Security Inbox

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
次で利用可能:

Cloud Security Management | Application Security Management

Security Inbox provides a consolidated, actionable list of your most important security findings. It automatically contextualizes and correlates insights from Datadog security products across vulnerabilities, signals, misconfigurations, and identity risks into a unified, prioritized view of actions to take to strengthen your environment.

The Security Inbox shows prioritized security issues for remediation

Types of findings in Security Inbox

The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings:

  • A curated set of misconfigurations for CSM Misconfigurations, compiled by Datadog Security Research.
  • A curated set of identity risks for CSM Identity Risks, compiled by Datadog Security Research.
  • Application library vulnerabilities for Software Composition Analysis(SCA). All high and critical application library vulnerabilities on production services under attack appear in the inbox.
  • Application code vulnerabilities for Code Security vulnerabilities. All high and critical application code vulnerabilities appear in the inbox.
  • Attack Paths. An attack path outlines a series of interconnected misconfigurations, container image, host, and application vulnerabilities that malicious actors could leverage to gain unauthorized access, escalate privileges, or compromise sensitive data in your cloud environment. All attack paths are listed in Security Inbox by default.

Security Inbox also takes the following detected risks into consideration when determining which findings appear in the inbox:

  • Public accessibility: Publicly exposed resources carry elevated risk, especially if they contain vulnerabilities or misconfigurations. To learn more, see How Datadog Determines if Resources are Publicly Accessible.
  • Privileged access: Resources with privileged access carry elevated risk as they grant elevated permissions that can expand the attack surface.
  • Under attack: Resources that are seeing suspicious security activity carry elevated risks. Resources are flagged as “Under Attack” if a security signal has been detected on the resource in the last 15 days.
  • Exploit available: Vulnerabilities with public exploits available carry elevated risks. The availability of a public exploit is verified with different exploit databases, such as cisa.gov, exploit-db.com, and nvd.nist.gov.
  • In production: Vulnerabilities in production environments carry elevated risks. The environment is computed from the env and environment tags.

How Security Inbox prioritization works

Security Inbox ranks issues by considering the severity of a finding first, followed by the number of correlated risks, and then the number of impacted resources and services.

  • Severity (Critical, High, Medium, and Low): Severity is determined by the Datadog Security Scoring Framework for cloud misconfigurations and identity risks, and by CVSS 3.1 for vulnerabilities.
  • Number of detected risks: When two findings have the same severity, the one with a greater number of detected risks is given higher priority.
  • Number of impacted resources and services: If two findings share both the same severity and the same number of detected risks, the finding that impacts a greater number of resources and services is prioritized higher.

Note: The type of finding, detected risk, or impacted resource does not influence prioritization.

Further Reading

PREVIEWING: may/unit-testing