Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Comment thread
janine-c marked this conversation as resolved.
Original file line number Diff line number Diff line change
Expand Up @@ -406,8 +406,6 @@ A Kubernetes Engine cluster (`gcp_kubernetes_engine_cluster`) is considered publ
[40]: https://azure.microsoft.com/en-us/blog/network-security-groups/
[41]: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses
[42]: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/associate-public-ip-address-vm?tabs=azure-portal
[43]: https://learn.microsoft.com/en-us/rest/api/compute/disks/create-or-update?view=rest-compute-2023-04-02&tabs=HTTP
[44]: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-private-links-for-import-export-portal
[45]: https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal
[46]: https://azure.microsoft.com/en-us/updates/choose-to-allow-or-disallow-blob-public-access-on-azure-storage-accounts/
[47]: https://azure.microsoft.com/en-us/updates/choose-to-allow-or-disallow-blob-public-access-on-azure-storage-accounts/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ The following table provides a summary of Agentless Scanning technologies in rel
| Application languages (in hosts and containers) | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda |
| Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: scans running container images only<br />**Note:** To request at-rest registry scanning or to increase the number of at-rest images to scan, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only<br />**Note:** To request at-rest registry scanning or to increase the numbers of at-rest images to scan, contact [Datadog Support][16] |
| Host Images | AMI | Not supported | Not supported |
| Sensitive Data (SDS) | S3, RDS (private beta) | Not supported | Not supported |
| Sensitive Data (SDS) | S3 | Not supported | Not supported |

**Note**: AMIs must be stored in an account that uses Datadog's AWS integration. Otherwise, Datadog can't read the AMI's underlying Amazon Elastic Block Store (EBS) snapshot, so it can't scan or report on the AMI.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ This guide helps you choose the right deployment topology for Agentless Scanning
Datadog recommends the following guidelines:
- Use a dedicated scanner account for multi-account environments.
- Deploy a scanner in each region that contains more than 150 hosts.
- If you use [Cloud Storage Scanning][1], deploy a scanner in each region that contains a data store (for example, S3 buckets or RDS instances).
- If you use [Cloud Storage Scanning][1], deploy a scanner in each region that contains a data store (for example, S3 buckets).

<div class="alert alert-info">Scanners only send the collected list of packages and host metadata (hostnames, EC2/VM/Compute Engine instance identifiers) to Datadog. All scanned data remains in your infrastructure.</div>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Set up Sensitive Data Scanner for each data source you want to scan. Each source

- **Telemetry data:** Scan your logs, APM spans, RUM events, and events from Event Management. See [Telemetry Data][1] for setup instructions. To scan logs before they leave your network, use the [Sensitive Data Scanner processor for Observability Pipelines][5].
- **Agent Observability data:** Scan LLM traces, prompts, and completions. Configure scanning from the [Agent Observability Settings page][3].
- **Cloud storage data:** Scan your Amazon S3 buckets and RDS instances. See [Cloud Storage][2] for setup instructions.
- **Cloud storage data:** Scan your Amazon S3 buckets. See [Cloud Storage][2] for setup instructions.
- **Code repositories:** Detect exposed secrets in your source code. See [Secret Scanning][4] for setup instructions.
- **AI Guard evaluations:** Scan the conversations AI Guard evaluates for sensitive data such as credentials and PII. Configure scanning rules from the [AI Guard tab][6] of the Sensitive Data Scanner configuration page.

Expand Down
Loading