The Cloud Security Management Misconfigurations (CSM Misconfigurations) Explorer allows you to:

  • Review the detailed configuration of a resource.
  • Review the compliance rules applied to your resources by CSM Misconfigurations.
  • Review tags for more context about who owns the resource and where it resides in your environment.
  • Read descriptions and guidelines based on industry resources for remediating a misconfigured resource.
  • Use the time selector to explore your security configuration posture at any point in the past.

In addition to reviewing and responding to misconfigurations, you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same view as real-time threats generated by Cloud SIEM and CSM Threats. This enables you to accelerate investigations, as the root causes for many of today’s cloud breaches are misconfigured services that have been exploited by attackers.

Misconfigurations

A misconfiguration is the primary primitive for a rule evaluation against a resource. Every time a resource is evaluated against a rule, a misconfiguration is generated with a Pass or Fail status. Resources are evaluated in increments between 15 minutes and four hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit.

Explore your cloud misconfigurations

Misconfigurations are displayed on the Misconfigurations Explorer. Aggregate misconfigurations by rule using the Group by filters and query search bar. For example, filtering by evaluation:fail narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation.

CSM Misconfigurations Explorer page

Select a misconfiguration to view the resources that have been evaluated by the rule, the rule description, its framework or industry benchmark mappings, and suggested remediation steps.

A list of impacted resources in the side panel

Group by Resources on the Security Findings Explorer and select a resource to see the full list of compliance rules that were evaluated against the resource, along with their statuses.

Group and aggregate by resource in search

Further reading

PREVIEWING: mervebolat/span-id-preprocessing