 |
VOOZH | about |
|
VOOZH | about |
Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads.
Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine Workload Protection with Cloud Network Monitoring and detect suspicious activity at the network level before a workload is compromised.
Workload Protection Threats uses the Datadog Agent to monitor your environment. If you don’t already have the Datadog Agent set up, start with setting up the Agent on a supported operating system. There are four types of monitoring that the Datadog Agent uses for Workload Protection:
When a threat is confirmed, you can contain it directly from the Workload Protection signal side panel. This shortens response time and helps preserve forensic state while an investigation continues.
Four response actions are available from any Workload Protection signal:
Response actions are manual and per-signal. Action status is reported in the signal’s response table, investigation graph, and events timeline, and every action is recorded in the audit trail.
To use response actions, you need the Datadog Agent v7.78.1 or later, Remote Configuration enabled, and the Cloud Workload Security Agent Actions RBAC permission.
By default, all OOTB Agent crypto mining threat detection rules are enabled and actively monitoring for threats.
Active Protection enables you to proactively block and terminate crypto mining threats identified by the Datadog Agent threat detection rules.
Workload Protection Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior.
Set up Cloud Security with Remote Configuration enables users to remotely configure and change the behavior of Datadog components deployed in their environment.Glossary to automatically deploy new and updated rules to the Agent. Customize the rules by defining how each rule monitors process, network, and file activity, create custom rules, and set up real-time notifications for new signals.
Send real-time notifications when a threat is detected in your environment, so that your teams can take action to mitigate the risk. Notifications can be sent to Slack, email, PagerDuty, webhooks, and more.
Use template variables and Markdown to customize notification messages. Edit, disable, and delete existing notification rules, or create new rules and define custom logic for when a notification is triggered based on severity and rule type.
Investigate and triage security signals in the Signals Explorer. View detailed information about the impacted files or processes, related signals and logs, and remediation steps.
Datadog is introducing a new feature called Active Protection to address the crypto threats detected in your environment automatically. Active Protection is in Preview. Fill out the form to request access.
Request AccessAdditional helpful documentation, links, and articles:
Additional helpful documentation, links, and articles:
| |
