainer_image:
enabled: true
/etc/datadog-agent/security-agent.yaml
runtime_security_config:
## @param enabled - boolean - optional - default: false## Set to true to enable Threat Detection enabled: truecompliance_config:
## @param enabled - boolean - optional - default: false## Set to true to enable CIS benchmarks for Misconfigurations.# enabled: true host_benchmarks:
enabled: true
By default, Runtime Security is disabled. To enable it, both the security-agent.yaml and system-probe.yaml files need to be updated.
If you use the Agent install script to enable Misconfigurations and Threat Detection, you must manually update the datadog.yaml file to enable host_benchmarks for Misconfigurations, and sbom and container_image for Container Vulnerability Management.