Setting up Workload Protection
To get started with Workload Protection, use the Workload Protection Get Started steps in your Datadog account.
Activating Workload Protection requires the Org Management
permission.
Remote configuration
You can enable Remote Configuration for Workload Protection.
Remote Configuration can be used to:
- Automatically stay up to date on the latest security detections
- Block attackers and attacks
Remote Configuration can be set up using the Workload Protection Get Started steps in your Datadog account.
To enable Remote Configuration, ask your admin for the API Keys Write permission.
Agent setup options for Workload Protection
Workload Protection supports Agent-based-only deployments.
Supported deployment types
The following table summarizes Workload Protection relative to deployment types.
| Docker | Kubernetes | Linux | Amazon ECS/EKS | Windows | AWS Fargate ECS/EKS | AWS Account | Azure Account | GCP Account | Terraform |
|---|
| Agent Required (7.46+) | | | | | | | | | | |
| Workload Protection | | | | | | | | | | |
Supported Linux distributions
Workload Protection supports the following Linux distributions:
| Linux Distributions | Supported Versions |
|---|
| Ubuntu LTS | 18.04, 20.04, 22.04 |
| Debian | 10 or later |
| Amazon Linux 2 | Kernels 4.14 and higher |
| Amazon Linux 2023 | All versions |
| SUSE Linux Enterprise Server | 12 and 15 |
| Red Hat Enterprise Linux | 7, 8, and 9 |
| Oracle Linux | 7, 8, and 9 |
| CentOS | 7 |
| Google Container Optimized OS (default on GKE) (Preview) | 93 and higher |
Notes:
- Custom kernel builds are not supported.
- The Workload Protection eBPF-less solution for eBPF disabled environments uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85.
- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see Troubleshooting Workload Protection.
- Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported).
Deploy the Agent
You can enable Workload Protection on the Datadog Agent using multiple tools and systems.
Workload Protection Agent variables
The Datadog Agent has several environment variables that can be enabled for Workload Protection. This article describes the purpose of each environment variable.
