Setting up Cloud Security on Windows

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Use the following instructions to enable Misconfigurations, Vulnerability Management, and Identity Risks on Windows.

Prerequisites

  • Agent versions 7.52 and later.
  • Access to hosts running Windows Server 2016 or newer.

Limitations

  • Windows containerized workloads are not supported.
  • Datadog detects vulnerabilities in Windows by identifying the Windows version and installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed.
  • Datadog can’t track vulnerability fixes that Windows applies outside of KB updates.
  • Datadog can’t track vulnerabilities associated with third-party software.

Installation

Installer

  1. Install the Datadog Windows Agent.
  2. Right-click the downloaded .msi file and select Run as administrator.
  3. Follow the prompts, accept the license agreement, and enter your Datadog API key. If you are upgrading from an existing version of the Agent, the installer may not prompt you for an API key.

It can take up to 15 minutes to complete the installation. In certain cases, Microsoft Defender may cause slow installation progress. When the install finishes, you are given the option to launch the Datadog Agent Manager.

Command line

  1. Download the Datadog Agent installer.
  2. Follow the instructions for command line installation using command prompts or PowerShell.

Configuration

Enable Vulnerability scanning

  1. Update your Datadog Agent to 7.58 or later.
  2. Ensure you have access to C:\ProgramData, which is a hidden folder.
    • In File Explorer, click the View tab, and clear the Hidden items checkbox. The ProgramData folder should now be visible when navigating to the C: drive. The transparent icon indicates it is a hidden folder.
  3. In C:\ProgramData\Datadog\datadog.yaml, set the sbom and host flags:

    sbom:
  enabled: true
  host:
    enabled: true
  4. Restart the Datadog Agent to enable Cloud Security Vulnerability Management.

Verify that the Agent is sending events to Cloud Security

To verify that the Agent is sending events to Cloud Security, go to Cloud Security Overview and view the Security Inbox and All Findings sections.

Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.
PREVIEWING: jen.gilbert/cdocs-pilot-mobile-sr-setup