Datadog Cloud Security Management (CSM)

• https://www.datadoghq.com/product/cloud-security-management/

• Vulnerability management: Host Vulnerability Management, Container Vulnerability Management
• Automated compliance checks
• Continuous posture management
• Real-time threat detection
• Identity risk assessments

Activation require SecurityAudit managed policy in DatadogAWSIntegrationRole.

Features

• Resource Inventory (by default), require SecurityAudit managed policy in DatadogAWSIntegrationRole
• Case Management (by default)
• Identify Risk
• Misconfigurations
• Threat Detection
• Host Vulnerability Management
• Container Vulnerability Management

Alerts

• Datadog: EC2 subnets should not automatically assign public IP addresses
• Application Load Balancers should be configured to drop HTTP headers: drop_invalid_header_fields
• Datadog: Amazon EC2 instances should not have a public IPv4 address
• Datadog: Amazon ECR should be scanning all images for vulnerabilities
• Datadog: EC2 instances should enforce IMDSv2
• Datadog: RDS database instances should use a non-default port

Related

• Datadog Cloud SIEM
• datadog_security_monitoring_rule
• datadog_cloud_workload_security_agent_rule
• CloudTrail logs
• Datadog: EC2 subnets should not automatically assign public IP addresses

See also

• Terraform datadog, provider, datadog_user, datadog_monitor_json, datadog_logs_custom_pipeline, datadog_integration_aws, datadog_security_monitoring_rule
• Datadog Cloud Security Management: Identity Risk, Misconfigurations
• Datadog security: Cloud SIEM, Cloud Security Management (CSM)