diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 63b93b5a838..1ecfbe1a1d6 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -406,8 +406,6 @@ A Kubernetes Engine cluster (`gcp_kubernetes_engine_cluster`) is considered publ [40]: https://azure.microsoft.com/en-us/blog/network-security-groups/ [41]: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses [42]: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/associate-public-ip-address-vm?tabs=azure-portal -[43]: https://learn.microsoft.com/en-us/rest/api/compute/disks/create-or-update?view=rest-compute-2023-04-02&tabs=HTTP -[44]: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-private-links-for-import-export-portal [45]: https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal [46]: https://azure.microsoft.com/en-us/updates/choose-to-allow-or-disallow-blob-public-access-on-azure-storage-accounts/ [47]: https://azure.microsoft.com/en-us/updates/choose-to-allow-or-disallow-blob-public-access-on-azure-storage-accounts/ diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md index 6c0bb5b76f8..4a36be3d812 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md @@ -22,7 +22,7 @@ The following table provides a summary of Agentless Scanning technologies in rel | Application languages (in hosts and containers) | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | | Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: scans running container images only
**Note:** To request at-rest registry scanning or to increase the number of at-rest images to scan, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only
**Note:** To request at-rest registry scanning or to increase the numbers of at-rest images to scan, contact [Datadog Support][16] | | Host Images | AMI | Not supported | Not supported | -| Sensitive Data (SDS) | S3, RDS (private beta) | Not supported | Not supported | +| Sensitive Data (SDS) | S3 | Not supported | Not supported | **Note**: AMIs must be stored in an account that uses Datadog's AWS integration. Otherwise, Datadog can't read the AMI's underlying Amazon Elastic Block Store (EBS) snapshot, so it can't scan or report on the AMI. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md index 2a2feaeee46..ff1b19e213a 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md @@ -21,7 +21,7 @@ This guide helps you choose the right deployment topology for Agentless Scanning Datadog recommends the following guidelines: - Use a dedicated scanner account for multi-account environments. - Deploy a scanner in each region that contains more than 150 hosts. -- If you use [Cloud Storage Scanning][1], deploy a scanner in each region that contains a data store (for example, S3 buckets or RDS instances). +- If you use [Cloud Storage Scanning][1], deploy a scanner in each region that contains a data store (for example, S3 buckets).
Scanners only send the collected list of packages and host metadata (hostnames, EC2/VM/Compute Engine instance identifiers) to Datadog. All scanned data remains in your infrastructure.
diff --git a/content/en/security/sensitive_data_scanner/setup/_index.md b/content/en/security/sensitive_data_scanner/setup/_index.md index 41f16afeb25..bbcab874faa 100644 --- a/content/en/security/sensitive_data_scanner/setup/_index.md +++ b/content/en/security/sensitive_data_scanner/setup/_index.md @@ -25,7 +25,7 @@ Set up Sensitive Data Scanner for each data source you want to scan. Each source - **Telemetry data:** Scan your logs, APM spans, RUM events, and events from Event Management. See [Telemetry Data][1] for setup instructions. To scan logs before they leave your network, use the [Sensitive Data Scanner processor for Observability Pipelines][5]. - **Agent Observability data:** Scan LLM traces, prompts, and completions. Configure scanning from the [Agent Observability Settings page][3]. -- **Cloud storage data:** Scan your Amazon S3 buckets and RDS instances. See [Cloud Storage][2] for setup instructions. +- **Cloud storage data:** Scan your Amazon S3 buckets. See [Cloud Storage][2] for setup instructions. - **Code repositories:** Detect exposed secrets in your source code. See [Secret Scanning][4] for setup instructions. - **AI Guard evaluations:** Scan the conversations AI Guard evaluates for sensitive data such as credentials and PII. Configure scanning rules from the [AI Guard tab][6] of the Sensitive Data Scanner configuration page.