# Datadog > title: Network ACLs should enforce inbound traffic restrictions ## Pages - [Network ACLs should enforce inbound traffic restrictions](01b-a6f-d0c.md): Investigate AWS Network Access Control Lists (NACLs) for rules that enable multiple open ports and limit ingress traf... - [Okta API Token Created or Enabled](020-008-4aa.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [User enumerated AWS Systems Manager parameters - Anomaly](02d-y74-06e.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [AWS ELB HTTP requests from security scanner](088-a06-67c.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [Azure user ran command on container instance](0bt-76f-qi0.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [Anomalous amount of Autoscaling Group events](0cg-j5s-svt.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Okta Impersonation](0fx-z3l-ggi.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [Anomalous API Gateway API key reads by user](0kb-4zy-y2r.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1552-unsec... - [The Azure App Service should be enabled with 'always on](0m6-trv-wyi.md): Azure App Services has 'always on' **enabled** for web apps. - [Account should have a activity log alert configured for 'Delete Load Balancer](0pp-84j-ty3.md): Create an activity log alert for the Delete Load Balancer event. - [Apache HTTP requests from security scanner](13a-810-14c.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [EBS volumes should be encrypted](146-kl4-mas.md): Enable encryption for Elastic Block Store (EBS) by default in the region. EBS uses AES-256 encryption to protect data... - [Brute force attack on an Auth0 user](154-6ed-00d.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Anomalous amount of access denied events for AWS EC2 Instance](169-fd7-41b.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1069-permission-gr... - [Inbound RPC access should be restricted](1a5-552-53d.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Inbound DNS access should be restricted](1a6-e94-f5d.md): Reduce the possibility of a breach by checking EC2 security groups for inbound rules that allow unfettered access to ... - [Microsoft 365 Unified Audit Logging Disabled](1bw-akj-fk6.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Log4Shell Scanning Detected](1bw-akj-fk7.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [OneLogin administrator assumed a user](1c3-d0v-jv0.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [User Exec into a Pod](1d5-6cd-162.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [SQL injections attempts](1ex-nf2-1pk.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [The Azure PostgreSQL database server should use geo-redundant backups](1f5-hbg-tw6.md): PostgreSQL uses geo-redundant backups. - [Credential stuffing attack on Salesforce](1gv-r5k-jeb.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [The default network access rule for Storage Accounts should be set to deny](1xl-jnk-5fa.md): Configure storage accounts to deny access to traffic from all networks (including internet traffic). Grant access to ... - [AWS Kinesis Firehose stream destination modified](1y1-elh-nph.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [AWS console login without MFA](208-e1f-0f9.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Account should have a configured activity log alert for mysql database updates](20s-ggd-85j.md): Create an activity log alert for the Create or Update MySQL Database event. - [Fastly HTTP Requests from Security Scanner](216-b0c-f83.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [Inbound Oracle access should be restricted](217-7aa-796.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Azure Service Principal was assigned a role](21q-lj7-jl3.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Possible RDS Snapshot exfiltration](237-412-287.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Inbound UDP NetBIOS access should be restricted](24e-e4b-666.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [NGINX HTTP requests from security scanner](25c-d30-507.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [Kubernetes Pod Created in Kube Namespace](27a-db7-89d.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1068-ex... - [AWS Network Access Control List created or modified](282-cf7-5c4.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Cloudfront distribution should be encrypted](292-15d-f17.md): Verify that HTTPS is used to secure AWS CloudFront distributions communications. - [The Docker server certificate key file needs to have permissions of 400](2bx-cyd-ejk.md): Classification:complianceFramework:cis-dockerControl:3.14 - [RDS instances should use a non-default port](2fa-56b-77b.md): Confirm [Amazon RDS database instances](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.ht... - [Certificate managed by ACM should not be expired](2g5-b7o-dqd.md): Remove expired Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates with AWS Certificate Manager (ACM). - [IAM password policy should require at least one number in passwords](2mn-qgc-gka.md): Password policies are, in part, used to enforce password complexity requirements. Use IAM password policies to ensure... - [Network utility executed in container](2s8-bj5-xiu.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [The Docker socket file should have permissions of 660 or stricter](2vc-udv-9at.md): Classification:complianceFramework:cis-dockerControl:3.16 - [Network scanning utility executed](2vr-c3r-eih.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1046-network-servi... - [AWS WAF traffic blocked by specific rule on multiple IPs](2yu-ey6-507.md): Detect when a specific AWS Web Application Firewall (WAF) rule blocks traffic from multiple IPs. - [The misconfigured resource should retain at least 10 log file rotations](2zh-c9a-8n8.md): Classification:complianceFramework:cis-kubernetesControl:1.2.24 - [Google Cloud Storage Bucket contents downloaded without authentication](30a-b8b-80f.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Classic Load Balancer listener should use a secure configuration](31q-rfg-uiu.md): Use a secure protocol and cipher to protect communication between the client and your Classic Elastic Load Balancers ... - [Credential added to rarely used Azure AD application](31u-j0s-sos.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Account should have a configured activity log alert for load balancer updates](32p-5ty-6t0.md): Activity log alert exists for the creation or update of a load balancer. - [Inbound MSSQL access should be restricted](337-5c6-248.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [The API server should not allow anonymous requests to Kubelet](349-cpn-a92.md): Classification:complianceFramework:cis-kubernetesControl:4.2.1 - [Azure Network Security Group Open to the World](34e-bda-42c.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [The scheduler service should only be bound to localhost](35s-cvw-j67.md): Classification:complianceFramework:cis-kubernetesControl:1.4.2 - [Anonymous request authorized](37f-a98-5cd.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Google Compute Engine network route created or modified](3b3-32c-73c.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Network ACLs should enforce outbound traffic restrictions](3b4-283-756.md): Investigate AWS Network Access Control Lists (NACLs) for rules that utilize multiple ports and limit outbound traffic... - [Inbound CIFS access should be restricted to trusted networks](3ce-77d-28a.md): Audit your [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) to ensure ... - [User Attached to a Pod](3e1-0b7-119.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1613-container-and... - [The server should have the 'log_duration' parameter set to 'ON](3f6-n98-c6p.md): PostgreSQL uses logging to track the time it takes to complete an SQL query. - [AWS FSx Excessive File Denied](3fe-1fm-dlw.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Elasticsearch domain should only be accessible from an AWS VPC](3h4-mr3-76y.md): Ensure your Amazon Elasticsearch (ES) domain is only accessible from an AWS VPC. - [>-](3jt-ywj-82c.md): Classification:complianceFramework:cis-dockerControl:2.6 - [The registry certificate files should be individually and group owned by root](3kg-bxt-kah.md): Classification:complianceFramework:cis-dockerControl:3.7 - [Network policies should be defined to isolate traffic in cluster network](3kq-2r3-p4u.md): Classification:complianceFramework:cis-kubernetesControl:5.3.2 - [/usr/bin/containerd should be audited if applicable](3r2-3jv-hy5.md): Classification:complianceFramework:cis-dockerControl:1.2.11 - [The host's network namespace should be hidden from containers](3s2-7iz-qi8.md): Classification:complianceFramework:cis-dockerControl:5.9 - [>-](3sx-8aj-uca.md): Classification:complianceFramework:cis-dockerControl:5.28 - [DNS lookup for paste service](3tl-l71-myn.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [Kernel capabilities in Linux should only be granted when necessary](3we-9j9-qmk.md): Classification:complianceFramework:cis-dockerControl:5.3 - [The Docker local storage partition should be separate from other partitions](3wk-jj4-zxc.md): Classification:complianceFramework:cis-dockerControl:1.2.1 - [AWS KMS key deleted or scheduled for deletion](432-8db-b8b.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [Remote administration port access should be restricted to trusted networks](45i-h7m-x1w.md): The Network Access Control List (NACL) provides stateless filtering of ingress and egress network traffic to AWS reso... - [AWS EC2 new event for EKS Node Group](49s-nqd-u7j.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Azure Frontdoor WAF Blocked a Request](4af-ed1-fc0.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [AWS S3 Public Access Block removed](4cd-f56-dfa.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [The registry certificate files should have read-only or stricter permissions](4cm-yt8-dji.md): Classification:complianceFramework:cis-dockerControl:3.8 - [>-](4d4-6d3-df3.md): Create an activity log alert for the Update Security Policy event. - [Redshift clusters should have 'allow version upgrade' enabled](4da-22a-46b.md): Confirm`AllowVersionUpgrade`is enabled so [Redshift clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/work... - [Google Cloud BigQuery - query results saved to new table](4dn-qab-suj.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Signal Sciences flagged an IP](4ec-343-f90.md): Detect when an IP is flagged by Signal Sciences. - [>-](4ed-dlg-op3.md): Create an activity log alert for the Delete Network Security Group event. - [etcd servers should make use of TLS encryption for client connections](4kk-m7s-ur6.md): Classification:complianceFramework:cis-kubernetesControl:1.2.29 - [Kernel module directory modified](4nu-jvj-zxf.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1547-boot-or-log... - [The /etc/docker directory should be owned by root account](4rp-frf-dq4.md): Classification:complianceFramework:cis-dockerControl:3.5 - [Google Cloud Project external principal added as project owner](4xt-j23-jnb.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [AWS EC2 subnet deleted](506-0ba-81f.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [Google Compute Engine firewall rule modified](522-190-266.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows audit log cleared](52l-d2d-n78.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1070-indicat... - [IAM users should not have the 'AdministratorAccess' policy attached](542-ddc-8ba.md): Confirm there are no [Amazon IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) (privileged u... - [Cassandra injection vulnerability triggered](593-vps-crp.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Okta User Attempted to Access Unauthorized App](59a-cl0-v2r.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Security scanner detected](5am-8f6-ur7.md): Tactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-scanning](https://atta... - [Etcd should be configured for peer authentication](5be-7yq-bjy.md): Classification:complianceFramework:cis-kubernetesControl:2.5 - [AWS root account activity](5ee-d08-7fa.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [The secure port should not be disabled for the API server](5er-t93-rpz.md): Classification:complianceFramework:cis-kubernetesControl:1.2.20 - [IAM User access keys should be created after initial setup](5nr-ef7-a72.md): AWS console defaults to no check boxes selected when creating a new IAM user. When creating the IAM user credentials,... - [The Kubernetes API Server should enable audit logs on its server](5nv-97q-t4e.md): Classification:complianceFramework:cis-kubernetesControl:1.2.22 - [S3 bucket ACLs should block public write actions](5yq-fi1-8pn.md): Modify your access control permissions to remove`WRITE_ACP`,`WRITE`, or`FULL_CONTROL`access for all AWS users or ... - [Google Cloud SQL database modified](60f-89d-fee.md): Classification:complianceTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1565-data-manipul... - [Elasticsearch domains should be encrypted with KMS Customer Master Keys](617-v5l-ed8.md): Encrypt your Amazon Elasticsearch domains with KMS Customer Master Keys (CMKs). - [RDS databases should be encrypted](625-933-d8d.md): Amazon RDS-encrypted database instances use the industry-standard AES-256 encryption algorithm to encrypt data on the... - [Elasticsearch domain should enable encryption](62v-0kq-n6b.md): Implement encryption at rest for your Amazon Elasticsearch (ES) domain with the AWS KMS service. - [>-](634-w65-56w.md): Classification:complianceFramework:cis-dockerControl:5.2 - [Expired SSL/TLS certificates should be removed from AWS IAM](659-w20-jub.md): To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can us... - [Inbound FTP access should be restricted](660-246-354.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Anomalous S3 bucket activity from user ARN](66d-nnk-onm.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Inbound MongoDB access should be restricted](687-79e-d55.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Kubernetes principal attempted to enumerate their permissions](68a-f97-42f.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1613-container-and... - [The container should have a restart policy limited to 5 attempts](69v-npt-bzr.md): Classification:complianceFramework:cis-dockerControl:5.14 - [Redshift clusters should use a non-default port for communication](6a4-aa4-a76.md): Confirm [Redshift clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html) are not usin... - [Credential stuffing attack on Auth0](6a7-df6-9aa.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [AppArmor profile modified](6an-kt3-3oj.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [AWS Network Gateway created or modified](6b3-f52-84e.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Kubernetes Service Created with NodePort](6b4-f87-bcd.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [>-](6bj-f4v-9aj.md): Ensure that no PostgreSQL Databases allow ingress from 0.0.0.0/0 (ANY IP). - [Google Cloud Storage Bucket modified](6c5-db7-1b4.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-mod... - [AWS CloudTrail trail should have global service events enabled](6c6-101-b03.md): Ensure that an AWS CloudTrail trail has global service events enabled. - [Log files for the API server should be rotated at 100 MB](6c7-jd2-t3u.md): Classification:complianceFramework:cis-kubernetesControl:1.2.25 - [The ownership of the admin.conf file should be root:root](6dc-7zm-uta.md): Classification:complianceFramework:cis-kubernetesControl:1.1.14 - [Auth0 user logged in with a breached password](6f0-939-666.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Security group open to the world](6f3-c4d-9f0.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Unusual Authentication by Microsoft 365 Azure AD Service Principal](6fj-qtv-ei2.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [The /etc/default/docker file permissions should be set to 644 or stricter](6ia-vhn-rrf.md): Classification:complianceFramework:cis-dockerControl:3.22 - [Azure Firewall Threat Intelligence Alert](6ir-aj0-eec.md): Classification:threat-intel - [Microsoft 365 - Modification of Trusted Domain](6p9-30r-oqb.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Container management utility in container](6ph-8a1-ul5.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [The API server should not use basic authentication](6q7-uqw-dtq.md): Classification:complianceFramework:cis-kubernetesControl:1.2.2 - [CloudFront distribution should have logging enabled](715-d44-428.md): Ensure logging is enabled for AWS CloudFront to track things like client IP addresses and access points. - [AWS GuardDuty detector deleted](719-39f-9cd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Kubernetes Pod Created with hostNetwork](72d-b43-42f.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1068-ex... - [Inbound OpenSearch access should be restricted](72d-ffe-250.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [S3 bucket access logging should be enabled on the CloudTrail S3 bucket](748-vvi-4ye.md): S3 Bucket Access Logging generates a log with access records for each request made to your S3 bucket. These logs incl... - [Inbound ICMP access to the host should be restricted](74f-6b9-4a3.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [IIS HTTP requests from security scanner](76c-cbb-28a.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [There should be at least one multi-region CloudTrail trail per AWS account](79d-8f7-432.md): AWS CloudTrail records AWS API calls and delivers log files containing the identity, time, IP address, and details of... - [The Controller Manager API service should only bind to localhost](7a7-22h-gnc.md): Classification:complianceFramework:cis-kubernetesControl:1.3.7 - [AWS IAM policy modified](7b6-2a8-df9.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [SNS Topic should have server-side encryption enabled](7b7-txn-jj2.md): Enable Server-Side Encryption for your AWS Simple Notification Service (SNS) topics. - [CloudFront viewer should be encrypted](7bd-206-905.md): Ensure that the AWS CloudFront Content Delivery Network (CDN) for your distribution is using HTTPS to send and receiv... - [CloudFront distribution should be integrated with WAF](7cf-b7e-cc9.md): Verify that your [AWS CloudFront](https://aws.amazon.com/cloudfront/) distributions are integrated with [AWS Web Appl... - [Unused credentials should be deactivated or removed](7h6-fp7-pc3.md): AWS IAM users can access AWS resources using various types of credentials, such as passwords and access keys. Datadog... - [IAM roles should not have a trust policy that contains a wildcard principal](7hk-tff-0fv.md): Each IAM role must have a [trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts... - [Microsoft 365 OneDrive anonymous link created](7n1-x5b-ds7.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Azure snapshot export URI created](7r2-807-3pa.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1074-data-staged]... - [The insecure API service should not be bound](7r2-ba2-fit.md): Classification:complianceFramework:cis-kubernetesControl:1.2.18 - [The TLS CA certificate file should be owned by root account](7vx-bpp-z8h.md): Classification:complianceFramework:cis-dockerControl:3.9 - [Resource enumeration detected](7zj-fzr-45s.md): Detect attempts by an attacker to exfiltrate sensitive information using a [Resource Enumeration attack](https://owas... - [Dynamic linker hijacking attempt](80l-dwm-pi6.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1574-hijack-... - [User enumerated AWS Secrets Manager - Anomaly](81g-402-ow1.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Container image vulnerability detected](822-aa2-555.md): Detect vulnerabilities in container images. - [The global request timeout for API server requests should be set appropriately](83n-39b-4dk.md): Classification:complianceFramework:cis-kubernetesControl:1.2.26 - [Azure New Service Principal created](848-4cc-725.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [The /etc/sysconfig/docker file permissions should be set to 644 or stricter](85k-m6p-xw9.md): Classification:complianceFramework:cis-dockerControl:3.21 - [Okta User Access Denied to Sign On](888-4d9-8a3.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [The /etc/default/docker file ownership should be set to root](89n-csr-u3u.md): Classification:complianceFramework:cis-dockerControl:3.19 - [An EC2 instance attempted to enumerate S3 bucket](8b7-d38-74d.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Okta MFA Bypass Attempted](8c6-2a6-515.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1111-multi... - [Potential brute force attack on AWS ConsoleLogin](8d2-d0c-0b6.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Logging for Redshift clusters should be enabled](8e1-hf3-j3b.md): Enable logging for your Amazon Redshift cluster. - [Redshift clusters should use a custom master username](8f3-21b-c86.md): Confirm [Redshift clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html) are using a ... - [Google Cloud unauthorized service account activity](8fc-9c9-c02.md): Classification:complianceTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-vali... - [Etcd service should have client authentication enabled](8ji-mdh-b6r.md): Classification:complianceFramework:cis-kubernetesControl:2.2 - [Azure user invited an external user](8pu-lqe-4ze.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [Containers on the default network bridge should restrict network traffic](8r2-zyy-shg.md): Classification:complianceFramework:cis-dockerControl:2.1 - [SSRF exploited](8se-cte-jwk.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Symmetric CMKs should have encryption key rotation enabled](8sx-i8v-y8v.md): AWS Key Management Service (KMS) allows for backing key rotation, which involves updating the key material tied to a ... - [>-](8x3-97g-35a.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [Containers should not run in privileged mode](8xc-5x6-h2k.md): Classification:complianceFramework:cis-dockerControl:5.4 - [MFA should be enabled for the 'root' account](8yh-cqk-qbn.md): The root account is the most privileged user in an AWS account. MFA (multi-factor authentication) adds an extra layer... - [AWS AMI Made Public](93d-bf1-e17.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [>-](94d-jk4-ow5.md): Create an activity log alert for the Create or Update PostgreSQL Database event. - [AWS EventBridge rule disabled or deleted](998-f99-7bd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1089-disabli... - [ElastiCache clusters should use the latest engine version available](9cq-130-xdk.md): Ensure that your Amazon ElastiCache cluster is running the latest stable version of the Redis, Memcached, or Valkey c... - [AWS ECS cluster deleted](9d1-0fa-76a.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [All requests should not be allowed; explicit authorization should be enabled](9d8-ji4-rha.md): Classification:complianceFramework:cis-kubernetesControl:4.2.2 - [NGINX ingress controller HTTP requests from security scanner](9e5-69f-a68.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [AWS S3 Bucket ACL made public](9e7-876-0ec.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [A user received an anomalous number of AccessDenied errors](9el-i95-dnl.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1069-permission-gr... - [Package installed in container](9fi-ky3-oxl.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [AWS Detective Graph deleted](9fq-2av-prp.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Lambda function should have access to VPC resources in configuration](9ga-poq-w7v.md): Ensure your Amazon Lambda Function is configured to access VPC-only resources, enhancing the security of your connect... - [Containers should not share the host's user namespaces](9h8-wne-ybj.md): Classification:complianceFramework:cis-dockerControl:5.30 - [The Docker daemon should only be controlled by root and Docker group](9hi-unv-yy9.md): Classification:complianceFramework:cis-dockerControl:1.2.2 - [The kubelet configuration file should be owned by root:root](9jy-pei-duz.md): Classification:complianceFramework:cis-kubernetesControl:4.1.10 - [Okta one-time refresh token reused](9rd-o7d-606.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1528-steal... - [Azure App Service should have remote debugging disabled](9xq-bpn-wo5.md): Azure App Services has 'remote debugging' **disabled** to enhance security and protect applications. - [Certificates managed by ACM should be validated](a08-t3c-wbj.md): All Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates in Amazon Certificate Manager (ACM) should be... - [AWS RDS Cluster deleted](a11-897-de4.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [Jumpcloud admin granted system privileges](a28-5a3-d0x.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [EC2 instances and autoscaling groups should enforce IMDSv2](a38-n2h-p48.md): Use the IMDSv2 session-oriented communication method to transport instance metadata. - [Potential administrative port open to the world via AWS security group](a3p-xtg-ryo.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Google Cloud Storage Bucket enumerated](a6b-6c9-419.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1619-cloud-storage... - [Cron job modified](a78-b2n-xmd.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1053-sc... - [Google Cloud Pub/Sub Subscriber modified](a7b-dbc-bdd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Redshift clusters should not be publicly accessible](a7e-e88-302.md): Confirm Redshift clusters are not publicly available. - [Google Cloud Storage Bucket permissions modified](a7f-017-9cc.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [The Docker daemon should be allowed to configure the firewall rules](a7x-nea-bz9.md): Classification:complianceFramework:cis-dockerControl:2.3 - [SELinux enforcement disabled](a81-bja-19e.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [New Amazon EC2 Instance type](a8d-afd-la9.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1204-user-executio... - [The proxy kubeconfig file should have permissions of 644 or stricter](a92-73f-akk.md): Classification:complianceFramework:cis-kubernetesControl:4.1.3 - [New Kubernetes Namespace Created](a9f-f61-a6c.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Google Workspace admin role created](ab5-5lm-x2n.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [The user should configure an activity log alert for SQL Database deletion](ab7-bv8-6bt.md): Create an activity log alert for the Delete Azure SQL Database event. - [>-](abe-6ab-a41.md): Ensure that AWS CloudFront distributions are configured with a security policy that mandates the use of TLS v1.2 or n... - [Use absolute workdir](absolute-workdir.md): {% callout %} - [>-](ac3-6b4-p6j.md): Classification:complianceFramework:cis-kubernetesControl:1.2.3 - [Limit exposure to sensitive directories and files](access-restriction.md): {% callout %} - [Access Your Support Ticket](access-your-support-ticket.md): To create a new support ticket, click on the appropriate Site link and click **Submit a request** to fill out a ticke... - [Access and Authentication](access-and-auth.md): {% callout %} - [Access Control](access-control.md): Available for: - [High access key rotation period](access-key-not-rotated-within-90-days.md): {% callout %} - [Where is my data stored?](account-data-storage.md): Cloudcraft stores data in the AWS`us-east-1`(North Virginia) region for public cloud users, and in the AWS`us-gov-... - [Account Management](account-management.md): - [Cancel your Cloudcraft (Standalone) subscription](https://docs.datadoghq.com/cloudcraft/account-management/cancel-... - [Account Management](account-management-2.md): {% callout %} - [Account Takeover Protection](account-takeover-protection.md): App and API Protection (AAP) provides account takeover (ATO) protection to detect and mitigate account takeover attacks. - [Containers should not be run with the hostPID flag set to true](acr-cv5-wp5.md): Classification:complianceFramework:cis-kubernetesControl:5.2.2 - [Action Connection](action-connection.md): Action connections extend your installed integrations and allow you to take action in your third-party systems (e.g. ... - [Action trail logging for all regions disabled](action-trail-logging-all-regions-disabled.md): {% callout %} - [Actions Datastores](actions-datastores.md): Leverage the Actions Datastore API to create, modify, and delete items in datastores owned by your organization. - [Actions](actions.md): {% callout %} - [Action Catalog](actions-catalog.md): The Datadog Action Catalog provides actions that can be performed against your infrastructure and integrations using ... - [ActionTrail trail OSS bucket is publicly accessible](actiontrail-trail-oss-bucket-is-publicly-accessible.md): {% callout %} - [Activate your AWS Marketplace Cloudcraft subscription](activate-aws-marketplace-cloudcraft-subscription.md): A Cloudcraft subscription can be bought through the [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-... - [Proactively block crypto mining threats with Active Protection](active-protection.md): {% alert level="danger" %} - [Microsoft Active Directory Federation Services SAML IdP](activedirectory.md): The Datadog SAML integration for SSO provides a pathway for linking an organization to an external user management sy... - [>-](ad4-3d5-45c.md): Create an activity log alert for the Rename Azure SQL Database event. - [AD admin not configured for SQL server](ad-admin-not-configured-for-sql-server.md): {% callout %} - [Autodiscovery Container Identifiers](ad-identifiers.md): This document explains how to apply an [Autodiscovery](https://docs.datadoghq.com/getting_started/containers/autodisc... - [Adaptive Sampling](adaptive-sampling.md): {% callout %} - [Add AWS accounts via the Cloudcraft API](add-aws-account-via-api.md): Cloudcraft currently doesn't offer a way to add multiple AWS accounts at once using the web interface, but you can do... - [Add Azure accounts via the Cloudcraft API](add-azure-account-via-api.md): Cloudcraft currently doesn't offer a way to add multiple Azure accounts at once using the web interface, but you can ... - [Do not add an empty string](add-empty-string.md): {% callout %} - [User Monitoring and Protection](add-user-info.md): {% callout %} - [Admin user enabled for container registry](admin-user-enabled-for-container-registry.md): {% callout %} - [Administrator's Guide](administrators-guide.md): Use this Datadog Administrators guide when your company has purchased and is ready to leverage Datadog's observabilit... - [Troubleshooting Admission Controller](admission-controller.md): This page provides troubleshooting for the Datadog Cluster Agent's [Admission Controller](https://docs.datadoghq.com/... - [Datadog Admission Controller](admission-controller-2.md): The Datadog Admission Controller is a component of the Datadog Cluster Agent. The main benefit of the Admission Contr... - [Advanced](advanced.md): - [Create a custom IAM policy to use with Cloudcraft](https://docs.datadoghq.com/cloudcraft/advanced/minimal-iam-policy) - [Advanced Configuration for MySQL Database Monitoring](advanced-configuration.md): Certain workloads require some maintenance on tables in`performance_schema`. Query statistics are aggregated in the ... - [Installing the Datadog Operator](advanced-install.md): This document contains detailed information about installing the Datadog Operator. For basic installation instruction... - [Advanced Log Collection Configurations](advanced-log-collection.md): After you set up [log collection](https://docs.datadoghq.com/agent/logs/), you can customize your collection configur... - [ECB mode is insecure](aes-ecb-insecure.md): {% callout %} - [The docker.socket file should be owned by root](aex-57w-5ut.md): Classification:complianceFramework:cis-dockerControl:3.3 - [The /etc/docker directory permissions should be set to 755 or stricter](af5-3mp-epu.md): Classification:complianceFramework:cis-dockerControl:3.6 - [Agent Commands](agent-commands.md): {% alert level="danger" %} - [Agent Configuration Files](agent-configuration-files.md): The location of the Agent configuration file differs depending on the operating system. - [Agent Log Files](agent-log-files.md): The Datadog Agent does a logs rollover every 10MB by default. When a rollover occurs, one backup (`agent.log.1`) is k... - [Agent Status Page](agent-status-page.md): The Agent status page displays information about your running Agent. See [Agent Commands](https://docs.datadoghq.com/... - [Python Version Management](agent-v6-python-3.md): If you are using Agent v6, Datadog recommends that you [upgrade to Agent v7](https://docs.datadoghq.com/agent/version... - [Agent](agent.md): {% alert level="info" %} - [APM metrics sent by the Datadog Agent](agent-apm-metrics.md): Find below the list of out-of-the-box tracing metrics sent by the Datadog Agent when [APM is enabled](https://docs.da... - [Agent Resource Usage by APM](agent-apm-resource-usage.md): The Agent is CPU-bound and its CPU usage is correlated with the number of spans received per second. - [Troubleshoot an Agent Check](agent-check-status.md): If you are experiencing issues with an Agent Check, use these commands to get more troubleshooting information. - [Creating Agent Rule Expressions](agent-expressions.md): The **Assisted rule creator** option helps you create the Agent and dependent detection rules together, and ensures t... - [Create an Agent-based Integration](agent-integration.md): This page guides Technology Partners through the process of creating an official Datadog Agent integration. - [DBM Agent Integration Overhead](agent-integration-overhead.md): Database Monitoring runs on top of the base Datadog Agent. By default, it's configured with optimal performance setti... - [Agent Rate Limits](agent-rate-limits.md): If you encounter the following error message in your Agent logs, the default APM connection limit of 2000 has been ex... - [Service Check Submission: Agent Check](agent-service-checks-submission.md): To submit a service check to Datadog within a custom Agent check, use the predefined`service_check()`function in th... - [Log Agent tags](agent-tags.md): The Datadog Agent automatically adds certain tags to all logs it collects before sending them to Datadog. These tags ... - [Understand the Difference Between the Agent Host and the Tracer Host](agent-tracer-hostnames.md): In Datadog APM, the`host`tag correlates spans and traces to infrastructure monitoring data, so host metrics are ass... - [Cloud Security Agent Variables](agent-variables.md): The Datadog Agent has several environment variables that can be enabled for Cloud Security. This article describes th... - [Agentic_onboardings](agentic-onboarding.md) - [Agentless Scanning](agentless-scanning.md): {% callout %} - [Cloud Security Agentless Scanning](agentless-scanning-2.md): {% callout %} - [Agents](agents.md): {% callout %} - [Aggregation Key Processor](aggregation-key.md): Use the aggregation key processor to generate a custom aggregation key (`@aggregation_key`) based on event attributes... - [The docker.service file ownership and group should be set to root](agi-95m-4vt.md): Classification:complianceFramework:cis-dockerControl:3.1 - [AI-Enhanced Static Code Analysis](ai-enhanced-sast.md): {% callout %} - [AIX](aix.md): The [Datadog UNIX Agent](https://github.com/DataDog/datadog-unix-agent/blob/master/README.md) brings host-level monit... - [AKS Cluster Component](aks-cluster.md): You can use the AKS Cluster component to represent and visualize Kubernetes clusters from your Azure environment. - [AKS Pod Component](aks-pod.md): You can use the AKS Pod component to represent and visualize application containers from your Azure environment with ... - [AKS Workload Component](aks-workload.md): You can use the AKS Workload component to represent and visualize Kubernetes workloads from your Azure environment. - [AKS disk encryption set ID undefined](aks-disk-encryption-set-id-undefined.md): {% callout %} - [AKS network policy misconfigured](aks-network-policy-misconfigured.md): {% callout %} - [AKS private cluster disabled](aks-private-cluster-disabled.md): {% callout %} - [AKS RBAC disabled](aks-rbac-disabled.md): {% callout %} - [Azure Policy Add-on Disabled in AKS Cluster](aks-uses-azure-policies-addon-disabled.md): {% callout %} - [ALB deletion protection disabled](alb-deletion-protection-disabled.md): {% callout %} - [ALB is not integrated with WAF](alb-is-not-integrated-with-waf.md): {% callout %} - [ALB listening on HTTP](alb-listening-on-http.md): {% callout %} - [ALB not dropping invalid headers](alb-not-dropping-invalid-headers.md): {% callout %} - [Alert on anomalous p99 latency of a database service](alert-anomalies-p99-database.md): *3 minutes to complete* - [Alert Graph Widget](alert-graph.md): Alert graphs are timeseries graphs showing the current status of most monitors defined on your system: - [Alert Value Widget](alert-value.md): The Alert value widget displays the current query value from a simple-alert metric monitor. Simple-alert monitors hav... - [Watchdog Alerts](alerts.md): Watchdog proactively looks for anomalies on your systems and applications. Each anomaly is then displayed in the [Wat... - [Alexa skill plaintext client secret exposed](alexa-skill-plaintext-client-secret-exposed.md): {% callout %} - [No hardcoded secret with algorithm methods](algorithm-no-hardcoded-secret.md): {% callout %} - [Algorithms](algorithms.md): | Function | Description | Exampl... - [FROM aliases must be unique](alias-must-be-unique.md): {% callout %} - [Alibaba Integration Billing](alibaba.md): Datadog bills for all Alibaba Virtual Machines being monitored in Datadog. These machines are billable regardless of ... - [Datadog Documentation Guides](all-guides.md): Guides in the Datadog documentation are pages that provide background knowledge, provide steps for advanced use cases... - [Cost Allocation](allocation.md): The Allocation section of Cloud Cost Management helps you understand and optimize your cloud spending by breaking dow... - [Setting Up Database Monitoring for Google AlloyDB managed Postgres](alloydb.md): Database Monitoring provides deep visibility into your Postgres databases by exposing query metrics, query samples, e... - [Always admit admission control plugin set](always-admit-admission-control-plugin-set.md): {% callout %} - [Always pull images admission control plugin not set](always-pull-images-admission-control-plugin-not-set.md): {% callout %} - [AWS DMS replication instance is publicly accessible](amazon-dms-replication-instance-is-publicly-accessible.md): {% callout %} - [Setting Up Database Monitoring for Amazon DocumentDB](amazon-documentdb.md): Database Monitoring offers comprehensive insights into your Amazon DocumentDB (with MongoDB compatibility) databases ... - [Amazon ECS](amazon-ecs.md): Amazon ECS is a scalable, high-performance container orchestration service that supports Docker containers. With the ... - [Amazon Elastic Container (ECS) Explorer](amazon-elastic-container-explorer.md): {% image - [Amazon MQ broker encryption disabled](amazon-mq-broker-encryption-disabled.md): {% callout %} - [make sure class names are readable](ambiguous-class-name.md): {% callout %} - [make sure function names are readable](ambiguous-function-name.md): {% callout %} - [make sure variable names are readable](ambiguous-variable-name.md): {% callout %} - [AMI not encrypted](ami-not-encrypted.md): {% callout %} - [AMI most recent without owner or filter](ami-owner-missing.md): {% callout %} - [AMI shared with multiple accounts](ami-shared-with-multiple-accounts.md): {% callout %} - [Amplify app access token exposed](amplify-app-access-token-exposed.md): {% callout %} - [Amplify app basic auth config password exposed](amplify-app-basic-auth-config-password-exposed.md): {% callout %} - [Amplify app OAuth token exposed](amplify-app-oauth-token-exposed.md): {% callout %} - [Amplify branch basic auth config password exposed](amplify-branch-basic-auth-config-password-exposed.md): {% callout %} - [Analytics from Cases and Events](analytics.md): {% callout %} - [Tracing Android Applications](android.md): Send [traces](https://docs.datadoghq.com/tracing/trace_collection/custom_instrumentation/android/otel) to Datadog fro... - [Avoid extra spaces inside Kotlin angle brackets](angle-bracket-spacing.md): {% callout %} - [API method explicitly documents its type](annotate-producesresponsetype.md): {% callout %} - [Annotated declarations should be visually separated](annotation-blank-line.md): {% callout %} - [Enforce annotation separation](annotation-spacing.md): {% callout %} - [Annotations](annotations.md): Annotations let you manually place vertical markers with descriptions on timeseries widgets. Adding annotations can b... - [Anomalies Page](anomalies.md): Datadog Cloud Cost Management (CCM) continuously monitors your environment to detect and prioritize unexpected cost c... - [Anomaly](anomaly.md): Anomaly detection analyzes logs to identify abnormal spikes in your log volume, which could indicate issues such as a... - [Anonymous auth is not set to false](anonymous-auth-is-not-set-to-false.md): {% callout %} - [Ansible](ansible.md): The [Datadog Ansible collection](https://github.com/ansible-collections/Datadog),`datadog.dd`, is the official colle... - [Set up Ansible Using a Standalone Datadog Role](ansible-standalone-role.md): The Datadog Agent Ansible role installs and configures the Datadog Agent and integrations. - [do not use Any type](any-type-disallow.md): {% callout %} - [Azure SQL Server Firewall Rules Created or Modified](aoc-jdx-q3d.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [API and Application Keys](api-app-keys.md): API keys are unique to your organization. An [API key](https://app.datadoghq.com/organization-settings/api-keys) is r... - [API Gateway Component](api-gateway.md): Use the API Gateway component to represent RESTful, HTTP, and WebSocket APIs from your Amazon Web Services architecture. - [API Security Inventory](api-inventory.md): {% callout %} - [API Management](api-management.md): Configure your API endpoints through the Datadog API. - [API Reference](api.md): title: API Reference - [API Gateway V2 stage access logging settings not defined](api-gateway-access-logging-disabled.md): {% callout %} - [API gateway API protocol not HTTPS](api-gateway-api-protocol-not-https.md): {% callout %} - [API Gateway cache cluster disabled](api-gateway-cache-cluster-disabled.md): {% callout %} - [API Gateway cache encrypted disabled](api-gateway-cache-encrypted-disabled.md): {% callout %} - [API Gateway deployment without access log setting](api-gateway-deployment-without-access-log-setting.md): {% callout %} - [API Gateway deployment without usage plan associated](api-gateway-deployment-without-api-gateway-usage-plan-associated.md): {% callout %} - [API Gateway endpoint config is not private](api-gateway-endpoint-config-is-not-private.md): {% callout %} - [API Gateway method does not contain an API key](api-gateway-method-does-not-contains-an-api-key.md): {% callout %} - [API Gateway method settings cache not encrypted](api-gateway-method-settings-cache-not-encrypted.md): {% callout %} - [API Gateway stage without usage plan associated](api-gateway-stage-without-api-gateway-usage-plan-associated.md): {% callout %} - [API Gateway with CloudWatch logging disabled](api-gateway-with-cloudwatch-logging-disabled.md): {% callout %} - [API Gateway with invalid compression](api-gateway-with-invalid-compression.md): {% callout %} - [API Gateway with open access](api-gateway-with-open-access.md): {% callout %} - [API Gateway without configured authorizer](api-gateway-without-configured-authorizer.md): {% callout %} - [API Gateway without security policy](api-gateway-without-security-policy.md): {% callout %} - [API Gateway without SSL certificate](api-gateway-without-ssl-certificate.md): {% callout %} - [API Gateway without WAF](api-gateway-without-waf.md): {% callout %} - [API Gateway X-Ray disabled](api-gateway-xray-disabled.md): {% callout %} - [Create an API-based integration](api-integration.md): This page guides Technology Partners through creating an official Datadog API integration. API integrations are best ... - [Getting Started with API Tests](api-test.md): API tests **proactively monitor** that your **most important services** are available at anytime and from anywhere. [... - [Instrumenting Amazon API Gateway](apigateway.md): {% callout %} - [APM Retention Filters](apm-retention-filters.md): Manage configuration of [APM retention filters](https://app.datadoghq.com/apm/traces/retention-filters) for your orga... - [Configuring An APM Stats Graph](apm-stats-graph.md): To configure your graph using APM stats data, follow these steps: - [APM](apm.md): Observe, troubleshoot, and improve cloud-scale applications with all telemetry in context - [Create a Dashboard to track and correlate APM metrics](apm-dashboard.md): *4 minutes to complete* - [APM Billing](apm-tracing-profiler.md): APM is available through three tiers: APM, APM Pro, and APM Enterprise. APM gives you deep visibility into your appli... - [Azure diagnostic setting deleted or disabled](apn-0ib-a6f.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [App Builder](app-builder.md): Datadog App Builder provides a low-code solution to rapidly develop and integrate secure, customized applications int... - [Enabling AAP for Azure App Services](app-service.md): {% callout %} - [App Builder](app-builder-2.md): {% callout %} - [App Service authentication disabled](app-service-authentication-disabled.md): {% callout %} - [App Service FTPS enforce disabled](app-service-ftps-enforce-disabled.md): {% callout %} - [App Service HTTP2 disabled](app-service-http2-disabled.md): {% callout %} - [App Service managed identity disabled](app-service-managed-identity-disabled.md): {% callout %} - [App Service not using latest TLS encryption version](app-service-not-using-latest-tls-encryption-version.md): {% callout %} - [App Service without latest PHP version](app-service-without-latest-php-version.md): {% callout %} - [App Service without latest Python version](app-service-without-latest-python-version.md): {% callout %} - [Application Gateway Component](application-gateway.md): You can use the Application Gateway component to represent and visualize application gateways from your Azure environ... - [Application Security](application-security.md): [Datadog Application Security](https://docs.datadoghq.com/security/application_security/) provides protection against... - [Getting Started in Datadog](application.md): {% callout %} - [App and API Protection](application-security-2.md): {% callout %} - [App and API Protection for Kubernetes](appsec.md): {% callout %} - [Do not use no-install-recommends](apt-get-no-install-recommends.md): {% callout %} - [Always use -y with apt-get install](apt-get-yes.md): {% callout %} - [Always pin versions in apt-get install](apt-pin-version.md): {% callout %} - [AWS Route 53 DNS query logging disabled](aqn-nem-2ud.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Agent Architecture](architecture.md): Agent 6 and 7 are composed of a main process responsible for collecting infrastructure metrics and logs, and receivin... - [Area Component](area.md): The Area component is one of the best components available to design and organize large diagrams. Along with the Text... - [Monitor Argo CD Deployments](argocd.md): {% callout %} - [Use strong security mechanisms with argon2](argon2.md): {% callout %} - [All arguments should be on separate lines or the same line.](argument-list-wrapping.md): {% callout %} - [do not have arguments with the same name](argument-same-name.md): {% callout %} - [Use arithmetic operator instead of a function](arith-operator-not-functions.md): {% callout %} - [Arithmetic](arithmetic.md): | Function | Description | Example | - [Arithmetic Processor](arithmetic-processor.md): Use the arithmetic processor to add a new attribute (without spaces or special characters in the new attribute name) ... - [Use `Array()` to ensure your variable is an array](array-coercion.md): {% callout %} - [Should clone array](array-is-stored-directly.md): {% callout %} - [Prefer using Array `join`](array-join.md): {% callout %} - [Use asList to create a list from array](arrays-aslist.md): {% callout %} - [Artifact Registry repo is public](artifact-registry-repository-is-public.md): {% callout %} - [Do not call assert on unsanitized user input](assert-user-input.md): {% callout %} - [assertRaises must check for a specific exception](assertraises-specific-exception.md): {% callout %} - [Assigning Tags](assigning-tags.md): Tagging is used throughout Datadog to query the machines and metrics you monitor. Without the ability to assign and f... - [Assignment name should use camelCase](assignment-name.md): {% callout %} - [Use AsSpan instead of range-based indexers for string](asspan-instead-of-range.md): {% callout %} - [Detects improper usage of void return in an async method](async-task-not-void.md): {% callout %} - [Unsafe execution of shell commands](asyncio-subprocess-create-shell.md): {% callout %} - [Unsafe execution of shell commands](asyncio-subprocess-exec.md): {% callout %} - [Athena database not encrypted](athena-database-not-encrypted.md): {% callout %} - [Athena workgroup not encrypted](athena-workgroup-not-encrypted.md): {% callout %} - [Prefer atomic file operations](atomic-file-operations.md): {% callout %} - [Attackers Explorer](attacker-explorer.md): {% callout %} - [Attacker Clustering](attacker-clustering.md): {% callout %} - [Attacker Fingerprint](attacker-fingerprint.md): {% callout %} - [Reserved Attributes](attributes.md): Attributes are used for facets and tags, which are then used to filter and search in the Events Explorer. - [Specify how attributes are used](attributeusage.md): {% callout %} - [The Docker daemon configuration file should be audited if applicable](aty-suc-tsx.md): Classification:complianceFramework:cis-dockerControl:1.2.10 - [Audit](audit.md): Search your Audit Logs events over HTTP. - [Audit log maxage not properly set](audit-log-maxage-not-properly-set.md): {% callout %} - [Audit log maxbackup not properly set](audit-log-maxbackup-not-properly-set.md): {% callout %} - [Audit log maxsize not properly set](audit-log-maxsize-not-properly-set.md): {% callout %} - [Audit log path not set](audit-log-path-not-set.md): {% callout %} - [Audit policy file not defined](audit-policy-file-not-defined.md): {% callout %} - [Audit policy does not cover key security concerns](audit-policy-not-cover-key-security-concerns.md): {% callout %} - [Datadog Audit Trail](audit-trail.md): As an administrator or security team member, you can use [Datadog Audit Trail](https://app.datadoghq.com/audit-trail)... - [Setting Up Database Monitoring for Aurora managed MySQL](aurora.md): Database Monitoring provides deep visibility into your MySQL databases by exposing query metrics, query samples, expl... - [Configuring Database Monitoring for Amazon Aurora DB Clusters](aurora-autodiscovery.md): This guide assumes you have configured Database Monitoring for your Amazon Aurora [Postgres](https://docs.datadoghq.c... - [Aurora with disabled at rest encryption](aurora-with-disabled-at-rest-encryption.md): {% callout %} - [Access and Authentication](auth.md): {% callout %} - [Auth0 SAML IdP](auth0.md): Follow the [Configure Auth0 as Identity Provider for Datadog](https://auth0.com/docs/protocols/saml-protocol/saml-con... - [Authentication](authentication.md): All requests to Datadog's API must be authenticated. Requests that write data require reporting access and require an... - [Authentication without MFA](authentication-without-mfa.md): {% callout %} - [AuthN Mappings](authn-mappings.md): [The AuthN Mappings API](https://docs.datadoghq.com/account_management/authn_mapping/?tab=example) is used to automat... - [Federated Authentication to Role Mapping API](authn-mapping.md): If you are using Federated Authentication mechanisms, this API allows you to automatically map groups of users to rol... - [Authorization](authorization.md): Datadog uses the [OAuth 2.0 (OAuth2) Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749) to allow... - [Authorization mode node not set](authorization-mode-node-not-set.md): {% callout %} - [Authorization mode RBAC not set](authorization-mode-rbac-not-set.md): {% callout %} - [Authorization mode set to always allow](authorization-mode-set-to-always-allow.md): {% callout %} - [Automate Snapshots of Cloud Accounts via the Cloudcraft API](auto-layout-via-api.md): Cloudcraft's **Auto Layout** feature, accessible through the web application, is a powerful tool for automatically ge... - [Auto Scaling Group Component](auto-scaling-group.md): Use the Auto Scaling Group component to represent Auto Scaling groups from your Amazon Web Services architecture. - [Auto Assign](auto-assign.md): Auto Assign automates triaging by assigning issues to the author of their [suspect commit](https://docs.datadoghq.com... - [Autodiscovery Auto-Configuration](auto-conf.md): When the Agent runs as a container, [Autodiscovery](https://docs.datadoghq.com/getting_started/containers/autodiscove... - [Automatic Multi-line Detection and Aggregation](auto-multiline-detection.md): {% alert level="danger" %} - [(Legacy) Automatic Multi-line Detection and Aggregation](auto-multiline-detection-legacy.md): {% alert level="danger" %} - [Auto Scaling group with no associated ELB](auto-scaling-group-with-no-associated-elb.md): {% callout %} - [Auto TLS set to true](auto-tls-set-to-true.md): {% callout %} - [Autodiscovery: Scenarios & Examples](autodiscovery-examples.md): This page contains detailed example templates for configuring integrations in containerized environments in the follo... - [Autodiscovery with JMX](autodiscovery-with-jmx.md): In containerized environments there are a few differences in how the Agent connects to the JMX server. Autodiscovery ... - [Autodiscovery Troubleshooting](autodiscovery.md): To start troubleshooting the Docker Agent Autodiscovery, run the`configcheck`init script command: - [Automate the Remediation of Detected Threats with Webhooks](automate-the-remediation-of-detected-threats.md): [Cloud SIEM](https://docs.datadoghq.com/security/cloud_siem/) allows you to set Detection Rules that trigger auto-rem... - [Automate open source risk reduction with Datadog SCA](automate-risk-reduction-sca.md): {% callout %} - [Automated Analysis](automated-analysis.md): Automated Analysis automatically detects performance issues in your applications using Continuous Profiler data and p... - [Automatic minor upgrades disabled](automatic-minor-upgrades-disabled.md): {% callout %} - [Findings Automation Pipelines](automation-pipelines.md): Automation Pipelines allows you to set up automated rules for newly discovered findings, thus accelerating triage and... - [Case automation rules](automation-rules.md): {% callout %} - [Automations](automations.md): {% callout %} - [Setting Up Database Monitoring for Oracle Autonomous Database](autonomous-database.md): Database Monitoring provides deep visibility into your Oracle databases by exposing query samples to profile your dif... - [Beta - Databricks autoscale configuration incomplete](autoscale-badly-setup.md): {% callout %} - [Kubernetes Autoscaling](autoscaling.md): {% callout %} - [Autoscaling groups supply tags](autoscaling-groups-supply-tags.md): {% callout %} - [Availability Zone Component](availability-zone.md): Use the Availability Zone component to represent Availability Zones from your Amazon Web Services architecture. - [Use COPY instead of ADD](avoid-add-use-copy.md): {% callout %} - [LDAP connections must use explicit user credentials](avoid-anonymous-ldap.md): {% callout %} - [Unintended property updates expose sensitive data](avoid-autobinding.md): {% callout %} - [Avoid executing shell commands with arbitrary input](avoid-backticks.md): {% callout %} - [Avoid bare returns](avoid-bare-return.md): {% callout %} - [Do not use BinaryFormatter as it is insecure and vulnerable](avoid-binary-formatter.md): {% callout %} - [Avoid Calendar class use](avoid-calendar-creation.md): {% callout %} - [Avoid calling GC.SuppressFinalize()](avoid-call-gc-suppress-finalize.md): {% callout %} - [Avoid calling the GC directly](avoid-call-to-gc.md): {% callout %} - [Do not give wide permissions on files](avoid-chmod-777.md): {% callout %} - [Avoid storing sensitive info](avoid-clear-sensitive-info.md): {% callout %} - [Avoid commands not made for containers](avoid-commands-not-relevant.md): {% callout %} - [Avoid RC4](avoid-crypto-rc4.md): {% callout %} - [Avoid SHA1 security protocol](avoid-crypto-sha1.md): {% callout %} - [Do not enable debug in production](avoid-debug-mode.md): {% callout %} - [Avoid DES and 3DES](avoid-des.md): {% callout %} - [Avoid DML native statements](avoid-dml-native-statements.md): {% callout %} - [Avoid using dollar signs in variable names](avoid-dollar-signs.md): {% callout %} - [Dot imports should be avoided](avoid-dot-imports.md): {% callout %} - [Avoid duplicate keys in dictionaries](avoid-duplicate-keys.md): {% callout %} - [Avoid empty blocks](avoid-empty-blocks.md): {% callout %} - [Avoid empty critical sections](avoid-empty-critical-sections.md): {% callout %} - [Avoid creating FileStream directly](avoid-filestream.md): {% callout %} - [Avoid FormattableString](avoid-formattablestring.md): {% callout %} - [Avoid using GC.Collect](avoid-gc-collect.md): {% callout %} - [Avoid global definitions](avoid-global.md): {% callout %} - [Avoid using goto statements](avoid-goto-use.md): {% callout %} - [Use hash literal](avoid-hash-constructor.md): {% callout %} - [Avoid fetching data from HTTP endpoint](avoid-http.md): {% callout %} - [Avoid using inplace=True](avoid-inplace.md): {% callout %} - [Avoid md5](avoid-md5.md): {% callout %} - [Avoid declaring a field type as MessageDigest](avoid-message-digest-field.md): {% callout %} - [No need to check for nil before a loop](avoid-nil-check-loop.md): {% callout %} - [Do not use operators that don't exist](avoid-non-existant-operators.md): {% callout %} - [Do not use operators that do not exists](avoid-non-existing-operators.md): {% callout %} - [Avoid NotImplementedException](avoid-notimplementedexception.md): {% callout %} - [Avoid NullCipher](avoid-null-cipher.md): {% callout %} - [Do not trust unsanitized user input for I/O](avoid-path-injection.md): {% callout %} - [Avoid building paths from untrusted data](avoid-path-traversal.md): {% callout %} - [Avoid potential server side request forgeries (SSRFs)](avoid-potential-ssrf.md): {% callout %} - [Avoid using printStackTrace()](avoid-printstacktrace.md): {% callout %} - [Avoid propagation exception messages](avoid-propagate-exception-info.md): {% callout %} - [Avoid using protected field in final class](avoid-protected-in-final-class.md): {% callout %} - [Prefer SecureRandom over Random](avoid-random.md): {% callout %} - [Avoid SetString() from big.Rat](avoid-rat-setstring.md): {% callout %} - [Don't reassign a catch variable](avoid-reassigning-catch-vars.md): {% callout %} - [Avoid reassigning parameters](avoid-reassigning-parameters.md): {% callout %} - [Avoid using user input for runtime commands](avoid-runtime-injection.md): {% callout %} - [Avoid sha1](avoid-sha1.md): {% callout %} - [Avoid using SHA224](avoid-sha224.md): {% callout %} - [Do not silence errors, they should not be ignored](avoid-silencing-errors.md): {% callout %} - [Avoid potential SSRF attacks in your Python code](avoid-ssrf.md): {% callout %} - [avoid string concatenation](avoid-string-concat.md): {% callout %} - [Avoid instantiating strings](avoid-string-instantiation.md): {% callout %} - [Avoid syscall](avoid-syscall.md): {% callout %} - ["try!" should not be used](avoid-try.md): {% callout %} - [Avoid using protocols without SSL](avoid-unencrypted-protocols.md): {% callout %} - [Avoid unsafe call to unlink](avoid-unlink.md): {% callout %} - [Avoid unsafe blocks](avoid-unsafe.md): {% callout %} - [Avoid the use of unserialize](avoid-unserialize.md): {% callout %} - [FTP should be avoided, unless it is used with SSL](avoid-using-ftp.md): {% callout %} - [Avoid `System.loadLibrary` for improved Java portability.](avoid-using-native-code.md): {% callout %} - [Avoid using the phpinfo function](avoid-using-phpinfo.md): {% callout %} - [Use strong cipher algorithms instead of deprecated ones](avoid-weak-ciphers.md): {% callout %} - [Prevent XXE attack from XML parser](avoid-xml-xxe.md): {% callout %} - [Put constants and values on the right](avoid-yoda-conditions.md): {% callout %} - [AWS Accounts](aws-accounts.md): .openapi-spec-content img{max-width:100%}.openapi-spec-content h1 a:hover,.openapi-spec-content h2 a:hover{color:#000... - [AWS Batch with ECS Fargate and the Datadog Agent](aws-batch-ecs-fargate.md): You can run the Datadog Agent alongside your AWS Batch job containers by adding the container to your job definition. - [use env vars over hardcoded values](aws-boto-credentials.md): {% callout %} - [AWS Configuration Guide for Cloud SIEM](aws-config-guide-for-cloud-siem.md): Cloud SIEM applies detection rules to all processed logs in Datadog to detect threats, like a targeted attack, a thre... - [Set up App and API Protection for .NET on AWS Fargate](aws-fargate.md): {% callout %} - [AWS Integration](aws-integration.md): Configure your Datadog-AWS integration directly through the Datadog API. For more information, see the [AWS integrati... - [AWS Logs Integration](aws-logs-integration.md): Configure your Datadog-AWS-Logs integration directly through Datadog API. For more information, see the [AWS integrat... - [Account](awsaccountdataset.md): The AWS Account resource provides details about an AWS account's contact information. It includes alternate contacts ... - [Certificate Manager](awsacmdataset.md): This table represents the Certificate Manager resource from Amazon Web Services. - [ACM PCA Certificate Authority](awsacmpca-certificateauthoritydataset.md): This table represents the ACM PCA Certificate Authority resource from Amazon Web Services. - [AMI](awsamidataset.md): This table represents the AMI resource from Amazon Web Services. - [AMP Rule Groups Namespace](awsamp-rulegroupsnamespacedataset.md): This table represents the AMP Rule Groups Namespace resource from Amazon Web Services. - [Managed Service for Prometheus Scraper](awsamp-scraperdataset.md): Managed Service for Prometheus Scraper in AWS is a fully managed component that collects metrics from your workloads ... - [Managed Service for Prometheus Workspace](awsamp-workspacedataset.md): Managed Service for Prometheus Workspace in AWS is a fully managed, scalable, and secure environment for monitoring a... - [Amplify App](awsamplify-appdataset.md): An Amplify App in AWS represents a fully managed service for building, deploying, and hosting full-stack web and mobi... - [Amplify Artifact](awsamplify-artifactdataset.md): Amplify Artifact in AWS represents the output files or build results generated during an Amplify app's build and depl... - [Amplify Backend Environment](awsamplify-backend-environmentdataset.md): An Amplify Backend Environment in AWS represents an isolated backend setup for an Amplify app, allowing developers to... - [Amplify Branch](awsamplify-branchdataset.md): An Amplify Branch in AWS represents a deployment branch within an Amplify App. It allows you to connect a specific Gi... - [Amplify Domain Association](awsamplify-domain-associationdataset.md): Amplify Domain Association in AWS links a custom domain to an Amplify app, enabling users to access the app through t... - [Amplify Job](awsamplify-jobdataset.md): An Amplify Job in AWS represents a build or deployment task run within an Amplify app. It provides details about the ... - [Amplify Webhook](awsamplify-webhookdataset.md): An Amplify Webhook in AWS is a resource that allows external systems or services to trigger actions in an Amplify app... - [Analyzer](awsanalyzerdataset.md): This table represents the Analyzer resource from Amazon Web Services. - [Analyzer Finding](awsanalyzer-findingdataset.md): This table represents the Analyzer Finding resource from Amazon Web Services. - [API Gateway Account](awsapigateway-accountdataset.md): The API Gateway Account resource in AWS represents the account-level settings for Amazon API Gateway. It includes con... - [API Gateway API](awsapigateway-apidataset.md): This table represents the API Gateway API resource from Amazon Web Services. - [API Gateway API Key](awsapigateway-apikeydataset.md): This table represents the API Gateway API Key resource from Amazon Web Services. - [API Gateway Authorizer](awsapigateway-authorizerdataset.md): API Gateway Authorizer in AWS is a component that controls access to APIs by validating incoming requests. It can use... - [API Gateway Base Path Mapping](awsapigateway-base-path-mappingdataset.md): API Gateway Base Path Mapping in AWS links a custom domain name to a specific API stage within API Gateway. It allows... - [API Gateway Client Certificate](awsapigateway-client-certificatedataset.md): An API Gateway Client Certificate in AWS is a resource that provides a client-side SSL/TLS certificate for authentica... - [API Gateway Deployment](awsapigateway-deploymentdataset.md): An API Gateway Deployment in AWS represents a snapshot of an API's configuration that can be deployed to a specific s... - [API Gateway Documentation Part](awsapigateway-documentationpartdataset.md): This table represents the API Gateway Documentation Part resource from Amazon Web Services. - [API Gateway Domain Name](awsapigateway-domain-namedataset.md): API Gateway Domain Name in AWS represents a custom domain that you can map to your API Gateway APIs. It allows you to... - [API Gateway Domain Name Access Association](awsapigateway-domainnameaccessassociationdataset.md): This table represents the API Gateway Domain Name Access Association resource from Amazon Web Services. - [API Gateway Gateway Response](awsapigateway-gatewayresponsedataset.md): This table represents the API Gateway Gateway Response resource from Amazon Web Services. - [API Gateway Integration](awsapigateway-integrationdataset.md): API Gateway Integration in AWS defines how an API method connects to a backend endpoint or service. It specifies the ... - [API Gateway Method](awsapigateway-methoddataset.md): An API Gateway Method in AWS defines the specific HTTP request type (such as GET, POST, PUT, DELETE) that can be call... - [API Gateway Model](awsapigateway-modeldataset.md): An API Gateway Model in AWS defines the data structure for request and response payloads in an API. It uses JSON sche... - [API Gateway Request Validator](awsapigateway-requestvalidatordataset.md): This table represents the API Gateway Request Validator resource from Amazon Web Services. - [API Gateway Resource](awsapigateway-resourcedataset.md): An API Gateway Resource in AWS represents a specific path segment within an API. It acts as a container for methods (... - [API Gateway Stage](awsapigateway-stagedataset.md): An API Gateway Stage in AWS represents a specific deployment of an API, serving as an environment (such as dev, test,... - [API Gateway Usage Plan](awsapigateway-usageplandataset.md): This table represents the API Gateway Usage Plan resource from Amazon Web Services. - [API Gateway Usage Plan Key](awsapigateway-usageplankeydataset.md): This table represents the API Gateway Usage Plan Key resource from Amazon Web Services. - [API Gateway VPC Link](awsapigateway-vpclinkdataset.md): This table represents the API Gateway VPC Link resource from Amazon Web Services. - [API Gateway API](awsapigatewayv2-apidataset.md): API Gateway API in AWS is a managed service that allows you to create, publish, maintain, monitor, and secure APIs at... - [API Gateway API Mapping](awsapigatewayv2-api-mappingdataset.md): API Gateway API Mapping in AWS connects a custom domain name to a specific API stage in API Gateway v2. It allows you... - [API Gateway Authorizer](awsapigatewayv2-authorizerdataset.md): An API Gateway Authorizer in AWS is a component that controls access to APIs by validating incoming requests before t... - [API Gateway Deployment](awsapigatewayv2-deploymentdataset.md): An API Gateway Deployment in AWS represents a snapshot of an API configuration that can be deployed to a specific sta... - [API Gateway Domain Name](awsapigatewayv2-domain-namedataset.md): API Gateway Domain Name in AWS allows you to set up a custom domain for your API Gateway APIs. Instead of using the d... - [API Gateway V2 Integration](awsapigatewayv2-integrationdataset.md): API Gateway V2 Integration in AWS defines how an API Gateway route connects to a backend service. It specifies the ty... - [API Gateway V2 Integration Response](awsapigatewayv2-integrationresponsedataset.md): API Gateway V2 Integration Response in AWS defines how the API Gateway should handle the response from an integration... - [API Gateway Model](awsapigatewayv2-modeldataset.md): An API Gateway Model in AWS defines the data structure for request and response payloads in API Gateway. It uses JSON... - [API Gateway Route](awsapigatewayv2-routedataset.md): An API Gateway Route in AWS defines how incoming requests are directed to backend integrations within an API Gateway ... - [API Gateway Route Response](awsapigatewayv2-routeresponsedataset.md): An API Gateway Route Response in AWS defines how API Gateway responds to a client when a particular route is matched.... - [API Gateway Stage](awsapigatewayv2-stagedataset.md): An API Gateway Stage in AWS represents a specific deployment of an API Gateway API, serving as an environment where t... - [API Gateway V2 VPC Link](awsapigatewayv2-vpclinkdataset.md): This table represents the API Gateway V2 VPC Link resource from Amazon Web Services. - [AWS AppConfig Application](awsappconfig-applicationdataset.md): AWS AppConfig Application is a logical container within AWS AppConfig used to manage configuration data for one or mo... - [Appconfig Configurationprofile](awsappconfig-configurationprofiledataset.md): This table represents the appconfig_configurationprofile resource from Amazon Web Services. - [Appconfig Deploymentstrategy](awsappconfig-deploymentstrategydataset.md): This table represents the appconfig_deploymentstrategy resource from Amazon Web Services. - [AWS AppConfig Environment](awsappconfig-environmentdataset.md): An AWS AppConfig Environment is a logical deployment space within AWS AppConfig where configuration profiles are depl... - [AWS AppConfig Extension](awsappconfig-extensiondataset.md): AWS AppConfig Extension is a component that allows you to extend the functionality of AWS AppConfig by integrating wi... - [Appconfig Extensionassociation](awsappconfig-extensionassociationdataset.md): This table represents the appconfig_extensionassociation resource from Amazon Web Services. - [Amazon AppFlow Connector](awsappflow-connectordataset.md): Amazon AppFlow Connector is a managed integration resource that enables secure data transfer between AWS services and... - [Appflow Connectorprofile](awsappflow-connectorprofiledataset.md): This table represents the appflow_connectorprofile resource from Amazon Web Services. - [Amazon AppFlow Flow](awsappflow-flowdataset.md): Amazon AppFlow Flow is a managed integration resource that automates data transfers between AWS services and external... - [AppIntegrations Application](awsappintegrations-applicationdataset.md): AppIntegrations Application in AWS represents a resource that allows you to integrate external applications and data ... - [AppIntegrations Application Association](awsappintegrations-application-associationdataset.md): AppIntegrations Application Association in AWS represents the link between an AppIntegrations application and another... - [AppIntegrations Data Integration](awsappintegrations-data-integrationdataset.md): AppIntegrations Data Integration in AWS represents a configuration that allows you to bring together data from differ... - [AppIntegrations Data Integration Association](awsappintegrations-data-integration-associationdataset.md): AppIntegrations Data Integration Association in AWS represents the link between a data integration and a client resou... - [AppIntegrations Event Integration](awsappintegrations-event-integrationdataset.md): AppIntegrations Event Integration in AWS allows you to capture events from supported SaaS applications and route them... - [AppIntegrations Event Integration Association](awsappintegrations-event-integration-associationdataset.md): AppIntegrations Event Integration Association in AWS links an event integration with specific resources such as event... - [Application Auto Scaling Activity](awsapplication-autoscaling-activitydataset.md): This table represents the Application Auto Scaling Activity resource from Amazon Web Services. - [Application Autoscaling Policy](awsapplication-autoscaling-policydataset.md): This table represents the Application Autoscaling Policy resource from Amazon Web Services. - [Application Signals Slo](awsapplication-signals-slodataset.md): This table represents the application_signals_slo resource from Amazon Web Services. - [Application Auto Scaling Scheduled Action](awsapplicationautoscaling-scheduled-actiondataset.md): Application Auto Scaling Scheduled Action in AWS allows you to define scaling actions that occur at specific times. I... - [Apprunner Auto Scaling Configuration](awsapprunner-autoscaling-configurationdataset.md): This table represents the Apprunner Auto Scaling Configuration resource from Amazon Web Services. - [App Runner Connection](awsapprunner-connectiondataset.md): App Runner Connection in AWS represents a link between App Runner and an external source code repository or service p... - [App Runner Observability Configuration](awsapprunner-observability-configurationdataset.md): App Runner Observability Configuration in AWS provides details about how observability features, such as logging and ... - [App Runner Service](awsapprunner-servicedataset.md): App Runner Service is a fully managed AWS service that makes it easy to build, deploy, and run containerized web appl... - [App Runner VPC Connector](awsapprunner-vpc-connectordataset.md): App Runner VPC Connector in AWS allows an App Runner service to securely connect to resources inside a VPC. It provid... - [App Runner VPC Ingress Connection](awsapprunner-vpc-ingress-connectiondataset.md): App Runner VPC Ingress Connection in AWS allows an App Runner service to receive traffic securely from resources insi... - [AppStream 2.0 App Block](awsappstream-app-blockdataset.md): An AppStream 2.0 App Block in AWS is a resource that packages applications and their dependencies so they can be stre... - [AppStream 2.0 App Block Builder](awsappstream-app-block-builderdataset.md): AppStream 2.0 App Block Builder is an AWS resource that lets you create and manage App Blocks, which package applicat... - [AppStream 2.0 Application](awsappstream-applicationdataset.md): An AppStream 2.0 Application in AWS represents a software application that can be streamed to users through AppStream... - [AppStream 2.0 Fleet](awsappstream-fleetdataset.md): AppStream 2.0 Fleet is a group of streaming instances in AWS AppStream 2.0 that deliver virtualized applications or d... - [AppStream 2.0 Image](awsappstream-imagedataset.md): An AppStream 2.0 Image in AWS is a template that contains the operating system, applications, and settings needed to ... - [AppStream 2.0 Image Builder](awsappstream-image-builderdataset.md): AppStream 2.0 Image Builder is a managed AWS resource that provides a virtual machine environment for creating and cu... - [AppStream 2.0 Public Image](awsappstream-public-imagedataset.md): An AppStream 2.0 Public Image in AWS is a preconfigured, ready-to-use image that contains applications and settings f... - [AppStream 2.0 Stack](awsappstream-stackdataset.md): An AppStream 2.0 Stack in AWS defines the configuration for delivering applications or desktops to users. It specifie... - [AppSync GraphQL API](awsappsync-apidataset.md): AppSync GraphQL API is a managed service in AWS that allows you to build scalable GraphQL APIs by securely connecting... - [AppSync Channel Namespace](awsappsync-channel-namespacedataset.md): This table represents the AppSync Channel Namespace resource from Amazon Web Services. - [AppSync Data Source](awsappsync-data-sourcedataset.md): An AppSync Data Source in AWS represents the backend system that an AppSync GraphQL API connects to for retrieving or... - [AppSync Domain Name](awsappsync-domain-namedataset.md): This table represents the AppSync Domain Name resource from Amazon Web Services. - [AppSync Function](awsappsync-functiondataset.md): An AppSync Function in AWS is a reusable unit of business logic within an AppSync pipeline resolver. It allows you to... - [AppSync GraphQL API](awsappsync-graphql-apidataset.md): AppSync GraphQL API is a managed service in AWS that lets you build scalable GraphQL APIs by connecting to data sourc... - [AppSync Source API Association](awsappsync-source-api-associationdataset.md): AppSync Source API Association in AWS links a source GraphQL API to a merged API, allowing multiple APIs to be combin... - [Athena Capacity Reservation](awsathena-capacityreservationdataset.md): This table represents the Athena Capacity Reservation resource from Amazon Web Services. - [Athena Datacatalog](awsathena-datacatalogdataset.md): This table represents the Athena Datacatalog resource from Amazon Web Services. - [Athena Named Query](awsathena-named-querydataset.md): Athena Named Query in AWS is a saved SQL query that you can create and reuse within Amazon Athena. It allows you to s... - [Athena Prepared Statement](awsathena-prepared-statementdataset.md): An Athena Prepared Statement in AWS is a saved SQL query that can be parameterized and reused across multiple executi... - [Athena Workgroup](awsathena-workgroupdataset.md): This table represents the Athena Workgroup resource from Amazon Web Services. - [Audit Manager Assessment](awsauditmanager-assessmentdataset.md): Audit Manager Assessment in AWS is a resource that represents an evaluation created within AWS Audit Manager. It help... - [Auditmanager Assessment Control Set](awsauditmanager-assessmentcontrolsetdataset.md): This table represents the Auditmanager Assessment Control Set resource from Amazon Web Services. - [Auditmanager Assessment Framework](awsauditmanager-assessmentframeworkdataset.md): This table represents the Auditmanager Assessment Framework resource from Amazon Web Services. - [Audit Manager Control](awsauditmanager-controldataset.md): Audit Manager Control in AWS represents a specific compliance control within AWS Audit Manager. It provides detailed ... - [Auto Scaling Group](awsautoscaling-groupdataset.md): An Auto Scaling Group in AWS is a resource that manages a collection of Amazon EC2 instances as a single unit. It aut... - [EC2 Auto Scaling Launch Configuration](awsautoscaling-launch-configurationdataset.md): An EC2 Auto Scaling Launch Configuration is a template that defines how Amazon EC2 instances should be launched withi... - [Auto Scaling Policy](awsautoscaling-policydataset.md): This table represents the Auto Scaling Policy resource from Amazon Web Services. - [Auto Scaling Scheduled Action](awsautoscaling-scheduled-actiondataset.md): This table represents the Auto Scaling Scheduled Action resource from Amazon Web Services. - [Availability Zone](awsavailability-zonedataset.md): This table represents the Availability Zone resource from Amazon Web Services. - [B2B Data Interchange Capability](awsb2bi-capabilitydataset.md): B2B Data Interchange Capability in AWS B2BI enables secure and reliable exchange of business documents between tradin... - [B2B Data Interchange Partnership](awsb2bi-partnershipdataset.md): B2B Data Interchange Partnership in AWS B2BI represents the configuration and relationship between two trading partne... - [B2B Data Interchange Profile](awsb2bi-profiledataset.md): B2B Data Interchange Profile in AWS B2BI defines the configuration and details of a trading partner's profile used fo... - [B2B Data Interchange Transformer](awsb2bi-transformerdataset.md): The B2B Data Interchange Transformer in AWS B2BI is a resource that defines and manages data transformation logic for... - [Backup Framework](awsbackup-frameworkdataset.md): AWS Backup Framework is a resource that defines a set of compliance controls for backup policies within AWS Backup. I... - [Backup Gateway Gateway](awsbackup-gateway-gatewaydataset.md): This table represents the Backup Gateway Gateway resource from Amazon Web Services. - [Backup Gateway Hypervisor](awsbackup-gateway-hypervisordataset.md): This table represents the Backup Gateway Hypervisor resource from Amazon Web Services. - [Backup Gateway Virtual Machine](awsbackup-gateway-virtual-machinedataset.md): This table represents the Backup Gateway Virtual Machine resource from Amazon Web Services. - [Backup Legalhold](awsbackup-legalholddataset.md): This table represents the Backup Legalhold resource from Amazon Web Services. - [Backup Plan](awsbackup-plandataset.md): This table represents the Backup Plan resource from Amazon Web Services. - [Backup Protected Resource](awsbackup-protected-resourcedataset.md): A Backup Protected Resource in AWS represents an item, such as an Amazon EC2 instance, RDS database, or EFS file syst... - [Backup Recovery Point](awsbackup-recovery-pointdataset.md): This table represents the Backup Recovery Point resource from Amazon Web Services. - [Backup Vault](awsbackup-vaultdataset.md): This table represents the Backup Vault resource from Amazon Web Services. - [Batch Compute Engine Environment](awsbatch-compute-environmentdataset.md): This table represents the Batch Compute Engine Environment resource from Amazon Web Services. - [Batch Job Definition](awsbatch-job-definitiondataset.md): An AWS Batch Job Definition is a resource that specifies how batch jobs should be run in AWS Batch. It defines parame... - [Batch Job Queue](awsbatch-job-queuedataset.md): An AWS Batch Job Queue is a resource that manages how submitted batch jobs are prioritized and assigned to compute en... - [Batch Scheduling Policy](awsbatch-scheduling-policydataset.md): An AWS Batch Scheduling Policy defines how jobs are prioritized and ordered within a compute environment. It allows y... - [Bedrock Agent](awsbedrock-agentdataset.md): This table represents the Bedrock Agent resource from Amazon Web Services. - [Bedrock Agent Action Group](awsbedrock-agent-action-groupdataset.md): This table represents the Bedrock Agent Action Group resource from Amazon Web Services. - [Bedrock Agent Alias](awsbedrock-agent-aliasdataset.md): This table represents the Bedrock Agent Alias resource from Amazon Web Services. - [Bedrock Application Inference Profile](awsbedrock-application-inference-profiledataset.md): An AWS Bedrock Application Inference Profile defines the configuration and details of an inference setup for running ... - [Bedrock Async Invoke](awsbedrock-async-invokedataset.md): This table represents the Bedrock Async Invoke resource from Amazon Web Services. - [Bedrock Blueprint](awsbedrock-blueprintdataset.md): This table represents the Bedrock Blueprint resource from Amazon Web Services. - [Bedrock Custom Model](awsbedrock-custom-modeldataset.md): Bedrock Custom Model in AWS allows you to manage and retrieve details about custom foundation models that you have cr... - [Bedrock Data Source](awsbedrock-data-sourcedataset.md): This table represents the Bedrock Data Source resource from Amazon Web Services. - [Bedrock Evaluation Job](awsbedrock-evaluation-jobdataset.md): An AWS Bedrock Evaluation Job is a managed resource that allows you to assess and compare the performance of foundati... - [Bedrock Flow](awsbedrock-flowdataset.md): This table represents the Bedrock Flow resource from Amazon Web Services. - [Bedrock Flow Alias](awsbedrock-flow-aliasdataset.md): This table represents the Bedrock Flow Alias resource from Amazon Web Services. - [Bedrock Foundation Model](awsbedrock-foundation-modeldataset.md): Bedrock Foundation Model in AWS provides access to large-scale machine learning models through Amazon Bedrock. It all... - [Bedrock Guardrail](awsbedrock-guardraildataset.md): Bedrock Guardrail is an AWS resource that helps manage and enforce safety, compliance, and responsible use policies f... - [Bedrock Imported Model](awsbedrock-imported-modeldataset.md): Bedrock Imported Model in AWS represents a foundation model that has been imported into Amazon Bedrock for use in app... - [Bedrock Ingestion Job](awsbedrock-ingestion-jobdataset.md): This table represents the Bedrock Ingestion Job resource from Amazon Web Services. - [Bedrock Knowledge Base](awsbedrock-knowledge-basedataset.md): This table represents the Bedrock Knowledge Base resource from Amazon Web Services. - [Bedrock Marketplace Model Endpoint](awsbedrock-marketplace-model-endpointdataset.md): An AWS Bedrock Marketplace Model Endpoint is a managed endpoint that provides access to foundation models purchased o... - [Bedrock Model Copy Job](awsbedrock-model-copy-jobdataset.md): Bedrock Model Copy Job in AWS allows you to create and manage jobs that copy foundation models within Amazon Bedrock.... - [Bedrock Model Customization Job](awsbedrock-model-customization-jobdataset.md): Bedrock Model Customization Job in AWS allows you to create and manage fine-tuning jobs for foundation models in Amaz... - [Bedrock Model Invocation Job](awsbedrock-model-invocation-jobdataset.md): Bedrock Model Invocation Job in AWS represents the result of running a model through Amazon Bedrock. It provides deta... - [Bedrock Prompt](awsbedrock-promptdataset.md): This table represents the Bedrock Prompt resource from Amazon Web Services. - [Bedrock Prompt Router](awsbedrock-prompt-routerdataset.md): Bedrock Prompt Router in AWS is a resource that helps manage and route prompts to different foundation models availab... - [Bedrock Provisioned Model Throughput](awsbedrock-provisioned-model-throughputdataset.md): This table represents the Bedrock Provisioned Model Throughput resource from Amazon Web Services. - [Bedrock Settings](awsbedrock-settingsdataset.md): This table represents the Bedrock Settings resource from Amazon Web Services. - [Bedrock System-Defined Inference Profile](awsbedrock-system-defined-inference-profiledataset.md): The Bedrock System-Defined Inference Profile in AWS provides predefined configurations for running inference with fou... - [Billingconductor Billinggroup](awsbillingconductor-billinggroupdataset.md): This table represents the billingconductor_billinggroup resource from Amazon Web Services. - [Billingconductor Customlineitem](awsbillingconductor-customlineitemdataset.md): This table represents the billingconductor_customlineitem resource from Amazon Web Services. - [Billingconductor Pricingplan](awsbillingconductor-pricingplandataset.md): This table represents the billingconductor_pricingplan resource from Amazon Web Services. - [Billingconductor Pricingrule](awsbillingconductor-pricingruledataset.md): This table represents the billingconductor_pricingrule resource from Amazon Web Services. - [Cleanrooms Analysistemplate](awscleanrooms-analysistemplatedataset.md): This table represents the cleanrooms_analysistemplate resource from Amazon Web Services. - [AWS Clean Rooms Collaboration](awscleanrooms-collaborationdataset.md): AWS Clean Rooms Collaboration is a resource that represents a secure data collaboration environment within AWS Clean ... - [Cleanrooms Configuredaudiencemodelassociation](awscleanrooms-configuredaudiencemodelassociationdataset.md): This table represents the cleanrooms_configuredaudiencemodelassociation resource from Amazon Web Services. - [Cleanrooms Configuredtable](awscleanrooms-configuredtabledataset.md): This table represents the cleanrooms_configuredtable resource from Amazon Web Services. - [Cleanrooms Configuredtableassociation](awscleanrooms-configuredtableassociationdataset.md): This table represents the cleanrooms_configuredtableassociation resource from Amazon Web Services. - [Cleanrooms Idmappingtable](awscleanrooms-idmappingtabledataset.md): This table represents the cleanrooms_idmappingtable resource from Amazon Web Services. - [Cleanrooms Idnamespaceassociation](awscleanrooms-idnamespaceassociationdataset.md): This table represents the cleanrooms_idnamespaceassociation resource from Amazon Web Services. - [AWS Clean Rooms Membership](awscleanrooms-membershipdataset.md): AWS Clean Rooms Membership represents a participant's association within an AWS Clean Rooms collaboration. It contain... - [Cleanrooms Privacybudgettemplate](awscleanrooms-privacybudgettemplatedataset.md): This table represents the cleanrooms_privacybudgettemplate resource from Amazon Web Services. - [CloudFormation Generatedtemplate](awscloudformation-generatedtemplatedataset.md): This table represents the CloudFormation Generatedtemplate resource from Amazon Web Services. - [CloudFormation Resourcescan](awscloudformation-resourcescandataset.md): This table represents the CloudFormation Resourcescan resource from Amazon Web Services. - [CloudFormation Stack](awscloudformation-stackdataset.md): An AWS CloudFormation Stack is a collection of AWS resources that you can manage as a single unit. It allows you to c... - [CloudFormation Stackset](awscloudformation-stacksetdataset.md): This table represents the CloudFormation Stackset resource from Amazon Web Services. - [CloudFormation Type](awscloudformation-typedataset.md): CloudFormation Type in AWS represents a registered resource type, module, or hook that can be used within AWS CloudFo... - [CloudFront Anycast IP List](awscloudfront-anycast-ip-listdataset.md): Provides a list of Anycast IP addresses used by Amazon CloudFront. These IPs represent the global entry points for Cl... - [CloudFront Cache Policy](awscloudfront-cache-policydataset.md): CloudFront Cache Policy in AWS defines how CloudFront caches content based on request headers, cookies, and query str... - [CloudFront Continuous Deployment Policy](awscloudfront-continuous-deployment-policydataset.md): A CloudFront Continuous Deployment Policy in AWS defines how traffic is safely shifted between two CloudFront distrib... - [CloudFront Distribution](awscloudfront-distributiondataset.md): A CloudFront Distribution is a globally distributed content delivery network resource in AWS that delivers web conten... - [CloudFront Field-Level Encryption Configuration](awscloudfront-field-level-encryption-configdataset.md): CloudFront Field-Level Encryption Configuration in AWS defines how sensitive data in HTTP requests is protected at th... - [CloudFront Field-Level Encryption Profile](awscloudfront-field-level-encryption-profiledataset.md): A CloudFront Field-Level Encryption Profile in AWS defines the configuration used to encrypt specific data fields in ... - [CloudFront Function](awscloudfront-functiondataset.md): CloudFront Function is a lightweight, serverless code execution environment in Amazon CloudFront. It allows you to ru... - [CloudFront Key Group](awscloudfront-key-groupdataset.md): A CloudFront Key Group is a collection of public keys that you can use with signed URLs or signed cookies to control ... - [CloudFront Managed Cache Policy](awscloudfront-managed-cache-policydataset.md): A CloudFront Managed Cache Policy in AWS defines how CloudFront caches content based on request headers, cookies, and... - [CloudFront Managed Origin Request Policy](awscloudfront-managed-origin-request-policydataset.md): A CloudFront Managed Origin Request Policy is a predefined configuration in Amazon CloudFront that controls the infor... - [CloudFront Managed Response Headers Policy](awscloudfront-managed-response-headers-policydataset.md): A CloudFront Managed Response Headers Policy is a predefined configuration in Amazon CloudFront that automatically ad... - [CloudFront Origin Access Control](awscloudfront-origin-access-controldataset.md): CloudFront Origin Access Control is an AWS feature that manages secure access between CloudFront distributions and th... - [Amazon CloudFront Origin Access Identity](awscloudfront-origin-access-identitydataset.md): Amazon CloudFront Origin Access Identity is a special CloudFront user that allows secure access to private content st... - [CloudFront Origin Request Policy](awscloudfront-origin-request-policydataset.md): A CloudFront Origin Request Policy in AWS defines the information that CloudFront includes in requests it sends to yo... - [CloudFront Public Key](awscloudfront-public-keydataset.md): A CloudFront Public Key is a resource used to validate signed URLs and signed cookies in Amazon CloudFront. It repres... - [CloudFront Realtime Log Config](awscloudfront-realtime-log-configdataset.md): CloudFront Realtime Log Config in AWS defines how CloudFront delivers detailed request logs in near real time. It spe... - [CloudFront Response Headers Policy](awscloudfront-response-headers-policydataset.md): CloudFront Response Headers Policy in AWS defines a set of HTTP headers that CloudFront automatically adds to respons... - [CloudFront Streaming Distribution](awscloudfront-streaming-distributiondataset.md): CloudFront Streaming Distribution is an Amazon CloudFront resource used to deliver on-demand media content using Adob... - [CloudFront VPC Origin](awscloudfront-vpc-origindataset.md): CloudFront VPC Origin allows Amazon CloudFront to securely connect to resources inside a Virtual Private Cloud (VPC) ... - [CloudHSM Backup](awscloudhsm-backupdataset.md): This table represents the CloudHSM Backup resource from Amazon Web Services. - [CloudHSM Cluster](awscloudhsm-clusterdataset.md): This table represents the CloudHSM Cluster resource from Amazon Web Services. - [CloudHSM Backup](awscloudhsmv2-backupdataset.md): CloudHSM Backup in AWS represents a saved copy of a hardware security module cluster's state. It allows you to secure... - [CloudHSM Cluster](awscloudhsmv2-clusterdataset.md): An AWS CloudHSM Cluster is a collection of hardware security modules that provide dedicated cryptographic key storage... - [CloudTrail Trail](awscloudtrail-traildataset.md): CloudTrail Trail is an AWS resource that records account activity and API usage across your AWS environment. It captu... - [CloudWatch Alarm](awscloudwatch-metric-alarmdataset.md): CloudWatch Alarm is an AWS resource that monitors metrics and triggers actions when defined thresholds are met. It ca... - [CodeArtifact Domain](awscodeartifact-domaindataset.md): CodeArtifact Domain in AWS is a top-level container for storing and managing package repositories. It allows you to g... - [CodeArtifact Package](awscodeartifact-packagedataset.md): An AWS CodeArtifact Package represents a software package stored in a CodeArtifact repository. It contains metadata s... - [CodeArtifact Package Group](awscodeartifact-package-groupdataset.md): An AWS CodeArtifact Package Group is a logical grouping of related packages within a CodeArtifact domain. It helps or... - [CodeArtifact Repository](awscodeartifact-repositorydataset.md): An AWS CodeArtifact Repository is a fully managed artifact storage and sharing service that makes it easy to securely... - [CodeBuild Project](awscodebuild-projectdataset.md): An AWS CodeBuild Project is a configuration that defines how source code is built and tested in a fully managed build... - [CodeBuild Source Credential](awscodebuild-source-credentialsdataset.md): CodeBuild Source Credential in AWS is a resource that stores authentication details for connecting AWS CodeBuild to e... - [CodeDeploy Application](awscodedeploy-applicationdataset.md): An AWS CodeDeploy Application is a logical unit that defines the deployment configuration for your code. It serves as... - [CodeDeploy Deployment Config](awscodedeploy-deployment-configdataset.md): CodeDeploy Deployment Config in AWS defines how deployments are carried out, specifying rules for updating instances ... - [CodeGuru Profiler Finding](awscodeguru-profiler-findingdataset.md): This table represents the CodeGuru Profiler Finding resource from Amazon Web Services. - [CodeGuru Profiler Profilinggroup](awscodeguru-profiler-profilinggroupdataset.md): This table represents the CodeGuru Profiler Profilinggroup resource from Amazon Web Services. - [CodeGuru Reviewer Association](awscodeguru-reviewer-associationdataset.md): This table represents the CodeGuru Reviewer Association resource from Amazon Web Services. - [CodeGuru Reviewer Codereview](awscodeguru-reviewer-codereviewdataset.md): This table represents the CodeGuru Reviewer Codereview resource from Amazon Web Services. - [CodeGuru Security Finding](awscodeguru-security-findingdataset.md): This table represents the CodeGuru Security Finding resource from Amazon Web Services. - [CodeGuru Security Scanname](awscodeguru-security-scannamedataset.md): This table represents the CodeGuru Security Scanname resource from Amazon Web Services. - [CodePipeline Actiontype](awscodepipeline-actiontypedataset.md): This table represents the CodePipeline Actiontype resource from Amazon Web Services. - [CodePipeline Pipeline](awscodepipeline-pipelinedataset.md): AWS CodePipeline Pipeline is a fully managed continuous delivery service that automates the build, test, and deployme... - [CodePipeline Webhook](awscodepipeline-webhookdataset.md): CodePipeline Webhook in AWS is a resource that allows external systems to trigger pipeline executions automatically. ... - [Cognito Identity Pool](awscognito-identity-pooldataset.md): This table represents the Cognito Identity Pool resource from Amazon Web Services. - [Cognito User Pool](awscognito-user-pooldataset.md): This table represents the Cognito User Pool resource from Amazon Web Services. - [Comprehend Dataset Properties](awscomprehend-datasetdataset.md): Comprehend Dataset Properties in AWS represent the metadata and configuration details of a dataset used with Amazon C... - [Comprehend Document Classification Job Properties](awscomprehend-document-classification-jobdataset.md): Comprehend Document Classification Job Properties in AWS describe the details of a document classification job run by... - [Comprehend Document Classifier Properties](awscomprehend-document-classifierdataset.md): Comprehend Document Classifier Properties in AWS describe the details of a custom document classifier created in Amaz... - [DominantLanguageDetectionJobProperties](awscomprehend-dominant-language-detection-jobdataset.md): Represents the properties of an asynchronous job in Amazon Comprehend that detects the dominant language in a collect... - [Comprehend Endpoint Properties](awscomprehend-endpointdataset.md): Comprehend Endpoint Properties in AWS describe the configuration and status details of a custom Comprehend real-time ... - [Comprehend Entities Detection Job Properties](awscomprehend-entities-detection-jobdataset.md): Comprehend Entities Detection Job Properties in AWS describe the details of an entity detection job run by Amazon Com... - [Comprehend Entity Recognizer Properties](awscomprehend-entity-recognizerdataset.md): Comprehend Entity Recognizer Properties in AWS describe the configuration and status details of a custom entity recog... - [Comprehend Events Detection Job Properties](awscomprehend-events-detection-jobdataset.md): Comprehend Events Detection Job Properties in AWS represents the details of an events detection job run by Amazon Com... - [Comprehend Flywheel](awscomprehend-flywheeldataset.md): Comprehend Flywheel in AWS is a managed resource that helps organize and manage the lifecycle of custom natural langu... - [Comprehend Flywheel Dataset](awscomprehend-flywheel-datasetdataset.md): This table represents the Comprehend Flywheel Dataset resource from Amazon Web Services. - [Comprehend Key Phrases Detection Job Properties](awscomprehend-key-phrases-detection-jobdataset.md): Comprehend Key Phrases Detection Job Properties in AWS describe the details of a key phrases detection job run by Ama... - [Comprehend PII Entities Detection Job Properties](awscomprehend-pii-entities-detection-jobdataset.md): Comprehend PII Entities Detection Job Properties in AWS describe the details of a job that identifies and processes p... - [Comprehend Sentiment Detection Job Properties](awscomprehend-sentiment-detection-jobdataset.md): Comprehend Sentiment Detection Job Properties in AWS describe the details of a sentiment analysis job run by Amazon C... - [Comprehend Targeted Sentiment Detection Job Properties](awscomprehend-targeted-sentiment-detection-jobdataset.md): Comprehend Targeted Sentiment Detection Job Properties in AWS describe the details of a sentiment analysis job that i... - [Comprehend Topics Detection Job Properties](awscomprehend-topics-detection-jobdataset.md): Comprehend Topics Detection Job Properties in AWS describe the details of a topic modeling job run by Amazon Comprehe... - [Computeoptimizer RDS Recommendation](awscomputeoptimizer-rds-recommendationdataset.md): This table represents the Computeoptimizer RDS Recommendation resource from Amazon Web Services. - [Config Recorder](awsconfig-recorderdataset.md): This table represents the Config Recorder resource from Amazon Web Services. - [Config Recorder Status](awsconfig-recorder-statusdataset.md): This table represents the Config Recorder Status resource from Amazon Web Services. - [Connect Agent Status](awsconnect-agent-statusdataset.md): Connect Agent Status in AWS provides details about an agent's current status within Amazon Connect. It returns inform... - [Connect Authentication Profile](awsconnect-authentication-profiledataset.md): Connect Authentication Profile in AWS defines the authentication settings used within Amazon Connect. It allows you t... - [Connect Contact Flow](awsconnect-contact-flowdataset.md): Connect Contact Flow in AWS is a resource within Amazon Connect that defines the customer experience during an intera... - [Connect Contact Flow Module](awsconnect-contact-flow-moduledataset.md): Connect Contact Flow Module in AWS is a reusable component within Amazon Connect that allows you to define and manage... - [Connect Hours of Operation](awsconnect-hours-of-operationdataset.md): Connect Hours of Operation in AWS defines the time ranges when a contact center is open to handle customer interactio... - [Connect Instance](awsconnect-instancedataset.md): An AWS Connect Instance is a cloud-based contact center resource that provides the core environment for running Amazo... - [Connect Integration Association](awsconnect-integration-associationdataset.md): Connect Integration Association in AWS represents the link between an Amazon Connect instance and an external applica... - [Connect Queue](awsconnect-queuedataset.md): Connect Queue in AWS represents a queue within Amazon Connect, which is a cloud-based contact center service. A queue... - [Connect Quick Connect](awsconnect-quick-connectdataset.md): Connect Quick Connect in AWS is a resource within Amazon Connect that provides a shortcut for agents to quickly trans... - [Connect Routing Profile](awsconnect-routing-profiledataset.md): An AWS Connect Routing Profile defines how incoming contacts are routed to agents within an Amazon Connect contact ce... - [Connect Security Profile](awsconnect-security-profiledataset.md): A Connect Security Profile in AWS defines permissions and access controls for users within an Amazon Connect instance... - [Connect User](awsconnect-userdataset.md): Connect User in AWS refers to an Amazon Connect user account, which represents an individual agent or administrator w... - [Control Tower Enabled Baseline](awscontroltower-enabled-baselinedataset.md): Control Tower Enabled Baseline in AWS represents a summary of a baseline configuration that has been enabled within A... - [Control Tower Enabled Control](awscontroltower-enabled-controldataset.md): An AWS Control Tower Enabled Control represents a governance rule that has been activated within a landing zone. It s... - [Control Tower Landing Zone](awscontroltower-landing-zonedataset.md): AWS Control Tower Landing Zone is a pre-configured, secure, multi-account environment that follows AWS best practices... - [Costexplorer Anomaly Monitor](awscostexplorer-anomalymonitordataset.md): This table represents the Costexplorer Anomaly Monitor resource from Amazon Web Services. - [Costexplorer Anomaly Subscription](awscostexplorer-anomalysubscriptiondataset.md): This table represents the Costexplorer Anomaly Subscription resource from Amazon Web Services. - [Costexplorer Cost Category](awscostexplorer-costcategorydataset.md): This table represents the Costexplorer Cost Category resource from Amazon Web Services. - [Customer Gateway](awscustomer-gatewaydataset.md): This table represents the Customer Gateway resource from Amazon Web Services. - [Glue DataBrew Dataset](awsdatabrew-datasetdataset.md): Glue DataBrew Dataset is a resource in AWS Glue DataBrew that defines the data you want to prepare and transform. It ... - [Glue DataBrew Job](awsdatabrew-jobdataset.md): An AWS Glue DataBrew Job is a task that runs data preparation steps defined in a DataBrew project or recipe. It autom... - [Glue DataBrew Project](awsdatabrew-projectdataset.md): An AWS Glue DataBrew Project is a workspace that lets you organize and manage data preparation tasks. It ties togethe... - [Glue DataBrew Recipe](awsdatabrew-recipedataset.md): AWS Glue DataBrew Recipe is a set of data transformation steps that define how raw data should be cleaned, normalized... - [Glue DataBrew Ruleset Item](awsdatabrew-rulesetdataset.md): A Glue DataBrew Ruleset Item represents an individual data quality rule within a ruleset in AWS Glue DataBrew. It def... - [Glue DataBrew Schedule](awsdatabrew-scheduledataset.md): AWS Glue DataBrew Schedule is a resource that defines a recurring timetable for running DataBrew jobs, such as data p... - [DataSync Agent](awsdatasync-agentdataset.md): DataSync Agent is a virtual machine deployed on-premises or in another cloud to enable secure and efficient data tran... - [DataSync Amazon EFS Location](awsdatasync-location-efsdataset.md): DataSync Amazon EFS Location represents a configured endpoint that allows AWS DataSync to access an Amazon Elastic Fi... - [DataSync FSx for Lustre Location](awsdatasync-location-fsx-lustredataset.md): DataSync FSx for Lustre Location in AWS represents a connection point that allows AWS DataSync to transfer data to an... - [DataSync Location for Amazon FSx for NetApp ONTAP](awsdatasync-location-fsx-ontapdataset.md): DataSync Location for Amazon FSx for NetApp ONTAP is a resource that defines a connection point between AWS DataSync ... - [DataSync Location FSx OpenZFS](awsdatasync-location-fsx-openzfsdataset.md): This table represents the DataSync Location FSx OpenZFS resource from Amazon Web Services. - [DataSync FSx for Windows File Server Location](awsdatasync-location-fsx-windowsdataset.md): DataSync FSx for Windows File Server Location in AWS represents a configured endpoint that allows AWS DataSync to tra... - [DataSync HDFS Location](awsdatasync-location-hdfsdataset.md): DataSync HDFS Location in AWS represents a connection point to a Hadoop Distributed File System (HDFS) cluster. It al... - [DataSync NFS Location](awsdatasync-location-nfsdataset.md): DataSync NFS Location in AWS represents a Network File System (NFS) endpoint that DataSync can use as a source or des... - [DataSync Location Object Storage](awsdatasync-location-objectstoragedataset.md): This table represents the DataSync Location Object Storage resource from Amazon Web Services. - [DataSync Amazon S3 Location](awsdatasync-location-s3dataset.md): DataSync Amazon S3 Location represents a storage location in Amazon S3 that is used as a source or destination for AW... - [DataSync SMB Location](awsdatasync-location-smbdataset.md): DataSync SMB Location in AWS represents a configured connection point to an SMB (Server Message Block) file system. I... - [DataSync Task](awsdatasync-taskdataset.md): An AWS DataSync Task defines the configuration for transferring data between storage locations, such as on-premises s... - [DataZone Domain](awsdatazone-domaindataset.md): An AWS DataZone Domain is a logical boundary within AWS DataZone that organizes and governs data assets, projects, an... - [DAX Cluster](awsdax-clusterdataset.md): An AWS DAX Cluster is a managed in-memory cache for DynamoDB that delivers fast read performance by reducing response... - [Deadline Cloud Budget](awsdeadline-budgetdataset.md): Deadline Cloud Budget in AWS is part of the Deadline Cloud service, which manages rendering workloads in the cloud. A... - [Deadline Cloud Farm](awsdeadline-farmdataset.md): Deadline Cloud Farm in AWS represents a managed render farm resource within AWS Deadline Cloud. It provides a central... - [Deadline Cloud Fleet](awsdeadline-fleetdataset.md): Deadline Cloud Fleet in AWS is a managed resource within AWS Deadline Cloud that represents a group of compute resour... - [Deadline Cloud License Endpoint](awsdeadline-license-endpointdataset.md): Deadline Cloud License Endpoint in AWS provides the connection details required for render farm workers to access and... - [Deadline Cloud Monitor](awsdeadline-monitordataset.md): Deadline Cloud Monitor in AWS provides a summary view of monitoring resources for Deadline Cloud, a managed service f... - [Deadline Cloud Queue](awsdeadline-queuedataset.md): Deadline Cloud Queue in AWS is a managed resource within AWS Deadline Cloud that represents a queue for rendering or ... - [Deadline Cloud Worker](awsdeadline-workerdataset.md): Deadline Cloud Worker in AWS represents a compute resource within AWS Deadline Cloud, used to process rendering or co... - [Detective Graph](awsdetective-graphdataset.md): Amazon Detective Graph is the core resource that represents a behavior graph in Amazon Detective. A behavior graph co... - [Device Farm Device](awsdevicefarm-devicedataset.md): An AWS Device Farm Device represents a real mobile device available in the Device Farm service. It provides details s... - [Devicefarm Deviceinstance](awsdevicefarm-deviceinstancedataset.md): This table represents the devicefarm_deviceinstance resource from Amazon Web Services. - [Devicefarm Devicepool](awsdevicefarm-devicepooldataset.md): This table represents the devicefarm_devicepool resource from Amazon Web Services. - [Devicefarm Instanceprofile](awsdevicefarm-instanceprofiledataset.md): This table represents the devicefarm_instanceprofile resource from Amazon Web Services. - [Devicefarm Networkprofile](awsdevicefarm-networkprofiledataset.md): This table represents the devicefarm_networkprofile resource from Amazon Web Services. - [Device Farm Project](awsdevicefarm-projectdataset.md): A Device Farm Project in AWS is a container for running and managing mobile app tests across a wide range of real dev... - [Devicefarm Session](awsdevicefarm-sessiondataset.md): This table represents the devicefarm_session resource from Amazon Web Services. - [Devicefarm Testgrid Project](awsdevicefarm-testgrid-projectdataset.md): This table represents the devicefarm_testgrid_project resource from Amazon Web Services. - [Devicefarm Testgrid Session](awsdevicefarm-testgrid-sessiondataset.md): This table represents the devicefarm_testgrid_session resource from Amazon Web Services. - [Device Farm Upload](awsdevicefarm-uploaddataset.md): Device Farm Upload in AWS represents an artifact, such as an app, test script, or data file, that you upload to AWS D... - [Devicefarm Vpceconfiguration](awsdevicefarm-vpceconfigurationdataset.md): This table represents the devicefarm_vpceconfiguration resource from Amazon Web Services. - [Direct Connect Connection](awsdirectconnect-connectiondataset.md): A Direct Connect Connection in AWS provides a dedicated network link between your on-premises data center and AWS. It... - [Direct Connect Gateway](awsdirectconnect-gatewaydataset.md): Direct Connect Gateway in AWS allows you to connect your Amazon Direct Connect connections to one or more Virtual Pri... - [Direct Connect Virtual Interface](awsdirectconnect-virtual-interfacedataset.md): A Direct Connect Virtual Interface in AWS is a logical networking connection that links your on-premises network to A... - [DLM Policy](awsdlm-policydataset.md): This table represents the DLM Policy resource from Amazon Web Services. - [DMS Certificate](awsdms-certificatedataset.md): DMS Certificate in AWS Database Migration Service is a managed resource that stores Secure Sockets Layer (SSL) certif... - [Database Migration Service Data Migration Task](awsdms-data-migrationdataset.md): An AWS Database Migration Service Data Migration Task defines the actual migration job that moves data between a sour... - [DMS Data Provider](awsdms-data-providerdataset.md): DMS Data Provider in AWS Database Migration Service represents a connection profile that defines how DMS connects to ... - [DMS Endpoint](awsdms-endpointdataset.md): An AWS DMS Endpoint defines a connection to a source or target data store for Database Migration Service. It contains... - [DMS Event Subscription](awsdms-event-subscriptiondataset.md): DMS Event Subscription in AWS Database Migration Service allows you to receive notifications about important events r... - [DMS Instance Profile](awsdms-instance-profiledataset.md): An AWS DMS Instance Profile defines the compute and memory resources used by a Database Migration Service replication... - [DMS Migration Project](awsdms-migration-projectdataset.md): An AWS DMS Migration Project is a resource in Database Migration Service that defines and manages the configuration f... - [Database Migration Service Replication Instance](awsdms-replicationdataset.md): An AWS Database Migration Service Replication Instance is a managed compute resource that runs the replication tasks ... - [DMS Replication Configuration](awsdms-replication-configdataset.md): DMS Replication Configuration in AWS defines the settings for a Database Migration Service replication task. It speci... - [DMS Replication Instance](awsdms-replication-instancedataset.md): An AWS DMS Replication Instance is a managed compute resource that runs the AWS Database Migration Service. It perfor... - [DMS Replication Subnet Group](awsdms-replication-subnet-groupdataset.md): An AWS DMS Replication Subnet Group is a collection of subnets that you specify for a Database Migration Service repl... - [DMS Replication Task](awsdms-replication-taskdataset.md): An AWS DMS Replication Task defines the actual migration or replication job that moves data between a source and targ... - [DocDb Cluster](awsdocdb-clusterdataset.md): This table represents the DocDb Cluster resource from Amazon Web Services. - [DocumentDB Cluster Snapshot](awsdocdb-clustersnapshotdataset.md): This table represents the DocumentDB Cluster Snapshot resource from Amazon Web Services. - [DocDB Instance](awsdocdb-instancedataset.md): This table represents the DocDB Instance resource from Amazon Web Services. - [DocDB Subnet Group](awsdocdb-subnet-groupdataset.md): This table represents the DocDB Subnet Group resource from Amazon Web Services. - [DocumentDB Elastic Cluster](awsdocdbelastic-clusterdataset.md): DocumentDB Elastic Cluster is a fully managed, scalable cluster for Amazon DocumentDB that automatically adjusts capa... - [DocumentDB Elastic Cluster Snapshot](awsdocdbelastic-cluster-snapshotdataset.md): A DocumentDB Elastic Cluster Snapshot in AWS is a point-in-time backup of an Amazon DocumentDB elastic cluster. It ca... - [Elastic Disaster Recovery Job](awsdrs-jobdataset.md): An Elastic Disaster Recovery Job in AWS represents a task or operation performed by the Elastic Disaster Recovery (DR... - [Elastic Disaster Recovery Launch Configuration Template](awsdrs-launch-configuration-templatedataset.md): An Elastic Disaster Recovery Launch Configuration Template in AWS defines the settings used when launching recovery i... - [Elastic Disaster Recovery Recovery Instance](awsdrs-recovery-instancedataset.md): An Elastic Disaster Recovery Recovery Instance in AWS is a temporary compute resource created during failover or reco... - [Elastic Disaster Recovery Replication Configuration Template](awsdrs-replication-configuration-templatedataset.md): Elastic Disaster Recovery Replication Configuration Template in AWS defines the default settings used when creating r... - [Elastic Disaster Recovery Source Network](awsdrs-source-networkdataset.md): Elastic Disaster Recovery Source Network in AWS represents the network configuration of a source environment that is ... - [Elastic Disaster Recovery Source Server](awsdrs-source-serverdataset.md): Elastic Disaster Recovery Source Server in AWS represents a machine that is being protected and replicated by AWS Ela... - [Directory Service Directory](awsds-directorydataset.md): AWS Directory Service Directory is a managed directory resource that enables you to set up and run Microsoft Active D... - [DynamoDB Standard-Infrequent Access Cluster](awsdsql-clusterdataset.md): DynamoDB Standard-Infrequent Access Cluster is a managed database cluster configuration in AWS DynamoDB designed for ... - [DynamoDB](awsdynamodbdataset.md): This table represents the DynamoDB resource from Amazon Web Services. - [DynamoDB Backup](awsdynamodb-backupdataset.md): DynamoDB Backup in AWS provides information about on-demand and continuous backups of DynamoDB tables. It allows you ... - [DynamoDB Export](awsdynamodb-exportdataset.md): DynamoDB Export in AWS provides details about an ongoing or completed export of table data to Amazon S3. It allows yo... - [DynamoDB Global Table](awsdynamodb-global-tabledataset.md): DynamoDB Global Table is a fully managed, multi-region, and multi-active database resource in AWS. It automatically r... - [DynamoDB Stream](awsdynamodb-streamdataset.md): This table represents the DynamoDB Stream resource from Amazon Web Services. - [EBS Default Encryption](awsebs-default-encryptiondataset.md): This table represents the EBS Default Encryption resource from Amazon Web Services. - [EBS Snapshot](awsebs-snapshotdataset.md): This table represents the EBS Snapshot resource from Amazon Web Services. - [EBS Volume](awsebs-volumedataset.md): This table represents the EBS Volume resource from Amazon Web Services. - [EC2 Capacity Reservation](awsec2-capacity-reservationdataset.md): EC2 Capacity Reservation in AWS allows you to reserve compute capacity in a specific Availability Zone for your Amazo... - [EC2 Capacity Reservation Fleet](awsec2-capacityreservationfleetdataset.md): This table represents the EC2 Capacity Reservation Fleet resource from Amazon Web Services. - [EC2 Carrier Gateway](awsec2-carriergatewaydataset.md): This table represents the EC2 Carrier Gateway resource from Amazon Web Services. - [Client VPN Endpoint](awsec2-client-vpn-endpointdataset.md): Client VPN Endpoint in AWS is a managed client-based VPN service that enables secure access to AWS resources and on-p... - [Ec2 Client Vpn Target Network](awsec2-client-vpn-target-networkdataset.md): This table represents the ec2_client_vpn_target_network resource from Amazon Web Services. - [Ec2 Co Ip Pool](awsec2-co-ip-pooldataset.md): This table represents the ec2_co_ip_pool resource from Amazon Web Services. - [EC2 Dedicated Host](awsec2-dedicated-hostdataset.md): This table represents the EC2 Dedicated Host resource from Amazon Web Services. - [EC2 DHCP Options](awsec2-dhcpoptionsdataset.md): This table represents the EC2 DHCP Options resource from Amazon Web Services. - [Egress-Only Internet Gateway](awsec2-egress-only-internet-gatewaydataset.md): An Egress-Only Internet Gateway in AWS is a VPC component that allows outbound-only communication from IPv6-enabled i... - [EC2 Fleet](awsec2-fleetdataset.md): This table represents the EC2 Fleet resource from Amazon Web Services. - [EC2 FPGA Image](awsec2-fpga-imagedataset.md): An EC2 FPGA Image (AFI) is a custom hardware image used to program FPGAs on Amazon EC2 F1 instances. It contains the ... - [EC2 Host Reservation](awsec2-hostreservationdataset.md): This table represents the EC2 Host Reservation resource from Amazon Web Services. - [EC2 Instance](awsec2-instancedataset.md): An EC2 Instance is a virtual server in Amazon Web Services that provides resizable compute capacity in the cloud. It ... - [EC2 Instance Event Window](awsec2-instance-event-windowdataset.md): An EC2 Instance Event Window in AWS defines a scheduled time range during which planned maintenance or service events... - [Ec2 Instance Metadata](awsec2-instance-metadatadataset.md): This table represents the ec2_instance_metadata resource from Amazon Web Services. - [EC2 Instance Types](awsec2-instance-typedataset.md): EC2 Instance Types in AWS define the virtual server configurations you can run in the cloud. They specify combination... - [EC2 Instance Connect Endpoint](awsec2-instanceconnectendpointdataset.md): This table represents the EC2 Instance Connect Endpoint resource from Amazon Web Services. - [VPC IP Address Manager (IPAM)](awsec2-ipamdataset.md): VPC IP Address Manager (IPAM) in AWS helps you plan, track, and manage IP addresses across your Amazon VPCs. It provi... - [IPAM External Resource Verification Token](awsec2-ipam-external-resource-verification-tokendataset.md): An IPAM External Resource Verification Token in AWS is a temporary token used by Amazon VPC IP Address Manager (IPAM)... - [IPAM Pool](awsec2-ipam-pooldataset.md): An IPAM Pool in AWS is a collection of CIDR blocks managed by Amazon VPC IP Address Manager (IPAM). It provides a way... - [IPAM Resource Discovery](awsec2-ipam-resource-discoverydataset.md): IPAM Resource Discovery in AWS is a component of Amazon VPC IP Address Manager (IPAM) that enables automatic detectio... - [IPAM Resource Discovery Association](awsec2-ipam-resource-discovery-associationdataset.md): IPAM Resource Discovery Association in AWS links an IPAM (IP Address Manager) with a resource discovery. This associa... - [IPAM Scope](awsec2-ipam-scopedataset.md): An IPAM Scope in AWS is a logical container within Amazon VPC IP Address Manager (IPAM) that organizes and manages IP... - [EC2 IPv6 Pool EC2](awsec2-ipv6pool-ec2dataset.md): This table represents the EC2 IPv6 Pool EC2 resource from Amazon Web Services. - [EC2 Key Pair](awsec2-key-pairdataset.md): An EC2 Key Pair in AWS is a set of security credentials used to connect securely to Amazon EC2 instances. It consists... - [EC2 Launch Template](awsec2-launch-templatedataset.md): An EC2 Launch Template in AWS is a resource that defines configuration details for launching EC2 instances. It allows... - [EC2 Launch Template Version](awsec2-launch-template-versiondataset.md): An EC2 Launch Template Version in AWS defines a specific configuration of an EC2 launch template, including details l... - [EC2 Local Gateway](awsec2-local-gatewaydataset.md): EC2 Local Gateway is an AWS resource that enables communication between on-premises networks and Amazon VPCs through ... - [EC2 Local Gateway Route Table](awsec2-local-gateway-route-tabledataset.md): An EC2 Local Gateway Route Table in AWS defines how traffic is routed between on-premises networks connected through ... - [EC2 Local Gateway Route Table VPC Association](awsec2-local-gateway-route-table-vpc-associationdataset.md): EC2 Local Gateway Route Table VPC Association is an AWS resource that links a VPC to a local gateway route table. Thi... - [EC2 Local Gateway Virtual Interface](awsec2-local-gateway-virtual-interfacedataset.md): An EC2 Local Gateway Virtual Interface is a resource that enables communication between an on-premises network and Am... - [EC2 Local Gateway Virtual Interface Group](awsec2-local-gateway-virtual-interface-groupdataset.md): An EC2 Local Gateway Virtual Interface Group is an AWS resource that groups together one or more local gateway virtua... - [EC2 Placement Group](awsec2-placement-groupdataset.md): An EC2 Placement Group is a logical grouping of Amazon EC2 instances that influences how they are placed on underlyin... - [EC2 Prefix List](awsec2-prefix-listdataset.md): This table represents the EC2 Prefix List resource from Amazon Web Services. - [EC2 Prefix List Shared](awsec2-prefix-list-shareddataset.md): This table represents the EC2 Prefix List Shared resource from Amazon Web Services. - [EC2 Public FPGA Image](awsec2-public-fpga-imagedataset.md): An EC2 Public FPGA Image (AFI) is a pre-built, reusable image that contains a hardware design for use with AWS F1 ins... - [EC2 Region](awsec2-regiondataset.md): An EC2 Region in AWS represents a distinct geographical area where Amazon EC2 resources are hosted. Each region consi... - [EC2 Reserved Instance](awsec2-reserved-instancedataset.md): This table represents the EC2 Reserved Instance resource from Amazon Web Services. - [EC2 Settings](awsec2-settingsdataset.md): EC2 Settings in AWS provide configuration options that control security, encryption, and access behaviors for EC2 res... - [EC2 Spot Instance Request](awsec2-spot-instance-requestdataset.md): An EC2 Spot Instance Request in AWS allows you to bid for unused EC2 capacity at discounted prices compared to On-Dem... - [EC2 Spot Fleet Request](awsec2-spotfleetrequestdataset.md): This table represents the EC2 Spot Fleet Request resource from Amazon Web Services. - [EC2 Traffic Mirror Filter](awsec2-traffic-mirror-filterdataset.md): An EC2 Traffic Mirror Filter in AWS defines the rules that control the network traffic captured by a Traffic Mirror s... - [Traffic Mirror Filter Rule](awsec2-traffic-mirror-filter-ruledataset.md): A Traffic Mirror Filter Rule in AWS defines the criteria for capturing and mirroring network traffic in a VPC. It spe... - [Traffic Mirror Session](awsec2-traffic-mirror-sessiondataset.md): A Traffic Mirror Session in AWS allows you to capture and mirror network traffic from an Elastic Network Interface (E... - [Traffic Mirror Target](awsec2-traffic-mirror-targetdataset.md): A Traffic Mirror Target in AWS is a destination resource that receives mirrored network traffic from one or more Traf... - [Ec2 Transitgateway Routetable Announcement](awsec2-transitgateway-routetable-announcementdataset.md): This table represents the ec2_transitgateway_routetable_announcement resource from Amazon Web Services. - [Ec2 Transitgatewayconnectpeer](awsec2-transitgatewayconnectpeerdataset.md): This table represents the ec2_transitgatewayconnectpeer resource from Amazon Web Services. - [Ec2 Transitgatewaymulticastdomain](awsec2-transitgatewaymulticastdomaindataset.md): This table represents the ec2_transitgatewaymulticastdomain resource from Amazon Web Services. - [Ec2 Transitgatewaypolicytable](awsec2-transitgatewaypolicytabledataset.md): This table represents the ec2_transitgatewaypolicytable resource from Amazon Web Services. - [EC2 Verified Access Endpoint](awsec2-verified-access-endpointdataset.md): EC2 Verified Access Endpoint is an AWS resource that provides secure access to applications without requiring a tradi... - [EC2 Verified Access Group](awsec2-verified-access-groupdataset.md): An EC2 Verified Access Group in AWS is a logical container that defines access policies for applications using Verifi... - [EC2 Verified Access Instance](awsec2-verified-access-instancedataset.md): An EC2 Verified Access Instance is an AWS resource that provides secure, direct access to applications without requir... - [EC2 Verified Access Trust Provider](awsec2-verified-access-trust-providerdataset.md): EC2 Verified Access Trust Provider is an AWS resource that defines a trust relationship for Verified Access, a servic... - [EC2 VPC Endpoint Service](awsec2-vpcendpoint-servicedataset.md): This table represents the EC2 VPC Endpoint Service resource from Amazon Web Services. - [Ec2 Vpcendpoint Service Permission](awsec2-vpcendpoint-service-permissiondataset.md): This table represents the ec2_vpcendpoint_service_permission resource from Amazon Web Services. - [ECR Enhanced Image Scan Finding](awsecr-enhanced-image-scan-findingdataset.md): This table represents the ECR Enhanced Image Scan Finding resource from Amazon Web Services. - [ECR Image](awsecr-imagedataset.md): This table represents the ECR Image resource from Amazon Web Services. - [ECR Image Scan Finding](awsecr-image-scan-findingdataset.md): This table represents the ECR Image Scan Finding resource from Amazon Web Services. - [ECR Image Scan Finding](awsecr-image-scan-findingsdataset.md): This table represents the ECR Image Scan Finding resource from Amazon Web Services. - [ECR Registry](awsecr-registrydataset.md): ECR Registry in AWS is the private container image storage for Amazon Elastic Container Registry. It provides a centr... - [Elastic Container Registry Repository](awsecr-repositorydataset.md): An Elastic Container Registry (ECR) Repository in AWS is a managed container image storage service that allows you to... - [ECS Capacity Provider](awsecs-capacity-providerdataset.md): An ECS Capacity Provider in AWS defines how Amazon ECS manages the capacity of compute resources for running tasks. I... - [ECS Cluster](awsecs-clusterdataset.md): An ECS Cluster in AWS is a logical grouping of container instances or serverless tasks where Amazon Elastic Container... - [ECS Container Instance](awsecs-container-instancedataset.md): An ECS Container Instance in AWS is an Amazon EC2 instance that is registered to an Amazon ECS cluster and used to ru... - [ECS Service](awsecs-servicedataset.md): ECS Service in AWS manages the long-running tasks of an application on Amazon Elastic Container Service. It ensures t... - [ECS Service Deployment](awsecs-service-deploymentdataset.md): ECS Service Deployment in AWS represents the details of a deployment within an Amazon ECS service. It tracks informat... - [ECS Task](awsecs-taskdataset.md): An ECS Task in AWS is the running instance of a task definition within Amazon Elastic Container Service. It represent... - [ECS Task Definition](awsecs-task-definitiondataset.md): An ECS Task Definition in AWS is a blueprint that describes how Docker containers should run within Amazon ECS. It sp... - [EFS Access Point](awsefs-access-pointdataset.md): An EFS Access Point is an application-specific entry point into an Amazon Elastic File System. It simplifies access m... - [EFS File System](awsefs-file-systemdataset.md): Amazon EFS File System is a fully managed, scalable, and elastic file storage service for use with AWS Cloud services... - [EFS Mount Target](awsefs-mount-targetdataset.md): An EFS Mount Target in AWS provides a network endpoint in a specific subnet that allows Amazon EC2 instances or other... - [EKS Access Entry](awseks-access-entrydataset.md): EKS Access Entry is an AWS resource that defines access permissions for Amazon Elastic Kubernetes Service clusters. I... - [EKS Access Policy](awseks-access-policydataset.md): This table represents the EKS Access Policy resource from Amazon Web Services. - [EKS Add-on](awseks-addondataset.md): EKS Add-on in AWS is a managed extension that simplifies the installation and lifecycle management of operational sof... - [EKS Cluster](awseks-clusterdataset.md): An EKS Cluster is a managed Kubernetes control plane provided by AWS. It handles the setup, scaling, and management o... - [EKS EKS Anywhere Subscription](awseks-eks-anywhere-subscriptiondataset.md): This table represents the EKS EKS Anywhere Subscription resource from Amazon Web Services. - [EKS Fargate Profile](awseks-fargateprofiledataset.md): This table represents the EKS Fargate Profile resource from Amazon Web Services. - [EKS Identity Provider Config](awseks-identityproviderconfigdataset.md): This table represents the EKS Identity Provider Config resource from Amazon Web Services. - [EKS Insight](awseks-insightdataset.md): EKS Insight provides visibility into the performance, configuration, and health of Amazon Elastic Kubernetes Service ... - [EKS Node Group](awseks-nodegroupdataset.md): An EKS Node Group is a managed group of Amazon EC2 instances that run as worker nodes in an Amazon Elastic Kubernetes... - [EKS Pod Identity Association](awseks-podidentityassociationdataset.md): This table represents the EKS Pod Identity Association resource from Amazon Web Services. - [EKS Update](awseks-updatedataset.md): EKS Update in AWS refers to the operation that updates an Amazon Elastic Kubernetes Service (EKS) cluster. It allows ... - [Elastic IP](awselastic-ipdataset.md): This table represents the Elastic IP resource from Amazon Web Services. - [ElastiCache](awselasticachedataset.md): This table represents the ElastiCache resource from Amazon Web Services. - [ElastiCache Global Replicationgroup](awselasticache-global-replicationgroupdataset.md): This table represents the ElastiCache Global Replicationgroup resource from Amazon Web Services. - [ElastiCache Parameter Group](awselasticache-parameter-groupdataset.md): This table represents the ElastiCache Parameter Group resource from Amazon Web Services. - [ElastiCache Replication Group](awselasticache-replication-groupdataset.md): An ElastiCache Replication Group in AWS is a collection of one or more Redis cache clusters that work together to pro... - [ElastiCache Reserved Cache Node](awselasticache-reserved-cache-nodedataset.md): An ElastiCache Reserved Cache Node is a billing option in Amazon ElastiCache that allows you to reserve a specific ca... - [ElastiCache Security Group](awselasticache-security-groupdataset.md): This table represents the ElastiCache Security Group resource from Amazon Web Services. - [ElastiCache Serverless Cache](awselasticache-serverless-cachedataset.md): ElastiCache Serverless Cache is a fully managed, serverless caching option in AWS that automatically scales capacity ... - [ElastiCache Serverless Cache Snapshot](awselasticache-serverless-cache-snapshotdataset.md): An ElastiCache Serverless Cache Snapshot is a point-in-time backup of a serverless cache in Amazon ElastiCache. It al... - [ElastiCache Snapshot](awselasticache-snapshotdataset.md): An ElastiCache Snapshot in AWS is a backup of an ElastiCache cluster or replication group at a specific point in time... - [ElastiCache Subnet Group](awselasticache-subnet-groupdataset.md): This table represents the ElastiCache Subnet Group resource from Amazon Web Services. - [ElastiCache User](awselasticache-userdataset.md): ElastiCache User in AWS represents an identity within Amazon ElastiCache that allows you to manage authentication and... - [ElastiCache User Group](awselasticache-user-groupdataset.md): ElastiCache User Group in AWS is a resource that allows you to manage groups of users for Redis authentication and ac... - [Elastic Beanstalk Environment](awselasticbeanstalk-environmentdataset.md): An Elastic Beanstalk Environment in AWS is a managed runtime environment where applications are deployed and run. It ... - [Elasticmapreduce Instance](awselasticmapreduce-instancedataset.md): This table represents the elasticmapreduce_instance resource from Amazon Web Services. - [Elasticmapreduce Security Configuration](awselasticmapreduce-security-configurationdataset.md): This table represents the elasticmapreduce_security_configuration resource from Amazon Web Services. - [Elasticsearch Domain](awselasticsearch-domaindataset.md): This table represents the Elasticsearch Domain resource from Amazon Web Services. - [Elastic Load Balancing Load Balancer](awselb-load-balancerdataset.md): An Elastic Load Balancing Load Balancer in AWS automatically distributes incoming application or network traffic acro... - [ELB V2 Listener Rule](awselbv2-listener-ruledataset.md): This table represents the ELB V2 Listener Rule resource from Amazon Web Services. - [Elastic Load Balancing Load Balancer](awselbv2-load-balancerdataset.md): An Elastic Load Balancing Load Balancer in AWS automatically distributes incoming application or network traffic acro... - [Elastic Load Balancing Target Group](awselbv2-target-groupdataset.md): An Elastic Load Balancing Target Group in AWS is a logical grouping of targets, such as EC2 instances, IP addresses, ... - [Elastic Load Balancing Trust Store](awselbv2-trust-storedataset.md): An Elastic Load Balancing Trust Store in AWS is a resource that allows you to manage and store digital certificates u... - [EMR Cluster](awsemr-clusterdataset.md): An EMR Cluster in AWS is a managed big data framework that allows you to process and analyze large datasets using ope... - [EMR Instance](awsemr-instancedataset.md): An EMR Instance in AWS is a compute resource that runs as part of an Amazon EMR cluster. It provides the processing p... - [EMR Instance Fleet](awsemr-instance-fleetdataset.md): An EMR Instance Fleet in AWS is a flexible way to provision compute resources for Amazon EMR clusters. Instead of spe... - [EMR Instance Group](awsemr-instance-groupdataset.md): An EMR Instance Group in AWS defines a set of Amazon EC2 instances within an Amazon EMR cluster that share the same c... - [EMR Security Configuration](awsemr-security-configurationdataset.md): EMR Security Configuration in AWS defines the security settings applied to an Amazon EMR cluster. It allows you to sp... - [EMR Settings](awsemr-settingsdataset.md): This table represents the EMR Settings resource from Amazon Web Services. - [EMR on EKS Managed Endpoint](awsemrcontainers-managed-endpointdataset.md): This table represents the EMR on EKS Managed Endpoint resource from Amazon Web Services. - [EMR on EKS Security Configuration](awsemrcontainers-security-configurationdataset.md): This table represents the EMR on EKS Security Configuration resource from Amazon Web Services. - [EMR on EKS Virtual Cluster](awsemrcontainers-virtual-clusterdataset.md): EMR on EKS Virtual Cluster is a managed resource in AWS that lets you run Amazon EMR workloads on Amazon Elastic Kube... - [EMR Serverless Application](awsemrserverless-applicationdataset.md): An EMR Serverless Application in AWS is a managed resource that lets you run big data frameworks like Apache Spark an... - [Elastic Network Interface](awsenidataset.md): This table represents the Elastic Network Interface resource from Amazon Web Services. - [EventBridge API Destination](awseventbridge-api-destinationdataset.md): EventBridge API Destination in AWS allows you to send events from EventBridge to any HTTP-based API endpoint. It prov... - [EventBridge Archive](awseventbridge-archivedataset.md): EventBridge Archive is an AWS resource that allows you to store and retain events published to EventBridge event buse... - [EventBridge Connection](awseventbridge-connectiondataset.md): An EventBridge Connection in AWS is a resource that stores authentication and authorization details for securely inte... - [EventBridge Endpoint](awseventbridge-endpointdataset.md): An EventBridge Endpoint in AWS is a regional resource that allows you to route events between EventBridge event buses... - [EventBridge Event Bus](awseventbridge-event-busdataset.md): An EventBridge Event Bus is a routing layer for events in AWS. It receives events from AWS services, custom applicati... - [EventBridge Event Source](awseventbridge-event-sourcedataset.md): An EventBridge Event Source in AWS represents an external or internal service that can publish events into Amazon Eve... - [EventBridge Replay](awseventbridge-replaydataset.md): EventBridge Replay in AWS allows you to reprocess past events by replaying them from an archive to event buses or oth... - [EventBridge Rule](awseventbridge-ruledataset.md): An EventBridge Rule in AWS defines a pattern to match incoming events and routes them to specified targets such as La... - [EventBridge Rule Target](awseventbridge-rule-targetdataset.md): This table represents the EventBridge Rule Target resource from Amazon Web Services. - [Kinesis Data Firehose Delivery Stream](awsfirehose-delivery-streamdataset.md): Kinesis Data Firehose Delivery Stream is a fully managed service in AWS that reliably loads real-time streaming data ... - [AWS FIS Action](awsfis-actiondataset.md): AWS FIS Action represents a specific experiment action within AWS Fault Injection Simulator. It defines the parameter... - [AWS Fault Injection Simulator Experiment](awsfis-experimentdataset.md): AWS Fault Injection Simulator Experiment is a managed service resource that allows users to run controlled chaos engi... - [AWS FIS Experiment Template](awsfis-experiment-templatedataset.md): An AWS FIS Experiment Template defines the configuration for a Fault Injection Simulator experiment. It specifies the... - [Fraud Detector Batch Import Job](awsfrauddetector-batch-import-jobdataset.md): This table represents the Fraud Detector Batch Import Job resource from Amazon Web Services. - [Fraud Detector Batch Prediction Job](awsfrauddetector-batch-prediction-jobdataset.md): This table represents the Fraud Detector Batch Prediction Job resource from Amazon Web Services. - [Fraud Detector Detector](awsfrauddetector-detectordataset.md): Fraud Detector Detector in AWS is a resource that defines the core detection logic for identifying potentially fraudu... - [Fraud Detector Detector Version](awsfrauddetector-detector-versiondataset.md): Fraud Detector Detector Version in AWS represents a specific version of a fraud detection model within Amazon Fraud D... - [Fraud Detector Entity Type](awsfrauddetector-entity-typedataset.md): Fraud Detector Entity Type in AWS defines the type of entity, such as a customer or account, that you want to evaluat... - [Fraud Detector Event Type](awsfrauddetector-event-typedataset.md): Fraud Detector Event Type in AWS defines the structure of events that you want to evaluate for potential fraud. It sp... - [Fraud Detector External Model](awsfrauddetector-external-modeldataset.md): Fraud Detector External Model in AWS allows you to integrate machine learning models hosted outside of Amazon Fraud D... - [Fraud Detector Label](awsfrauddetector-labeldataset.md): Fraud Detector Label in AWS is a resource used to categorize outcomes for fraud detection models. Labels represent th... - [Fraud Detector List](awsfrauddetector-listdataset.md): This table represents the Fraud Detector List resource from Amazon Web Services. - [Fraud Detector Model](awsfrauddetector-modeldataset.md): Fraud Detector Model in AWS is a machine learning resource that helps identify potentially fraudulent activities in r... - [Fraud Detector Model Version](awsfrauddetector-model-versiondataset.md): This table represents the Fraud Detector Model Version resource from Amazon Web Services. - [Fraud Detector Outcome](awsfrauddetector-outcomedataset.md): Fraud Detector Outcome in AWS represents the result of a fraud detection evaluation. It defines the business action t... - [Fraud Detector Rule](awsfrauddetector-ruledataset.md): This table represents the Fraud Detector Rule resource from Amazon Web Services. - [Fraud Detector Variable](awsfrauddetector-variabledataset.md): Fraud Detector Variable in AWS is a resource that defines input data fields used by Amazon Fraud Detector models and ... - [FSx Association](awsfsx-associationdataset.md): This table represents the FSx Association resource from Amazon Web Services. - [FSx Backup](awsfsx-backupdataset.md): FSx Backup in AWS represents a backup of an Amazon FSx file system. It provides a point-in-time copy of the file syst... - [File Cache](awsfsx-file-cachedataset.md): AWS File Cache is a fully managed, high-speed cache on AWS that accelerates access to file data stored in on-premises... - [FSx File System](awsfsx-file-systemdataset.md): FSx File System is a fully managed AWS service that provides high-performance file storage built on popular file syst... - [FSx Snapshot](awsfsx-snapshotdataset.md): An FSx Snapshot in AWS is a point-in-time backup of an Amazon FSx file system. It captures the state of the file syst... - [FSx Storage Virtual Machine](awsfsx-storage-virtual-machinedataset.md): FSx Storage Virtual Machine in AWS is a virtualized file server environment within Amazon FSx for ONTAP. It provides ... - [FSx Task](awsfsx-taskdataset.md): This table represents the FSx Task resource from Amazon Web Services. - [FSx Volume](awsfsx-volumedataset.md): An FSx Volume in AWS is a storage resource within Amazon FSx that provides scalable, high-performance file storage fo... - [GameLift Alias](awsgamelift-aliasdataset.md): An AWS GameLift Alias is a resource that provides a named reference to a GameLift fleet. It allows you to create a st... - [GameLift Build](awsgamelift-builddataset.md): GameLift Build in AWS represents a set of game server binaries and related files that you upload to Amazon GameLift f... - [GameLift Container Fleet](awsgamelift-container-fleetdataset.md): GameLift Container Fleet is an Amazon GameLift resource that allows you to deploy and manage game server workloads in... - [GameLift Container Group Definition](awsgamelift-container-group-definitiondataset.md): Defines a group of containers used in Amazon GameLift to run and manage multiplayer game server processes. A containe... - [GameLift Game Server Group](awsgamelift-game-server-groupdataset.md): GameLift Game Server Group is an Amazon GameLift resource that manages a set of game servers running on Amazon EC2 in... - [GameLift Game Session Queue](awsgamelift-game-session-queuedataset.md): An Amazon GameLift Game Session Queue is a resource that manages how new game sessions are placed across fleets or al... - [GameLift Location](awsgamelift-locationdataset.md): This table represents the GameLift Location resource from Amazon Web Services. - [GameLift Matchmaking Configuration](awsgamelift-matchmaking-configurationdataset.md): This table represents the GameLift Matchmaking Configuration resource from Amazon Web Services. - [GameLift Matchmaking Rule Set](awsgamelift-matchmaking-rule-setdataset.md): An AWS GameLift Matchmaking Rule Set defines the rules and logic used by GameLift FlexMatch to create balanced multip... - [GameLift Script](awsgamelift-scriptdataset.md): GameLift Script in AWS is a resource that defines custom server logic for multiplayer games hosted on Amazon GameLift... - [S3 Glacier Vault](awsglacier-vaultdataset.md): An S3 Glacier Vault is a secure container for storing archives in Amazon S3 Glacier, designed for long-term, low-cost... - [Global Accelerator Accelerator](awsglobalaccelerator-acceleratordataset.md): An AWS Global Accelerator Accelerator is a networking resource that improves the availability and performance of appl... - [Global Accelerator Endpoint Group](awsglobalaccelerator-endpointgroupdataset.md): This table represents the Global Accelerator Endpoint Group resource from Amazon Web Services. - [Global Accelerator Endpoint Network Resource](awsglobalaccelerator-listenerdataset.md): An AWS Global Accelerator Listener is a resource that defines how incoming traffic is handled for an accelerator. It ... - [Glue Registry](awsglue-registrydataset.md): AWS Glue Registry is a centralized repository for managing and storing schema definitions used in data streams and ev... - [Grafana Workspace](awsgrafana-workspacedataset.md): Grafana Workspace in AWS is a managed environment for running Grafana dashboards without needing to handle infrastruc... - [Greengrass Bulk Deployment](awsgreengrass-bulk-deploymentdataset.md): This table represents the greengrass_bulk_deployment resource from Amazon Web Services. - [Greengrass Component](awsgreengrass-componentdataset.md): This table represents the greengrass_component resource from Amazon Web Services. - [Greengrass Connectivity Info](awsgreengrass-connectivity-infodataset.md): This table represents the greengrass_connectivity_info resource from Amazon Web Services. - [Greengrass Connector Definition](awsgreengrass-connector-definitiondataset.md): Greengrass Connector Definition in AWS represents the configuration of connectors used in AWS IoT Greengrass. Connect... - [Greengrass Core Definition](awsgreengrass-core-definitiondataset.md): Greengrass Core Definition in AWS represents a group of Greengrass core devices that manage and run local IoT applica... - [Greengrass Core Device](awsgreengrass-core-devicedataset.md): This table represents the greengrass_core_device resource from Amazon Web Services. - [IoT Greengrass Deployment](awsgreengrass-deploymentdataset.md): AWS IoT Greengrass Deployment is a resource that manages the distribution of software components, configurations, and... - [Greengrass Deploymentv2](awsgreengrass-deploymentv2dataset.md): This table represents the greengrass_deploymentv2 resource from Amazon Web Services. - [Greengrass Device Definition](awsgreengrass-device-definitiondataset.md): Greengrass Device Definition in AWS represents a group of devices, such as IoT things, that can interact with an AWS ... - [Greengrass Function Definition](awsgreengrass-function-definitiondataset.md): Greengrass Function Definition in AWS represents a collection of Lambda functions that can be deployed and run on Gre... - [IoT Greengrass Group](awsgreengrass-groupdataset.md): An IoT Greengrass Group in AWS represents a collection of Greengrass Core devices and their associated settings, reso... - [Greengrass Logger Definition](awsgreengrass-logger-definitiondataset.md): Greengrass Logger Definition in AWS defines logging configurations for AWS Greengrass groups. It specifies how logs a... - [Greengrass Resource Definition](awsgreengrass-resource-definitiondataset.md): Greengrass Resource Definition in AWS represents a collection of local resources, such as devices, volumes, or machin... - [Greengrass Subscription Definition](awsgreengrass-subscription-definitiondataset.md): Greengrass Subscription Definition in AWS represents a configuration that defines how messages are transmitted betwee... - [GuardDuty Detector](awsguardduty-detectordataset.md): GuardDuty Detector is the core resource in Amazon GuardDuty that represents an enabled instance of the threat detecti... - [GuardDuty Filter](awsguardduty-filterdataset.md): GuardDuty Filter in AWS is a resource that lets you define and manage filtering criteria for findings generated by Am... - [GuardDuty IPSet](awsguardduty-ipsetdataset.md): GuardDuty IPSet in AWS is a custom list of trusted or malicious IP addresses that you can upload and use with Amazon ... - [GuardDuty Malware Protection Plan](awsguardduty-malwareprotectionplandataset.md): This table represents the GuardDuty Malware Protection Plan resource from Amazon Web Services. - [GuardDuty Publishing Destination](awsguardduty-publishingdestinationdataset.md): This table represents the GuardDuty Publishing Destination resource from Amazon Web Services. - [GuardDuty Settings](awsguardduty-settingsdataset.md): GuardDuty Settings in AWS define how Amazon GuardDuty manages malware protection and scanning within your environment... - [GuardDuty Threat Intelset](awsguardduty-threatintelsetdataset.md): This table represents the GuardDuty Threat Intelset resource from Amazon Web Services. - [Health Settings](awshealth-settingsdataset.md): This table represents the Health Settings resource from Amazon Web Services. - [HealthLake Data Store Properties](awshealthlake-datastoredataset.md): HealthLake Data Store Properties describe the configuration and status details of an Amazon HealthLake data store. Th... - [IAM Access Key Metadata](awsiam-access-key-metadatadataset.md): This table represents the IAM Access Key Metadata resource from Amazon Web Services. - [Account Alias](awsiam-accountdataset.md): Account Alias in AWS IAM is a user-friendly name that you can assign to your AWS account. Instead of using the defaul... - [Managed Policy](awsiam-aws-managed-policydataset.md): A Managed Policy in AWS is a standalone IAM policy created and maintained either by AWS or by the user. It defines a ... - [IAM Credential Report](awsiam-credential-reportdataset.md): This table represents the IAM Credential Report resource from Amazon Web Services. - [IAM Group](awsiam-groupdataset.md): An IAM Group in AWS is a collection of IAM users that simplifies permission management. Instead of assigning policies... - [IAM Group Inline Policy](awsiam-group-inline-policydataset.md): This table represents the IAM Group Inline Policy resource from Amazon Web Services. - [IAM Instance Profile](awsiam-instance-profiledataset.md): An IAM Instance Profile in AWS is a container for an IAM role that can be attached to an EC2 instance. It allows the ... - [IAM OpenID Connect Identity Provider](awsiam-open-id-connect-providerdataset.md): IAM OpenID Connect Identity Provider in AWS is a resource that lets you establish trust between your AWS account and ... - [IAM Policy](awsiam-policydataset.md): An IAM Policy in AWS is a JSON document that defines permissions for actions on AWS resources. It specifies what acti... - [IAM Role](awsiam-roledataset.md): An IAM Role in AWS is a secure identity with specific permissions that define what actions are allowed or denied. Unl... - [IAM Role Inline Policy](awsiam-role-inline-policydataset.md): This table represents the IAM Role Inline Policy resource from Amazon Web Services. - [IAM SAML Provider](awsiam-saml-providerdataset.md): IAM SAML Provider in AWS is a resource that stores information about a Security Assertion Markup Language (SAML) iden... - [IAM Server Certificate](awsiam-server-certificatedataset.md): An IAM Server Certificate in AWS is a resource that stores SSL/TLS certificates and their associated private keys for... - [Service-Specific Credential Metadata](awsiam-service-specific-credentialdataset.md): Service-Specific Credential Metadata in AWS IAM provides details about credentials that are created for a specific AW... - [IAM User](awsiam-userdataset.md): An IAM User in AWS represents an individual identity within an AWS account that can be used to interact with AWS serv... - [IAM User Inline Policy](awsiam-user-inline-policydataset.md): This table represents the IAM User Inline Policy resource from Amazon Web Services. - [IAM Virtual MFA device](awsiam-virtual-mfa-devicedataset.md): An IAM Virtual MFA device in AWS is a software-based multi-factor authentication option that generates time-based one... - [Identity Store Group](awsidentitystore-groupdataset.md): An Identity Store Group in AWS represents a collection of users within the AWS Identity Store service. It is used to ... - [Identity Store Group Membership](awsidentitystore-group-membershipdataset.md): This table represents the Identity Store Group Membership resource from Amazon Web Services. - [Identity Store User](awsidentitystore-userdataset.md): An Identity Store User in AWS represents a user identity within the AWS Identity Store, which is part of AWS Single S... - [Image Builder Component](awsimagebuilder-componentdataset.md): This table represents the Image Builder Component resource from Amazon Web Services. - [Image Builder Component Version](awsimagebuilder-component-versiondataset.md): An Image Builder Component Version in AWS represents a specific, versioned building block used in EC2 Image Builder p... - [EC2 Image Builder Container Recipe](awsimagebuilder-container-recipedataset.md): EC2 Image Builder Container Recipe is an AWS resource that defines the components, base image, and configuration used... - [EC2 Image Builder Distribution Configuration](awsimagebuilder-distribution-configurationdataset.md): EC2 Image Builder Distribution Configuration in AWS defines how machine images are distributed after they are created... - [Image Builder Image](awsimagebuilder-imagedataset.md): This table represents the Image Builder Image resource from Amazon Web Services. - [EC2 Image Builder Image Pipeline](awsimagebuilder-image-pipelinedataset.md): An EC2 Image Builder Image Pipeline is a resource in AWS that automates the creation, management, and deployment of c... - [EC2 Image Builder Image Recipe](awsimagebuilder-image-recipedataset.md): An EC2 Image Builder Image Recipe in AWS defines the components, base image, and configuration details used to create... - [EC2 Image Builder Image Version](awsimagebuilder-image-versiondataset.md): An EC2 Image Builder Image Version in AWS represents a specific, immutable version of a machine image created through... - [EC2 Image Builder Infrastructure Configuration](awsimagebuilder-infrastructure-configurationdataset.md): EC2 Image Builder Infrastructure Configuration defines the infrastructure settings used when building and testing Ama... - [Image Builder Lifecycle Policy](awsimagebuilder-lifecycle-policydataset.md): Image Builder Lifecycle Policy in AWS defines rules for managing the lifecycle of images created with EC2 Image Build... - [Image Builder Public Component](awsimagebuilder-public-componentdataset.md): An Image Builder Public Component in AWS is a reusable building block that defines software packages, configurations,... - [Image Builder Public Container Recipe](awsimagebuilder-public-container-recipedataset.md): An Image Builder Public Container Recipe in AWS defines the configuration for building container images using EC2 Ima... - [EC2 Image Builder Public Image](awsimagebuilder-public-imagedataset.md): An EC2 Image Builder Public Image is a managed resource in AWS that represents a versioned Amazon Machine Image (AMI)... - [EC2 Image Builder Public Image Recipe](awsimagebuilder-public-image-recipedataset.md): An EC2 Image Builder Public Image Recipe in AWS defines the configuration for building Amazon Machine Images (AMIs). ... - [Image Builder Public Workflow](awsimagebuilder-public-workflowdataset.md): Image Builder Public Workflow in AWS provides details about a publicly shared workflow that can be used to automate i... - [Image Builder Workflow](awsimagebuilder-workflowdataset.md): Image Builder Workflow in AWS is a resource that defines and manages automated steps for building, testing, and distr... - [Inspector Coverage](awsinspector2-coveragedataset.md): This table represents the Inspector Coverage resource from Amazon Web Services. - [IoT Authorizer](awsiot-authorizerdataset.md): IoT Authorizer in AWS is a custom authorization component for AWS IoT Core that allows you to define how devices and ... - [Iot Billinggroup](awsiot-billinggroupdataset.md): This table represents the iot_billinggroup resource from Amazon Web Services. - [Iot Cert](awsiot-certdataset.md): This table represents the iot_cert resource from Amazon Web Services. - [Iot Certificateprovider](awsiot-certificateproviderdataset.md): This table represents the iot_certificateprovider resource from Amazon Web Services. - [IoT Dimension](awsiot-dimensiondataset.md): An AWS IoT Dimension is a reusable filter that defines a specific set of criteria to limit the scope of IoT data, suc... - [Iot Domainconfiguration](awsiot-domainconfigurationdataset.md): This table represents the iot_domainconfiguration resource from Amazon Web Services. - [Iot Fleetmetric](awsiot-fleetmetricdataset.md): This table represents the iot_fleetmetric resource from Amazon Web Services. - [IoT Job](awsiot-jobdataset.md): An AWS IoT Job is a managed resource that lets you define and manage remote operations on IoT devices, such as softwa... - [Iot Jobtemplate](awsiot-jobtemplatedataset.md): This table represents the iot_jobtemplate resource from Amazon Web Services. - [IoT Policy](awsiot-policydataset.md): An AWS IoT Policy defines permissions for devices, users, or applications interacting with the AWS IoT Core service. ... - [Iot Provisioningtemplate](awsiot-provisioningtemplatedataset.md): This table represents the iot_provisioningtemplate resource from Amazon Web Services. - [Iot Rolealias](awsiot-rolealiasdataset.md): This table represents the iot_rolealias resource from Amazon Web Services. - [Iot Securityprofile](awsiot-securityprofiledataset.md): This table represents the iot_securityprofile resource from Amazon Web Services. - [IoT Stream](awsiot-streamdataset.md): IoT Stream in AWS refers to an IoT data stream resource that delivers continuous data from connected devices. Using t... - [IoT Thing](awsiot-thingdataset.md): An IoT Thing in AWS represents a digital identity for a physical device within AWS IoT Core. It allows you to manage,... - [Iot Thinggroup](awsiot-thinggroupdataset.md): This table represents the iot_thinggroup resource from Amazon Web Services. - [Iot Thingtype](awsiot-thingtypedataset.md): This table represents the iot_thingtype resource from Amazon Web Services. - [Iot Tunnel](awsiot-tunneldataset.md): This table represents the iot_tunnel resource from Amazon Web Services. - [Iotanalytics Channel](awsiotanalytics-channeldataset.md): This table represents the iotanalytics_channel resource from Amazon Web Services. - [Iotanalytics Dataset](awsiotanalytics-datasetdataset.md): This table represents the iotanalytics_dataset resource from Amazon Web Services. - [Iotanalytics Datastore](awsiotanalytics-datastoredataset.md): This table represents the iotanalytics_datastore resource from Amazon Web Services. - [Iotanalytics Pipeline](awsiotanalytics-pipelinedataset.md): This table represents the iotanalytics_pipeline resource from Amazon Web Services. - [IoT Events Alarm Model](awsiotevents-alarm-modeldataset.md): AWS IoT Events Alarm Model is a resource that defines and manages alarm conditions for IoT applications. It allows yo... - [IoT Events Detector Model](awsiotevents-detector-modeldataset.md): AWS IoT Events Detector Model is a resource that defines how IoT devices and systems detect and respond to specific e... - [IoT Events Input](awsiotevents-inputdataset.md): IoT Events Input in AWS represents a data entry point for AWS IoT Events. It defines how event data from devices, app... - [IoT Fleet Hub Application](awsiotfleethub-applicationdataset.md): IoT Fleet Hub Application in AWS is a managed service that lets you create web applications to monitor and interact w... - [IoT FleetWise Campaign](awsiotfleetwise-campaigndataset.md): An AWS IoT FleetWise Campaign is a resource that defines how vehicle data is collected, processed, and transferred to... - [IoT FleetWise Decoder Manifest](awsiotfleetwise-decoder-manifestdataset.md): An IoT FleetWise Decoder Manifest in AWS defines how vehicle data signals are interpreted and translated into meaning... - [IoT FleetWise Fleet](awsiotfleetwise-fleetdataset.md): An IoT FleetWise Fleet in AWS represents a group of vehicles managed together for data collection and analysis. It al... - [IoT FleetWise Model Manifest](awsiotfleetwise-model-manifestdataset.md): An IoT FleetWise Model Manifest in AWS defines the structure and relationships of vehicle signals and data models. It... - [IoT FleetWise Signal Catalog](awsiotfleetwise-signal-catalogdataset.md): AWS IoT FleetWise Signal Catalog is a centralized repository that defines and organizes vehicle signals, such as sens... - [IoT FleetWise State Template](awsiotfleetwise-state-templatedataset.md): IoT FleetWise State Template in AWS represents the response structure for retrieving a state template. It provides de... - [IoT FleetWise Vehicle](awsiotfleetwise-vehicledataset.md): An IoT FleetWise Vehicle in AWS represents a digital model of a physical vehicle that you can manage within the IoT F... - [IoT SiteWise Asset](awsiotsitewise-assetdataset.md): An IoT SiteWise Asset in AWS represents a digital model of a physical device, process, or piece of equipment. It defi... - [IoT SiteWise Asset Model](awsiotsitewise-asset-modeldataset.md): AWS IoT SiteWise Asset Model defines the blueprint for industrial assets, describing their properties, measurements, ... - [IoT SiteWise Dashboard](awsiotsitewise-dashboarddataset.md): IoT SiteWise Dashboard in AWS is a managed visualization resource that lets you create and view dashboards for indust... - [IoT SiteWise Dataset](awsiotsitewise-datasetdataset.md): An IoT SiteWise Dataset in AWS represents the response details when describing a dataset used for industrial IoT data... - [IoT SiteWise Gateway](awsiotsitewise-gatewaydataset.md): IoT SiteWise Gateway in AWS is a software appliance that runs on local hardware or edge devices to securely connect i... - [IoT SiteWise Portal](awsiotsitewise-portaldataset.md): AWS IoT SiteWise Portal is a managed web application that provides a user-friendly interface for visualizing and moni... - [IoT SiteWise Project](awsiotsitewise-projectdataset.md): An IoT SiteWise Project in AWS is a container that lets you organize and manage assets, dashboards, and visualization... - [Iotsitewise Timeseries](awsiotsitewise-timeseriesdataset.md): This table represents the iotsitewise_timeseries resource from Amazon Web Services. - [IoT TwinMaker Component Type](awsiottwinmaker-component-typedataset.md): IoT TwinMaker Component Type in AWS defines reusable building blocks that represent the behavior, properties, and dat... - [IoT TwinMaker Entity](awsiottwinmaker-entitydataset.md): IoT TwinMaker Entity in AWS represents a digital twin component that models real-world systems, such as equipment, pr... - [IoT TwinMaker Scene](awsiottwinmaker-scenedataset.md): IoT TwinMaker Scene in AWS represents a 3D scene used to visualize digital twins of real-world systems. It allows you... - [IoT TwinMaker Workspace](awsiottwinmaker-workspacedataset.md): AWS IoT TwinMaker Workspace is a container for digital twin data and configurations. It provides the environment wher... - [Iotwireless Destination](awsiotwireless-destinationdataset.md): This table represents the iotwireless_destination resource from Amazon Web Services. - [Iotwireless Device](awsiotwireless-devicedataset.md): This table represents the iotwireless_device resource from Amazon Web Services. - [IoT Wireless Device Profile](awsiotwireless-device-profiledataset.md): An IoT Wireless Device Profile in AWS defines configuration settings for wireless devices that connect through AWS Io... - [Iotwireless Gateway](awsiotwireless-gatewaydataset.md): This table represents the iotwireless_gateway resource from Amazon Web Services. - [IoT Wireless Multicast Group](awsiotwireless-multicast-groupdataset.md): An IoT Wireless Multicast Group in AWS enables sending messages to multiple wireless devices simultaneously using LoR... - [IoT Wireless Network Analyzer Configuration](awsiotwireless-network-analyzer-configurationdataset.md): The IoT Wireless Network Analyzer Configuration in AWS provides details about a network analyzer setup used to monito... - [IoT Wireless Service Profile](awsiotwireless-service-profiledataset.md): An IoT Wireless Service Profile in AWS defines the LoRaWAN service settings that control how devices communicate with... - [IoT Wireless Wireless Device](awsiotwireless-wireless-devicedataset.md): An AWS IoT Wireless Device represents a registered endpoint in the AWS IoT Wireless service, which enables you to con... - [IVS Channel](awsivs-channeldataset.md): An IVS Channel in AWS is a resource that represents a live video streaming channel using Amazon Interactive Video Ser... - [Ivs Composition](awsivs-compositiondataset.md): This table represents the ivs_composition resource from Amazon Web Services. - [Ivs Encoder Configuration](awsivs-encoder-configurationdataset.md): This table represents the ivs_encoder_configuration resource from Amazon Web Services. - [Ivs Ingest Configuration](awsivs-ingest-configurationdataset.md): This table represents the ivs_ingest_configuration resource from Amazon Web Services. - [IVS Playback Key Pair](awsivs-playback-key-pairdataset.md): An IVS Playback Key Pair in AWS is a resource used with Amazon Interactive Video Service to enable secure playback au... - [IVS Playback Restriction Policy](awsivs-playback-restriction-policydataset.md): An IVS Playback Restriction Policy in AWS defines rules that control where and how Amazon Interactive Video Service s... - [Ivs Public Key](awsivs-public-keydataset.md): This table represents the ivs_public_key resource from Amazon Web Services. - [IVS Recording Configuration](awsivs-recording-configurationdataset.md): IVS Recording Configuration in AWS defines how Amazon Interactive Video Service (IVS) records live streams. It specif... - [Ivs Stage](awsivs-stagedataset.md): This table represents the ivs_stage resource from Amazon Web Services. - [Ivs Storage Configuration](awsivs-storage-configurationdataset.md): This table represents the ivs_storage_configuration resource from Amazon Web Services. - [IVS Stream Key](awsivs-stream-keydataset.md): An IVS Stream Key in AWS is a unique credential used to authenticate and authorize live video streams into an Amazon ... - [IVS Chat Logging Configuration](awsivschat-logging-configurationdataset.md): IVS Chat Logging Configuration in AWS defines how chat messages from Amazon IVS Chat are logged and stored. It allows... - [IVS Chat Room](awsivschat-roomdataset.md): IVS Chat Room in AWS is a managed resource that provides real-time chat functionality for interactive video experienc... - [MSK Configuration](awskafka-configurationdataset.md): MSK Configuration in AWS defines customizable settings for Amazon Managed Streaming for Apache Kafka (MSK) clusters. ... - [MSK Broker Node](awskafka-nodedataset.md): An MSK Broker Node in Amazon Managed Streaming for Apache Kafka (MSK) represents an individual Kafka broker within a ... - [MSK Replicator](awskafka-replicatordataset.md): MSK Replicator is an Amazon Managed Streaming for Apache Kafka (MSK) feature that enables replication of data between... - [MSK VPC Connection](awskafka-vpc-connectiondataset.md): MSK VPC Connection in AWS allows Amazon Managed Streaming for Apache Kafka (MSK) clusters to connect securely to clie... - [MSK Connect Connector](awskafkaconnect-connectordataset.md): MSK Connect Connector in AWS is a managed resource that represents a Kafka Connect connector running on Amazon MSK Co... - [MSK Connect Connector Operation](awskafkaconnect-connector-operationdataset.md): MSK Connect Connector Operation in AWS represents the details of an operation performed on an MSK Connect connector, ... - [MSK Connect Custom Plugin](awskafkaconnect-custom-plugindataset.md): MSK Connect Custom Plugin in AWS represents a user-defined plugin that extends the functionality of Kafka Connect con... - [MSK Connect Worker Configuration](awskafkaconnect-worker-configurationdataset.md): MSK Connect Worker Configuration in AWS defines reusable settings for Kafka Connect workers that run connectors in Am... - [Amazon Kendra Access Control Configuration](awskendra-access-control-configurationdataset.md): Amazon Kendra Access Control Configuration defines how access permissions are managed for a Kendra index. It specifie... - [Amazon Kendra Data Source](awskendra-data-sourcedataset.md): Amazon Kendra Data Source represents a connection configuration that allows Amazon Kendra to ingest and index content... - [Amazon Kendra Experience](awskendra-experiencedataset.md): Amazon Kendra Experience is a feature that allows users to create and manage customized search experiences powered by... - [Amazon Kendra FAQ](awskendra-faqdataset.md): Amazon Kendra FAQ is a managed resource that represents a Frequently Asked Questions (FAQ) document used by Amazon Ke... - [Amazon Kendra Featured Results Set](awskendra-featured-results-setdataset.md): Amazon Kendra Featured Results Set is a configuration that allows you to define specific documents or links to appear... - [Amazon Kendra Index](awskendra-indexdataset.md): Amazon Kendra Index is a managed search service resource that stores and organizes indexed data for intelligent searc... - [Amazon Kendra Query Suggestions Block List](awskendra-query-suggestions-block-listdataset.md): Amazon Kendra Query Suggestions Block List is a resource that defines a list of words or phrases that should be exclu... - [Amazon Kendra Thesaurus](awskendra-thesaurusdataset.md): Amazon Kendra Thesaurus is a feature that allows you to define synonyms and related terms to improve search relevance... - [Keyspaces Keyspace](awskeyspaces-keyspacedataset.md): Keyspaces Keyspace in AWS is a managed Apache Cassandra–compatible database resource. It provides a scalable, highl... - [Keyspaces Table](awskeyspaces-tabledataset.md): An AWS Keyspaces Table is a managed, serverless Apache Cassandra–compatible table that lets you store and query wid... - [Kinesis Data Stream](awskinesis-streamdataset.md): Kinesis Data Stream is an AWS service that enables real-time collection and processing of large streams of data. It a... - [Kinesis Video Streams Signaling Channel](awskinesisvideo-channeldataset.md): Kinesis Video Streams Signaling Channel is an AWS resource that enables secure, real-time communication between appli... - [Kinesis Video Streams Stream](awskinesisvideo-streamdataset.md): Kinesis Video Streams Stream is an AWS resource that enables you to capture, process, and store video streams for rea... - [Key Management Service](awskmsdataset.md): This table represents the Key Management Service resource from Amazon Web Services. - [KMS Alias](awskms-aliasdataset.md): KMS Alias in AWS is a friendly name that you can assign to a customer master key (CMK) in AWS Key Management Service.... - [KMS Custom Key Store](awskms-custom-key-storedataset.md): This table represents the KMS Custom Key Store resource from Amazon Web Services. - [Lake Formation Data Lake Settings](awslakeformation-data-lake-settingsdataset.md): Lake Formation Data Lake Settings in AWS define the administrative controls and permissions for managing a data lake.... - [Lake Formation Permissions](awslakeformation-permissionsdataset.md): Lake Formation Permissions in AWS define the access rights granted to principals for data stored in the Data Lake. Th... - [Lambda Code Signing Config](awslambda-codesigningconfigdataset.md): This table represents the Lambda Code Signing Config resource from Amazon Web Services. - [Lambda Event Source Mapping](awslambda-event-source-mappingdataset.md): Lambda Event Source Mapping in AWS connects an event source, such as an SQS queue, DynamoDB stream, or Kinesis stream... - [Lambda Function](awslambda-functiondataset.md): AWS Lambda Function is a serverless compute resource that runs code in response to events without provisioning or man... - [Lambda Layer](awslambda-layerdataset.md): This table represents the Lambda Layer resource from Amazon Web Services. - [Launch Wizard Deployment](awslaunchwizard-deploymentdataset.md): Launch Wizard Deployment in AWS helps you easily deploy and configure enterprise applications such as Microsoft SQL S... - [Lex V2 Bot](awslexv2-botdataset.md): This table represents the Lex V2 Bot resource from Amazon Web Services. - [License Manager Grant](awslicense-manager-grantdataset.md): This table represents the license_manager_grant resource from Amazon Web Services. - [License Manager License](awslicense-manager-licensedataset.md): This table represents the license_manager_license resource from Amazon Web Services. - [License Manager License Configuration](awslicense-manager-license-configurationdataset.md): This table represents the license_manager_license_configuration resource from Amazon Web Services. - [License Manager Report Generator](awslicense-manager-report-generatordataset.md): This table represents the license_manager_report_generator resource from Amazon Web Services. - [Lightsail Alarm](awslightsail-alarmdataset.md): Lightsail Alarm is a monitoring resource in Amazon Lightsail that lets you track the health and performance of your i... - [Lightsail Bucket](awslightsail-bucketdataset.md): A Lightsail Bucket is an object storage resource in Amazon Lightsail that allows you to store and manage unstructured... - [Lightsail Certificate](awslightsail-certificatedataset.md): Lightsail Certificate in AWS is a managed SSL/TLS certificate used with Amazon Lightsail resources, such as load bala... - [Lightsail Container Service](awslightsail-container-servicedataset.md): Lightsail Container Service is a managed container hosting option in Amazon Lightsail that allows you to easily deplo... - [Lightsail Disk](awslightsail-diskdataset.md): Lightsail Disk is a block storage resource in Amazon Lightsail that provides persistent storage for Lightsail instanc... - [Lightsail Disk Snapshot](awslightsail-disk-snapshotdataset.md): A Lightsail Disk Snapshot in AWS is a point-in-time backup of a Lightsail block storage disk. It captures the entire ... - [Lightsail Distribution](awslightsail-distributiondataset.md): Lightsail Distribution in AWS is a content delivery network (CDN) resource that helps deliver web content, such as im... - [Lightsail Instance](awslightsail-instancedataset.md): An AWS Lightsail Instance is a virtual private server designed for simplicity and cost-effectiveness. It provides pre... - [Lightsail Load Balancer](awslightsail-loadbalancerdataset.md): This table represents the Lightsail Load Balancer resource from Amazon Web Services. - [Lightsail Relational Database](awslightsail-relational-databasedataset.md): Lightsail Relational Database is a managed database service in AWS Lightsail that provides an easy way to set up, ope... - [Lightsail Relational Database Snapshot](awslightsail-relational-database-snapshotdataset.md): A Lightsail Relational Database Snapshot is a point-in-time backup of a managed database in Amazon Lightsail. It capt... - [Lightsail Static IP](awslightsail-static-ipdataset.md): Lightsail Static IP is a fixed, public IPv4 address in Amazon Lightsail that you can attach to an instance. Unlike a ... - [Location API Key](awslocation-api-keydataset.md): This table represents the Location API Key resource from Amazon Web Services. - [Location Service Geofence Collection](awslocation-geofence-collectiondataset.md): Location Service Geofence Collection in AWS is a resource that stores and manages geofences, which are virtual bounda... - [Location Service Map](awslocation-mapdataset.md): AWS Location Service Map is a managed resource that provides customizable map tiles for applications. It allows devel... - [Location Place Index](awslocation-place-indexdataset.md): Location Place Index in AWS is part of the Amazon Location Service. It provides geocoding and reverse geocoding capab... - [Location Route Calculator](awslocation-route-calculatordataset.md): Location Route Calculator in AWS provides details about a specific route calculator resource within the Amazon Locati... - [Location Tracker](awslocation-trackerdataset.md): Location Tracker in AWS is part of the Amazon Location Service. It lets you create and manage trackers that record th... - [AWS Logs Log Group](awslogs-log-groupdataset.md): This table represents the AWS Logs Log Group resource from Amazon Web Services. - [Lookout for Equipment Dataset](awslookoutequipment-datasetdataset.md): Lookout for Equipment Dataset in AWS is a resource that defines the data used to train and evaluate machine learning ... - [Lookout for Equipment Inference Scheduler](awslookoutequipment-inference-schedulerdataset.md): Lookout for Equipment Inference Scheduler in AWS manages the scheduling of inference jobs that use trained machine le... - [Lookout for Equipment Label Group](awslookoutequipment-label-groupdataset.md): Lookout for Equipment Label Group in AWS is a resource that organizes and manages labels used for training machine le... - [Lookout for Equipment Model](awslookoutequipment-modeldataset.md): Lookout for Equipment Model in AWS is a managed machine learning resource that analyzes sensor data from industrial e... - [Lookout for Equipment Model Version](awslookoutequipment-model-versiondataset.md): Lookout for Equipment Model Version in AWS provides details about a specific version of a machine learning model used... - [Mainframe Modernization Application](awsm2-applicationdataset.md): Mainframe Modernization Application in AWS is a managed resource that represents an application running within the AW... - [Mainframe Modernization Environment](awsm2-environmentdataset.md): Mainframe Modernization Environment in AWS provides a managed runtime for migrating, modernizing, and running mainfra... - [Macie Allow List](awsmacie2-allow-listdataset.md): Macie Allow List in AWS is a resource that defines a set of text or patterns that Amazon Macie should ignore when sca... - [Macie Custom Data Identifier](awsmacie2-custom-data-identifierdataset.md): An AWS Macie Custom Data Identifier is a user-defined rule that helps Macie detect sensitive data unique to your orga... - [Macie Member Account Association](awsmacie2-memberdataset.md): Macie Member Account Association in AWS allows you to link member accounts to an Amazon Macie administrator account. ... - [Macie Settings](awsmacie2-settingsdataset.md): This table represents the Macie Settings resource from Amazon Web Services. - [Managed Blockchain Accessor](awsmanagedblockchain-accessordataset.md): Managed Blockchain Accessor in AWS is a resource that provides the necessary credentials and configuration for a memb... - [Managed Blockchain Invitation](awsmanagedblockchain-invitationdataset.md): An AWS Managed Blockchain Invitation represents an invitation sent to another AWS account to join a blockchain networ... - [Managed Blockchain Member](awsmanagedblockchain-memberdataset.md): Managed Blockchain Member in AWS represents an individual member within a blockchain network created using Amazon Man... - [Managed Blockchain Network](awsmanagedblockchain-networkdataset.md): Managed Blockchain Network in AWS represents a blockchain network created and managed through Amazon Managed Blockcha... - [Managed Blockchain Node](awsmanagedblockchain-nodedataset.md): An AWS Managed Blockchain Node is a fully managed blockchain node that allows you to join and interact with a blockch... - [Managed Blockchain Proposal](awsmanagedblockchain-proposaldataset.md): Managed Blockchain Proposal in AWS represents the details of a proposal within a blockchain network created using Ama... - [AWS Integration Billing](aws.md): Datadog bills for AWS hosts running the Datadog Agent and all EC2 instances picked up by the Datadog-AWS integration.... - [Elemental MediaConnect Bridge](awsmediaconnect-bridgedataset.md): Elemental MediaConnect Bridge in AWS is a resource that enables the transport of live video between different AWS Reg... - [Elemental MediaConnect Entitlement](awsmediaconnect-entitlementdataset.md): Elemental MediaConnect Entitlement in AWS represents permission granted to another AWS account to access a MediaConne... - [Elemental MediaConnect Flow](awsmediaconnect-flowdataset.md): Elemental MediaConnect Flow in AWS is a managed service resource that enables the transport of live video streams wit... - [Elemental MediaConnect Gateway](awsmediaconnect-gatewaydataset.md): Elemental MediaConnect Gateway is an AWS resource that enables secure and reliable transport of live video between on... - [Mediaconnect Gatewayinstance](awsmediaconnect-gatewayinstancedataset.md): This table represents the mediaconnect_gatewayinstance resource from Amazon Web Services. - [AWS Elemental MediaConvert Job Template](awsmediaconvert-job-templatedataset.md): An AWS Elemental MediaConvert Job Template defines preset settings for video transcoding jobs. It lets you preconfigu... - [AWS Elemental MediaConvert Preset](awsmediaconvert-presetdataset.md): AWS Elemental MediaConvert Preset defines a reusable set of video and audio encoding settings for MediaConvert jobs. ... - [AWS Elemental MediaConvert Queue](awsmediaconvert-queuedataset.md): An AWS Elemental MediaConvert Queue manages the order and concurrency of video transcoding jobs. It allows you to con... - [Elemental MediaLive Channel](awsmedialive-channeldataset.md): AWS Elemental MediaLive Channel is a resource that represents a live video channel used to encode and deliver real-ti... - [Elemental MediaLive Channel Placement Group](awsmedialive-channel-placement-groupdataset.md): An Elemental MediaLive Channel Placement Group in AWS is a configuration that defines how MediaLive channels are dist... - [Medialive Cloudwatch Alarm Template](awsmedialive-cloudwatch-alarm-templatedataset.md): This table represents the medialive_cloudwatch_alarm_template resource from Amazon Web Services. - [Medialive Cloudwatch Alarm Template Group](awsmedialive-cloudwatch-alarm-template-groupdataset.md): This table represents the medialive_cloudwatch_alarm_template_group resource from Amazon Web Services. - [Elemental MediaLive Cluster](awsmedialive-clusterdataset.md): Elemental MediaLive Cluster in AWS is a managed resource that enables high-availability live video encoding by groupi... - [Medialive Eventbridge Rule Template](awsmedialive-eventbridge-rule-templatedataset.md): This table represents the medialive_eventbridge_rule_template resource from Amazon Web Services. - [Medialive Eventbridge Rule Template Group](awsmedialive-eventbridge-rule-template-groupdataset.md): This table represents the medialive_eventbridge_rule_template_group resource from Amazon Web Services. - [Elemental MediaLive Input](awsmedialive-inputdataset.md): AWS Elemental MediaLive Input is a resource that defines the source of video content for a MediaLive channel. It spec... - [Elemental MediaLive Input Device](awsmedialive-input-devicedataset.md): AWS Elemental MediaLive Input Device is a physical hardware appliance that connects live video sources, such as camer... - [Elemental MediaLive Input Security Group](awsmedialive-input-security-groupdataset.md): An Elemental MediaLive Input Security Group in AWS defines a set of rules that control which IP addresses are allowed... - [Elemental MediaLive Multiplex](awsmedialive-multiplexdataset.md): Elemental MediaLive Multiplex is an AWS resource that enables combining multiple live video channels into a single tr... - [Elemental MediaLive Network](awsmedialive-networkdataset.md): AWS Elemental MediaLive Network represents the network configuration and connectivity details used by MediaLive chann... - [Elemental MediaLive Node](awsmedialive-nodedataset.md): Elemental MediaLive Node is a managed resource in AWS Elemental MediaLive that represents a compute node used to proc... - [Elemental MediaLive Offering](awsmedialive-offeringdataset.md): Elemental MediaLive Offering in AWS represents a reserved capacity purchase option for MediaLive channels. It allows ... - [Elemental MediaLive Reservation](awsmedialive-reservationdataset.md): Elemental MediaLive Reservation in AWS represents a commitment to use specific MediaLive resources, such as encoding ... - [Elemental MediaLive SDI Source](awsmedialive-sdi-sourcedataset.md): Elemental MediaLive SDI Source represents a live video input from an on-premises SDI (Serial Digital Interface) feed ... - [Elemental MediaLive Signal Map](awsmedialive-signal-mapdataset.md): Elemental MediaLive Signal Map provides a visual representation of input signal health and flow within AWS Elemental ... - [Elemental MediaPackage Channel](awsmediapackage-channeldataset.md): An Elemental MediaPackage Channel is a resource in AWS that defines the input for video content to be ingested and pr... - [Mediapackage Channels](awsmediapackage-channelsdataset.md): This table represents the mediapackage_channels resource from Amazon Web Services. - [Mediapackage Harvest Jobs](awsmediapackage-harvest-jobsdataset.md): This table represents the mediapackage_harvest_jobs resource from Amazon Web Services. - [Mediapackage Origin Endpoints](awsmediapackage-origin-endpointsdataset.md): This table represents the mediapackage_origin_endpoints resource from Amazon Web Services. - [Mediapackage V2 Channel](awsmediapackage-v2-channeldataset.md): This table represents the mediapackage_v2_channel resource from Amazon Web Services. - [Mediapackage V2 Channel Group](awsmediapackage-v2-channel-groupdataset.md): This table represents the mediapackage_v2_channel_group resource from Amazon Web Services. - [Mediapackage V2 Harvest Job](awsmediapackage-v2-harvest-jobdataset.md): This table represents the mediapackage_v2_harvest_job resource from Amazon Web Services. - [Mediapackage V2 Origin Endpoint](awsmediapackage-v2-origin-endpointdataset.md): This table represents the mediapackage_v2_origin_endpoint resource from Amazon Web Services. - [Mediapackage Vod Assets](awsmediapackage-vod-assetsdataset.md): This table represents the mediapackage_vod_assets resource from Amazon Web Services. - [Mediapackage Vod Packaging Configurations](awsmediapackage-vod-packaging-configurationsdataset.md): This table represents the mediapackage_vod_packaging_configurations resource from Amazon Web Services. - [Mediapackage Vod Packaging Groups](awsmediapackage-vod-packaging-groupsdataset.md): This table represents the mediapackage_vod_packaging_groups resource from Amazon Web Services. - [AWS Elemental MediaTailor Channel](awsmediatailor-channeldataset.md): AWS Elemental MediaTailor Channel is a resource that defines a linear streaming channel for delivering video content ... - [Mediatailor Playbackconfiguration](awsmediatailor-playbackconfigurationdataset.md): This table represents the mediatailor_playbackconfiguration resource from Amazon Web Services. - [Mediatailor Prefetchschedule](awsmediatailor-prefetchscheduledataset.md): This table represents the mediatailor_prefetchschedule resource from Amazon Web Services. - [Mediatailor Sourcelocation](awsmediatailor-sourcelocationdataset.md): This table represents the mediatailor_sourcelocation resource from Amazon Web Services. - [MemoryDB ACL](awsmemorydb-acldataset.md): MemoryDB ACL is an access control list resource in Amazon MemoryDB for Redis. It defines which users can connect to a... - [MemoryDB Cluster](awsmemorydb-clusterdataset.md): MemoryDB Cluster is a fully managed, Redis-compatible, in-memory database service in AWS designed for ultra-fast perf... - [MemoryDB Parameter Group](awsmemorydb-parameter-groupdataset.md): A MemoryDB Parameter Group in AWS is a collection of configuration settings that define the runtime behavior of Memor... - [MemoryDB Reserved Node](awsmemorydb-reserved-nodedataset.md): A MemoryDB Reserved Node is a pricing option in Amazon MemoryDB for Redis that allows you to reserve a specific node ... - [MemoryDB Snapshot](awsmemorydb-snapshotdataset.md): A MemoryDB Snapshot in AWS is a point-in-time backup of a MemoryDB for Redis cluster. It captures the data stored in ... - [MemoryDB Subnet Group](awsmemorydb-subnet-groupdataset.md): A MemoryDB Subnet Group in AWS is a collection of subnets within a Virtual Private Cloud (VPC) that you designate for... - [MemoryDB User](awsmemorydb-userdataset.md): MemoryDB User in AWS represents an identity within an Amazon MemoryDB for Redis cluster. It defines authentication an... - [Metric Filter](awsmetric-filterdataset.md): This table represents the Metric Filter resource from Amazon Web Services. - [Migration Hub Refactor Spaces Application](awsmigrationhubrefactorspaces-applicationdataset.md): Migration Hub Refactor Spaces Application is an AWS resource that represents an application created within Refactor S... - [Migration Hub Refactor Spaces Environment](awsmigrationhubrefactorspaces-environmentdataset.md): Migration Hub Refactor Spaces Environment is an AWS resource that provides a managed environment for refactoring appl... - [Migration Hub Refactor Spaces Route](awsmigrationhubrefactorspaces-routedataset.md): Migration Hub Refactor Spaces Route represents a network path configuration within an application environment created... - [Migration Hub Refactor Spaces Service](awsmigrationhubrefactorspaces-servicedataset.md): Migration Hub Refactor Spaces Service in AWS provides a managed environment to help organizations transition from mon... - [MQ Broker](awsmq-brokerdataset.md): MQ Broker in AWS is a managed message broker service based on Apache ActiveMQ and RabbitMQ. It allows applications, m... - [MQ Configuration](awsmq-configurationdataset.md): An AWS MQ Configuration is a resource that defines the settings for an Amazon MQ broker, such as broker engine type, ... - [MQ Configuration Revision](awsmq-configuration-revisiondataset.md): An MQ Configuration Revision in AWS represents a specific version of a configuration for Amazon MQ brokers. Each revi... - [MQ User](awsmq-userdataset.md): An AWS MQ User represents a user account within an Amazon MQ broker. It defines the authentication credentials and pe... - [MSK Cluster](awsmsk-clusterdataset.md): This table represents the MSK Cluster resource from Amazon Web Services. - [Managed Workflows for Apache Airflow Environment](awsmwaa-environmentdataset.md): Managed Workflows for Apache Airflow Environment (MWAA) is a fully managed service that makes it easy to run Apache A... - [Neptune Cluster](awsneptune-clusterdataset.md): This table represents the Neptune Cluster resource from Amazon Web Services. - [Neptune Cluster Snapshot](awsneptune-cluster-snapshotdataset.md): This table represents the Neptune Cluster Snapshot resource from Amazon Web Services. - [Neptune Instance](awsneptune-instancedataset.md): This table represents the Neptune Instance resource from Amazon Web Services. - [Network ACL](awsnetwork-acldataset.md): This table represents the Network ACL resource from Amazon Web Services. - [Network ACL V2](awsnetwork-acl-v2dataset.md): This table represents the Network ACL V2 resource from Amazon Web Services. - [Network Firewall Firewall](awsnetwork-firewall-firewalldataset.md): This table represents the Network Firewall Firewall resource from Amazon Web Services. - [Network Firewall Rule Group](awsnetwork-firewall-rule-groupdataset.md): This table represents the Network Firewall Rule Group resource from Amazon Web Services. - [Network Firewall Rule Group](awsnetwork-firewall-rulegroupdataset.md): This table represents the Network Firewall Rule Group resource from Amazon Web Services. - [Network Firewall TLS Configuration](awsnetwork-firewall-tls-configurationdataset.md): This table represents the Network Firewall TLS Configuration resource from Amazon Web Services. - [Network Firewall VPC Endpoint Association](awsnetwork-firewall-vpc-endpoint-associationdataset.md): This table represents the Network Firewall VPC Endpoint Association resource from Amazon Web Services. - [Network Manager Attachment](awsnetworkmanager-attachmentdataset.md): An AWS Network Manager Attachment represents a connection between a core network and an external resource, such as a ... - [Network Manager Connect Peer](awsnetworkmanager-connect-peerdataset.md): Network Manager Connect Peer in AWS represents the configuration details of a peer connection within AWS Network Mana... - [Network Manager Connection](awsnetworkmanager-connectiondataset.md): Network Manager Connection in AWS represents a link between two devices or sites within AWS Network Manager. It helps... - [Network Manager Core Network](awsnetworkmanager-core-networkdataset.md): AWS Network Manager Core Network is a global networking resource that enables you to centrally manage, connect, and m... - [Network Manager Device](awsnetworkmanager-devicedataset.md): Represents a physical or virtual device in AWS Network Manager, such as a router, switch, or customer premises equipm... - [Global Network](awsnetworkmanager-global-networkdataset.md): Global Network in AWS Network Manager is a top-level resource that represents a single, private global network spanni... - [Network Manager Link](awsnetworkmanager-linkdataset.md): Network Manager Link in AWS represents a connection between a customer's on-premises network and AWS, or between diff... - [Network Manager Peering](awsnetworkmanager-peeringdataset.md): Network Manager Peering in AWS enables the creation and management of peering connections between global networks man... - [Network Manager Site](awsnetworkmanager-sitedataset.md): A Network Manager Site in AWS represents a physical location, such as a branch office, data center, or other on-premi... - [AWS HealthOmics Annotation Store](awsomics-annotation-storedataset.md): AWS HealthOmics Annotation Store is a managed service that allows users to store, manage, and query genomic annotatio... - [AWS HealthOmics Annotation Store Version](awsomics-annotation-store-versiondataset.md): Represents a specific version of an annotation store in AWS HealthOmics. It provides details about the versioned anno... - [AWS HealthOmics Read Set](awsomics-read-setdataset.md): An AWS HealthOmics Read Set represents a collection of genomic sequencing reads stored in AWS HealthOmics. It contain... - [AWS HealthOmics Reference Store](awsomics-referencedataset.md): AWS HealthOmics Reference Store is a managed service that allows users to store, manage, and share reference genomic ... - [Omics Reference Store](awsomics-reference-storedataset.md): This table represents the omics_reference_store resource from Amazon Web Services. - [AWS HealthOmics Sequence Store](awsomics-sequence-storedataset.md): AWS HealthOmics Sequence Store is a managed service that allows users to store, manage, and retrieve genomic sequence... - [AWS HealthOmics Variant Store](awsomics-variant-storedataset.md): AWS HealthOmics Variant Store is a managed service that stores, queries, and analyzes genomic variant data at scale. ... - [AWS HealthOmics Workflow](awsomics-workflowdataset.md): AWS HealthOmics Workflow is a managed service that enables users to create, run, and manage bioinformatics workflows ... - [Omics Workflow Imageversion](awsomics-workflow-imageversiondataset.md): This table represents the omics_workflow_imageversion resource from Amazon Web Services. - [OpenSearch Service Domain](awsopensearch-domaindataset.md): An OpenSearch Service Domain in AWS is a managed search and analytics cluster that hosts OpenSearch or legacy Elastic... - [OpenSearch Serverless Collection](awsopensearchserverless-collectiondataset.md): This table represents the OpenSearch Serverless Collection resource from Amazon Web Services. - [Organizations Account](awsorganizations-accountdataset.md): An AWS Organizations Account represents an AWS account that is part of an organization managed through AWS Organizati... - [Organizations Features](awsorganizations-featuresdataset.md): This table represents the Organizations Features resource from Amazon Web Services. - [Organizations Organization](awsorganizations-organizationdataset.md): AWS Organizations Organization represents the entity that contains all accounts within an AWS Organization. It provid... - [Organizational Unit](awsorganizations-organizational-unitdataset.md): An Organizational Unit in AWS Organizations is a container used to group accounts within an organization. It helps st... - [Organizations Policy Statement](awsorganizations-policy-statementdataset.md): This table represents the Organizations Policy Statement resource from Amazon Web Services. - [Organizations Root](awsorganizations-rootdataset.md): The AWS Organizations Root is the top-level container in an AWS Organization. It serves as the starting point for all... - [OpenSearch Ingestion Pipeline](awsosis-pipelinedataset.md): OpenSearch Ingestion Pipeline in AWS is a managed service that lets you build and run data ingestion pipelines for Am... - [OpenSearch Ingestion Pipeline Blueprint](awsosis-pipeline-blueprintdataset.md): An OpenSearch Ingestion Pipeline Blueprint in AWS provides a predefined configuration template that helps you set up ... - [AWS Outpost](awsoutposts-outpostdataset.md): AWS Outpost is a fully managed service that extends AWS infrastructure, services, APIs, and tools to on-premises loca... - [Panorama Application Instance](awspanorama-application-instancedataset.md): An AWS Panorama Application Instance represents a deployed computer vision application running on a Panorama Applianc... - [Panorama Appliance](awspanorama-devicedataset.md): Panorama Appliance in AWS is a physical or virtual device used with AWS Panorama to run computer vision applications ... - [Panorama Package](awspanorama-packagedataset.md): An AWS Panorama Package is a containerized application that runs on AWS Panorama devices. It includes computer vision... - [Payment Cryptography Alias](awspayment-cryptography-aliasdataset.md): This table represents the Payment Cryptography Alias resource from Amazon Web Services. - [Payment Cryptography Key](awspayment-cryptography-keydataset.md): This table represents the Payment Cryptography Key resource from Amazon Web Services. - [PCA Connector Active Directory Connector](awspca-connector-ad-connectordataset.md): This table represents the PCA Connector Active Directory Connector resource from Amazon Web Services. - [PCA Connector Active Directory Directory Registration](awspca-connector-ad-directory-registrationdataset.md): This table represents the PCA Connector Active Directory Directory Registration resource from Amazon Web Services. - [PCA Connector Active Directory Template](awspca-connector-ad-templatedataset.md): This table represents the PCA Connector Active Directory Template resource from Amazon Web Services. - [PCA Connector Scep Connector](awspca-connector-scep-connectordataset.md): This table represents the PCA Connector Scep Connector resource from Amazon Web Services. - [ParallelCluster Cluster](awspcs-clusterdataset.md): ParallelCluster Cluster in AWS is a managed high-performance computing (HPC) resource that allows you to create and m... - [PCS Compute Node Group](awspcs-compute-node-groupdataset.md): PCS Compute Node Group in AWS represents a collection of compute nodes managed within the PCS (ParallelCluster Servic... - [PCS Queue](awspcs-queuedataset.md): This table represents the PCS Queue resource from Amazon Web Services. - [Personalize Algorithm](awspersonalize-algorithmdataset.md): Personalize Algorithm in AWS refers to a custom or predefined machine learning algorithm used within Amazon Personali... - [Personalize Batch Inference Job](awspersonalize-batch-inference-jobdataset.md): Personalize Batch Inference Job in AWS is a resource that runs batch recommendation tasks using Amazon Personalize. I... - [Personalize Batch Segment Job](awspersonalize-batch-segment-jobdataset.md): Personalize Batch Segment Job in AWS is a resource that provides information about a batch segment job created in Ama... - [Personalize Campaign](awspersonalize-campaigndataset.md): An AWS Personalize Campaign is a deployed recommendation engine that delivers personalized predictions in real time b... - [Personalize Data Deletion Job](awspersonalize-data-deletion-jobdataset.md): Personalize Data Deletion Job in AWS is a resource that represents the process of removing datasets or records from A... - [Personalize Dataset](awspersonalize-datasetdataset.md): An AWS Personalize Dataset is a container that stores data used to train and deploy personalized recommendation model... - [Personalize Dataset Export Job](awspersonalize-dataset-export-jobdataset.md): An AWS Personalize Dataset Export Job is a resource that allows you to export data from a dataset in Amazon Personali... - [Personalize Dataset Group](awspersonalize-dataset-groupdataset.md): An Amazon Personalize Dataset Group is a container that holds related datasets for building and managing personalized... - [Personalize Dataset Import Job](awspersonalize-dataset-import-jobdataset.md): An Amazon Personalize Dataset Import Job is a resource that loads data from Amazon S3 into a Personalize dataset. It ... - [Personalize Event Tracker](awspersonalize-event-trackerdataset.md): Personalize Event Tracker in AWS is a resource that captures real-time user interaction events, such as clicks or vie... - [Personalize Feature Transformation](awspersonalize-feature-transformationdataset.md): Personalize Feature Transformation in AWS is part of Amazon Personalize, which prepares and processes input data for ... - [Personalize Filter](awspersonalize-filterdataset.md): Personalize Filter in AWS is a resource used within Amazon Personalize to define filtering criteria for recommendatio... - [Personalize Metric Attribution](awspersonalize-metric-attributiondataset.md): Personalize Metric Attribution in AWS allows you to track and measure the impact of your recommendations by attributi... - [Personalize Recipe](awspersonalize-recipedataset.md): An AWS Personalize Recipe is a predefined algorithm that guides how data is processed to generate personalized recomm... - [Personalize Recommender](awspersonalize-recommenderdataset.md): Personalize Recommender in AWS is a managed resource that provides personalized item recommendations based on user be... - [Personalize Schema](awspersonalize-schemadataset.md): Personalize Schema in AWS defines the structure of your dataset for Amazon Personalize. It specifies the format, fiel... - [Personalize Solution](awspersonalize-solutiondataset.md): Personalize Solution in AWS is a resource that represents a machine learning solution created with Amazon Personalize... - [Pinpoint App](awspinpoint-appdataset.md): This table represents the pinpoint_app resource from Amazon Web Services. - [Pinpoint Campaign](awspinpoint-campaigndataset.md): An Amazon Pinpoint Campaign is a resource that defines and manages a messaging campaign used to engage customers acro... - [Pinpoint Channel](awspinpoint-channeldataset.md): An Amazon Pinpoint Channel represents a communication pathway that you can enable to send messages to your users, suc... - [Pinpoint Journey](awspinpoint-journeydataset.md): Pinpoint Journey in AWS is a customer engagement resource that defines a series of steps or activities to guide users... - [Pinpoint Recommender](awspinpoint-recommenderdataset.md): This table represents the pinpoint_recommender resource from Amazon Web Services. - [Pinpoint Segment](awspinpoint-segmentdataset.md): An Amazon Pinpoint Segment is a group of users defined by specific attributes, behaviors, or demographics. Segments a... - [Pinpoint Template](awspinpoint-templatedataset.md): An AWS Pinpoint Template is a reusable message configuration that defines the content and settings for communications... - [EventBridge Pipe](awspipes-pipedataset.md): EventBridge Pipe is an AWS resource that connects event sources to targets with optional filtering, enrichment, and t... - [Profile Domain](awsprofile-domaindataset.md): This table represents the profile_domain resource from Amazon Web Services. - [Proton Component](awsproton-componentdataset.md): Proton Component in AWS Proton represents a building block of infrastructure or application resources that can be cre... - [Proton Deployment](awsproton-deploymentdataset.md): Proton Deployment in AWS Proton represents the process of rolling out infrastructure or application changes defined i... - [Proton Environment](awsproton-environmentdataset.md): An AWS Proton Environment is a managed resource that defines the shared infrastructure and resources where Proton ser... - [Proton Environment Account Connection](awsproton-environment-account-connectiondataset.md): Proton Environment Account Connection in AWS Proton represents the link between a management account and an environme... - [Proton Environment Template](awsproton-environment-templatedataset.md): An AWS Proton Environment Template defines the blueprint for creating and managing environments in AWS Proton. It spe... - [Proton Environment Template Version](awsproton-environment-template-versiondataset.md): Proton Environment Template Version in AWS Proton represents a specific version of an environment template that defin... - [Proton Repository](awsproton-repositorydataset.md): An AWS Proton Repository represents a registered source code repository, such as one in AWS CodeCommit, GitHub, or Bi... - [Proton Service](awsproton-servicedataset.md): Proton Service in AWS Proton represents a deployable application composed of infrastructure and code defined by a ser... - [Proton Service Instance](awsproton-service-instancedataset.md): An AWS Proton Service Instance is a deployed copy of a service within Proton, AWS's fully managed application deliver... - [Proton Service Template](awsproton-service-templatedataset.md): An AWS Proton Service Template defines the standardized infrastructure and CI/CD configuration for deploying and mana... - [Proton Service Template Version](awsproton-service-template-versiondataset.md): Proton Service Template Version in AWS Proton represents a specific version of a service template that defines the in... - [Public AMI](awspublic-amidataset.md): This table represents the Public AMI resource from Amazon Web Services. - [Q Business Application](awsqbusiness-applicationdataset.md): Q Business Application in AWS represents an application resource within the Amazon Q Business service. It provides de... - [Q Business Data Accessor](awsqbusiness-data-accessordataset.md): Q Business Data Accessor in AWS provides access details for retrieving data within the Amazon Q Business service. It ... - [Q Business Data Source](awsqbusiness-data-sourcedataset.md): Q Business Data Source in AWS is part of the Amazon Q Business service, which enables integration of external data so... - [Q Business Index](awsqbusiness-indexdataset.md): Q Business Index in AWS is part of the Amazon Q Business service, which helps organizations create and manage enterpr... - [Q Business Plugin](awsqbusiness-plugindataset.md): Q Business Plugin in AWS is part of the Amazon Q Business service, which enables integration of external applications... - [Q Business Retriever](awsqbusiness-retrieverdataset.md): Q Business Retriever in AWS is part of the Amazon Q Business service, which helps applications access and retrieve re... - [Q Business Subscription](awsqbusiness-subscriptiondataset.md): Q Business Subscription in AWS represents a subscription resource for Amazon Q Business, a managed generative AI serv... - [Q Business Web Experience](awsqbusiness-web-experiencedataset.md): Q Business Web Experience in AWS provides a way to access and interact with Q Business applications through a web-bas... - [QLDB Ledger](awsqldb-ledgerdataset.md): QLDB Ledger in AWS is a fully managed ledger database that provides a transparent, immutable, and cryptographically v... - [QLDB Stream](awsqldb-streamdataset.md): This table represents the QLDB Stream resource from Amazon Web Services. - [QuickSight Account](awsquicksight-accountdataset.md): This table represents the QuickSight Account resource from Amazon Web Services. - [QuickSight Analysis](awsquicksight-analysisdataset.md): QuickSight Analysis in AWS represents an interactive data visualization and reporting resource within Amazon QuickSig... - [QuickSight Brand](awsquicksight-branddataset.md): QuickSight Brand in AWS refers to the branding configuration for Amazon QuickSight, which allows customization of the... - [QuickSight Custom Permission](awsquicksight-custom-permissiondataset.md): This table represents the QuickSight Custom Permission resource from Amazon Web Services. - [QuickSight Dashboard](awsquicksight-dashboarddataset.md): An AWS QuickSight Dashboard is an interactive, shareable visualization that presents data insights through charts, gr... - [QuickSight Data Set](awsquicksight-data-setdataset.md): An AWS QuickSight Data Set is a collection of data that serves as the foundation for creating analyses, dashboards, a... - [QuickSight Data Source](awsquicksight-data-sourcedataset.md): An AWS QuickSight Data Source is a connection configuration that defines how Amazon QuickSight accesses external data... - [QuickSight Folder](awsquicksight-folderdataset.md): QuickSight Folder in AWS is a container used to organize and manage QuickSight assets such as dashboards, analyses, a... - [QuickSight Group](awsquicksight-groupdataset.md): An AWS QuickSight Group is a collection of users within Amazon QuickSight that allows administrators to manage permis... - [QuickSight Ingestion](awsquicksight-ingestiondataset.md): QuickSight Ingestion in AWS refers to the process of loading data into Amazon QuickSight for analysis and visualizati... - [QuickSight Namespace](awsquicksight-namespacedataset.md): QuickSight Namespace is a logical container within Amazon QuickSight that allows you to isolate and manage users, gro... - [QuickSight Refresh Schedule](awsquicksight-refresh-scheduledataset.md): QuickSight Refresh Schedule in AWS defines how and when datasets in Amazon QuickSight are automatically refreshed. It... - [QuickSight Template](awsquicksight-templatedataset.md): An AWS QuickSight Template is a reusable blueprint for creating dashboards and analyses in Amazon QuickSight. It capt... - [QuickSight Theme](awsquicksight-themedataset.md): QuickSight Theme in AWS defines the visual style settings for Amazon QuickSight dashboards and analyses. It allows cu... - [QuickSight Topic](awsquicksight-topicdataset.md): QuickSight Topic in AWS is a semantic layer that allows users to define business-friendly terms and concepts for thei... - [QuickSight User](awsquicksight-userdataset.md): An AWS QuickSight User represents an individual account within Amazon QuickSight, a business intelligence service. It... - [QuickSight VPC Connection](awsquicksight-vpc-connectiondataset.md): QuickSight VPC Connection allows Amazon QuickSight to securely connect to data sources within a Virtual Private Cloud... - [RAM Customer Managed Permission](awsram-customer-managed-permissiondataset.md): A RAM Customer Managed Permission in AWS Resource Access Manager (RAM) is a custom permission created and managed by ... - [Resource Share Permission](awsram-customer-permissiondataset.md): A Resource Share Permission in AWS RAM defines the set of actions and resources that can be shared with other AWS acc... - [Resource Share Permission](awsram-permissiondataset.md): A Resource Share Permission in AWS RAM defines the set of actions and resources that can be shared with other AWS acc... - [Resource Access Manager Resource Share](awsram-resource-sharedataset.md): Resource Access Manager Resource Share in AWS allows you to securely share AWS resources across accounts or within yo... - [Resource Access Manager Resource Share Invitation](awsram-resource-share-invitationdataset.md): A Resource Access Manager Resource Share Invitation in AWS represents an invitation sent to an AWS account or organiz... - [RDS Resource Recycle Bin Rule](awsrbin-ruledataset.md): An RDS Resource Recycle Bin Rule in AWS defines retention policies for RDS resources that are deleted, allowing them ... - [RDS Blue/Green Deployment](awsrds-blue-green-deploymentdataset.md): RDS Blue/Green Deployment in AWS allows you to create a fully managed staging environment (green) that mirrors your p... - [RDS Cluster](awsrds-clusterdataset.md): This table represents the RDS Cluster resource from Amazon Web Services. - [RDS Cluster Endpoint](awsrds-cluster-endpointdataset.md): This table represents the RDS Cluster Endpoint resource from Amazon Web Services. - [RDS Cluster Parameter Group](awsrds-cluster-parameter-groupdataset.md): This table represents the RDS Cluster Parameter Group resource from Amazon Web Services. - [RDS Cluster Snapshot](awsrds-cluster-snapshotdataset.md): This table represents the RDS Cluster Snapshot resource from Amazon Web Services. - [RDS DB Cluster Automated Backup](awsrds-db-cluster-automated-backupdataset.md): An RDS DB Cluster Automated Backup in AWS is a managed backup of an Amazon Aurora or RDS cluster that is automaticall... - [RDS DB Shard Group](awsrds-db-shard-groupdataset.md): An RDS DB Shard Group in AWS is a resource that manages a collection of database shards for Amazon Aurora Limitless D... - [RDS DB Snapshot](awsrds-db-snapshotdataset.md): An RDS DB Snapshot in AWS is a backup of a relational database instance at a specific point in time. It captures the ... - [RDS Event Subscription](awsrds-event-subscriptiondataset.md): An RDS Event Subscription in AWS allows you to receive notifications about specific events related to your RDS resour... - [RDS Export Task](awsrds-export-taskdataset.md): An RDS Export Task in AWS allows you to export data from an Amazon RDS or Aurora snapshot to Amazon S3 in Apache Parq... - [RDS Global Cluster](awsrds-globalclusterdataset.md): This table represents the RDS Global Cluster resource from Amazon Web Services. - [RDS Instance](awsrds-instancedataset.md): This table represents the RDS Instance resource from Amazon Web Services. - [RDS Instance Automated Backup](awsrds-instance-automated-backupdataset.md): This table represents the RDS Instance Automated Backup resource from Amazon Web Services. - [RDS Instance Parameter Group](awsrds-instance-parameter-groupdataset.md): This table represents the RDS Instance Parameter Group resource from Amazon Web Services. - [RDS Integration](awsrds-integrationdataset.md): This table represents the RDS Integration resource from Amazon Web Services. - [RDS Option Group](awsrds-option-groupdataset.md): An RDS Option Group in AWS allows you to enable and manage additional features for Amazon RDS instances that are not ... - [RDS Proxy](awsrds-proxydataset.md): This table represents the RDS Proxy resource from Amazon Web Services. - [RDS Proxy Endpoint](awsrds-proxy-endpointdataset.md): This table represents the RDS Proxy Endpoint resource from Amazon Web Services. - [RDS Proxy Target Group](awsrds-proxy-target-groupdataset.md): This table represents the RDS Proxy Target Group resource from Amazon Web Services. - [RDS Reserved Instance](awsrds-reserved-instancedataset.md): This table represents the RDS Reserved Instance resource from Amazon Web Services. - [RDS Security Group](awsrds-security-groupdataset.md): This table represents the RDS Security Group resource from Amazon Web Services. - [RDS Snapshot Tenant Database](awsrds-snapshot-tenant-databasedataset.md): This table represents the RDS Snapshot Tenant Database resource from Amazon Web Services. - [RDS Subnet Group](awsrds-subnet-groupdataset.md): This table represents the RDS Subnet Group resource from Amazon Web Services. - [RDS Tenant Database](awsrds-tenant-databasedataset.md): This table represents the RDS Tenant Database resource from Amazon Web Services. - [Redshift Cluster](awsredshift-clusterdataset.md): An Amazon Redshift Cluster is a fully managed data warehouse that allows you to run complex analytical queries on lar... - [Redshift Cluster Parameter Group](awsredshift-cluster-parameter-groupdataset.md): An Amazon Redshift Cluster Parameter Group is a collection of configuration settings that manage the behavior of Reds... - [Redshift Cluster Security Group](awsredshift-cluster-security-groupdataset.md): An Amazon Redshift Cluster Security Group acts as a virtual firewall that controls network access to Redshift cluster... - [Redshift Cluster Snapshot](awsredshift-cluster-snapshotdataset.md): This table represents the Redshift Cluster Snapshot resource from Amazon Web Services. - [Redshift Cluster Subnet Group](awsredshift-cluster-subnet-groupdataset.md): An Amazon Redshift Cluster Subnet Group is a collection of subnets within a Virtual Private Cloud (VPC) that you desi... - [Redshift Event Subscription](awsredshift-event-subscriptiondataset.md): Redshift Event Subscription in AWS allows you to receive notifications about specific events occurring in your Amazon... - [Redshift HSM Client Certificate](awsredshift-hsm-client-certificatedataset.md): An Amazon Redshift HSM Client Certificate is a security resource that stores the public key certificate used to conne... - [Redshift HSM Configuration](awsredshift-hsm-configurationdataset.md): This table represents the Redshift HSM Configuration resource from Amazon Web Services. - [Redshift Integration](awsredshift-integrationdataset.md): Redshift Integration in AWS allows Amazon Redshift to connect and work seamlessly with other AWS services and externa... - [Redshift Redshift Idc Application](awsredshift-redshift-idc-applicationdataset.md): This table represents the Redshift Redshift Idc Application resource from Amazon Web Services. - [Redshift Serverless Endpoint Access](awsredshiftserverless-endpoint-accessdataset.md): Redshift Serverless Endpoint Access in AWS provides a managed network endpoint that allows secure connectivity to a R... - [Redshift Serverless Managed Workgroup](awsredshiftserverless-managed-workgroupdataset.md): Redshift Serverless Managed Workgroup in AWS is a serverless compute resource for Amazon Redshift that automatically ... - [Redshift Serverless Namespace](awsredshiftserverless-namespacedataset.md): A Redshift Serverless Namespace in AWS is a logical container that holds database objects, users, and configurations ... - [Redshift Serverless Recovery Point](awsredshiftserverless-recovery-pointdataset.md): A Redshift Serverless Recovery Point in AWS represents a saved snapshot of data from a Redshift Serverless workgroup ... - [Redshift Serverless Snapshot](awsredshiftserverless-snapshotdataset.md): A Redshift Serverless Snapshot in AWS is a point-in-time backup of a Redshift Serverless workgroup. It captures the s... - [Redshift Serverless Workgroup](awsredshiftserverless-workgroupdataset.md): Redshift Serverless Workgroup in AWS is a compute environment that runs serverless Amazon Redshift queries without ne... - [Rekognition Collection](awsrekognition-collectiondataset.md): An Amazon Rekognition Collection is a container used to store and manage facial feature vectors for face recognition.... - [Rekognition Project](awsrekognition-projectdataset.md): An Amazon Rekognition Project represents a container for managing computer vision models within Rekognition Custom La... - [Rekognition Project Version](awsrekognition-project-versiondataset.md): Rekognition Project Version represents a trained model version within Amazon Rekognition Custom Labels. It contains d... - [Rekognition Stream Processor](awsrekognition-stream-processordataset.md): Rekognition Stream Processor is an AWS resource that enables real-time video analysis by connecting a video stream fr... - [Resilience Hub App Assessment](awsresiliencehub-app-assessmentdataset.md): Resilience Hub App Assessment in AWS provides a detailed evaluation of an application's resilience based on defined p... - [Resilience Hub Application](awsresiliencehub-applicationdataset.md): This table represents the Resilience Hub Application resource from Amazon Web Services. - [Resilience Hub Recommendation Template](awsresiliencehub-recommendation-templatedataset.md): The Resilience Hub Recommendation Template in AWS is a resource that captures recommendations generated by AWS Resili... - [Resilience Policy](awsresiliencehub-resiliency-policydataset.md): A Resilience Policy in AWS Resilience Hub defines the recovery objectives for applications, such as Recovery Time Obj... - [Resource Tags](awsresource-tagsdataset.md): This table represents the Resource Tags resource from Amazon Web Services. - [Resource Explorer Index](awsresourceexplorer2-indexdataset.md): Resource Explorer Index in AWS provides information about the index used by AWS Resource Explorer to organize and sea... - [Resource Explorer Managed View](awsresourceexplorer2-managed-viewdataset.md): Resource Explorer Managed View in AWS provides a predefined, read-only view of resources across your account. It help... - [Resource Explorer View](awsresourceexplorer2-viewdataset.md): Resource Explorer View in AWS provides a way to define and retrieve a specific view configuration for AWS Resource Ex... - [Resource Groups Group](awsresourcegroups-groupdataset.md): Resource Groups Group in AWS represents a collection of AWS resources that are grouped together for easier management... - [Rolesanywhere Crl](awsrolesanywhere-crldataset.md): This table represents the rolesanywhere_crl resource from Amazon Web Services. - [Rolesanywhere Profile](awsrolesanywhere-profiledataset.md): This table represents the rolesanywhere_profile resource from Amazon Web Services. - [Rolesanywhere Subject](awsrolesanywhere-subjectdataset.md): This table represents the rolesanywhere_subject resource from Amazon Web Services. - [Rolesanywhere Trust Anchor](awsrolesanywhere-trust-anchordataset.md): This table represents the rolesanywhere_trust_anchor resource from Amazon Web Services. - [Route 53 Domain](awsroute53-domaindataset.md): This table represents the Route 53 Domain resource from Amazon Web Services. - [Route\_53 Hosted Zone](awsroute53-hosted-zonedataset.md): A Route 53 Hosted Zone is a container for DNS records that define how traffic is routed for a domain and its subdomai... - [Route\_53 Query Logging Configuration](awsroute53-query-logging-configdataset.md): Route 53 Query Logging Configuration in AWS enables you to capture detailed information about DNS queries made to a s... - [Route 53 Recovery Control Assertion Safety Rule](awsroute53-recovery-control-assertion-safety-ruledataset.md): This table represents the Route 53 Recovery Control Assertion Safety Rule resource from Amazon Web Services. - [Route 53 Recovery Control Cluster](awsroute53-recovery-control-clusterdataset.md): This table represents the Route 53 Recovery Control Cluster resource from Amazon Web Services. - [Route 53 Recovery Control Control Panel](awsroute53-recovery-control-control-paneldataset.md): This table represents the Route 53 Recovery Control Control Panel resource from Amazon Web Services. - [Route 53 Recovery Control Gating Safety Rule](awsroute53-recovery-control-gating-safety-ruledataset.md): This table represents the Route 53 Recovery Control Gating Safety Rule resource from Amazon Web Services. - [Route 53 Recovery Control Routing Control](awsroute53-recovery-control-routing-controldataset.md): This table represents the Route 53 Recovery Control Routing Control resource from Amazon Web Services. - [Route 53 Recovery Readiness Cell](awsroute53-recovery-readiness-celldataset.md): This table represents the Route 53 Recovery Readiness Cell resource from Amazon Web Services. - [Route 53 Recovery Readiness Readiness Check](awsroute53-recovery-readiness-readiness-checkdataset.md): This table represents the Route 53 Recovery Readiness Readiness Check resource from Amazon Web Services. - [Route 53 Recovery Readiness Recovery Group](awsroute53-recovery-readiness-recovery-groupdataset.md): This table represents the Route 53 Recovery Readiness Recovery Group resource from Amazon Web Services. - [Route 53 Recovery Readiness Resource Set](awsroute53-recovery-readiness-resource-setdataset.md): This table represents the Route 53 Recovery Readiness Resource Set resource from Amazon Web Services. - [Route\_53 Record Set](awsroute53-resource-record-setdataset.md): A Route 53 Record Set in AWS defines how domain names are translated into IP addresses or other DNS records. It speci... - [Amazon Route\_53 Profile](awsroute53profiles-profiledataset.md): Amazon Route 53 Profile is a configuration resource that defines and manages DNS profiles within Route 53. It allows ... - [Route 53 Profiles Profile Association](awsroute53profiles-profile-associationdataset.md): Associates a Route 53 Profiles profile with a specific AWS resource, such as a VPC. This enables the resource to use ... - [Route\_53 Resolver Firewall Config](awsroute53resolver-firewall-configdataset.md): Route 53 Resolver Firewall Config is an AWS resource that defines the default behavior of DNS firewall rules for VPCs... - [Route\_53 Resolver DNS Firewall Domain List](awsroute53resolver-firewall-domain-listdataset.md): A Route 53 Resolver DNS Firewall Domain List is a managed collection of domain names that you define to allow or bloc... - [Route 53 Resolver DNS Firewall Rule Group](awsroute53resolver-firewall-rule-groupdataset.md): Route 53 Resolver DNS Firewall Rule Group is an AWS resource that lets you organize and manage collections of DNS fir... - [Route\_53 Resolver DNS Firewall Rule Group Association](awsroute53resolver-firewall-rule-group-associationdataset.md): Route 53 Resolver DNS Firewall Rule Group Association is an AWS resource that links a DNS Firewall rule group to a sp... - [Route\_53 Resolver on Outposts Resolver](awsroute53resolver-outpost-resolverdataset.md): Route 53 Resolver on Outposts Resolver is an AWS resource that enables DNS query resolution within an Outpost environ... - [Route\_53 Resolver Config](awsroute53resolver-resolver-configdataset.md): Route 53 Resolver Config is an AWS resource that lets you manage how DNS queries are handled within your VPCs. It all... - [Route\_53 Resolver DNSSEC Configuration](awsroute53resolver-resolver-dnssec-configdataset.md): Route 53 Resolver DNSSEC Configuration is an AWS resource that lets you manage DNSSEC validation settings for your VP... - [Route\_53 Resolver Endpoint](awsroute53resolver-resolver-endpointdataset.md): Route 53 Resolver Endpoint is an AWS resource that enables hybrid cloud DNS resolution between on-premises networks a... - [Route\_53 Resolver Query Logging Configuration](awsroute53resolver-resolver-query-log-configdataset.md): Route 53 Resolver Query Logging Configuration in AWS allows you to capture and log DNS queries that originate from yo... - [Route\_53 Resolver Rule](awsroute53resolver-resolver-ruledataset.md): A Route 53 Resolver Rule in AWS defines how DNS queries are handled for a VPC. It allows you to forward DNS queries f... - [Route Table](awsroute-tabledataset.md): This table represents the Route Table resource from Amazon Web Services. - [CloudWatch RUM App Monitor](awsrum-app-monitordataset.md): CloudWatch RUM App Monitor is an AWS resource that collects and analyzes real user monitoring data from web applicati... - [S3 Access Grant](awss3-access-grantdataset.md): This table represents the S3 Access Grant resource from Amazon Web Services. - [S3 Access Point](awss3-access-pointdataset.md): This table represents the S3 Access Point resource from Amazon Web Services. - [S3 Account Public Access Block](awss3-account-public-access-blockdataset.md): This table represents the S3 Account Public Access Block resource from Amazon Web Services. - [S3 Bucket](awss3-bucketdataset.md): An S3 Bucket is a storage container in Amazon Web Services used to store and organize objects such as files, backups,... - [S3 Object Lambda Object Lambda Access Point](awss3-object-lambda-object-lambda-access-pointdataset.md): This table represents the S3 Object Lambda Object Lambda Access Point resource from Amazon Web Services. - [S3 Express One Zone Bucket](awss3express-bucketdataset.md): S3 Express One Zone Bucket is a high-performance Amazon S3 storage option designed for workloads that need very low l... - [S3 on Outposts Bucket](awss3outposts-bucketdataset.md): This table represents the S3 on Outposts Bucket resource from Amazon Web Services. - [S3 on Outposts Endpoint](awss3outposts-endpointdataset.md): S3 on Outposts Endpoint is a resource that provides a network connection point for accessing Amazon S3 storage on AWS... - [Outposts Outpost](awss3outposts-outpostdataset.md): Outposts Outpost is an AWS resource that represents a physical rack of AWS infrastructure deployed at a customer site... - [S3 Tables Table](awss3tables-tabledataset.md): This table represents the S3 Tables Table resource from Amazon Web Services. - [S3 Tables Table Bucket](awss3tables-table-bucketdataset.md): This table represents the S3 Tables Table Bucket resource from Amazon Web Services. - [SageMaker Action](awssagemaker-actiondataset.md): SageMaker Action in AWS represents a record of a specific step or event within a SageMaker workflow, such as model tr... - [SageMaker Algorithm](awssagemaker-algorithmdataset.md): SageMaker Algorithm in AWS represents a reusable machine learning algorithm that can be used to train models or perfo... - [SageMaker App](awssagemaker-appdataset.md): SageMaker App in AWS represents an interactive application instance within Amazon SageMaker, such as Jupyter notebook... - [SageMaker App Image Config](awssagemaker-app-image-configdataset.md): SageMaker App Image Config is an AWS resource that defines configuration settings for custom container images used in... - [SageMaker Artifact](awssagemaker-artifactdataset.md): SageMaker Artifact in AWS represents metadata and lineage information about machine learning artifacts, such as datas... - [SageMaker AutoML Job](awssagemaker-automl-jobdataset.md): This table represents the SageMaker AutoML Job resource from Amazon Web Services. - [SageMaker AutoML Job](awssagemaker-automljobdataset.md): This table represents the SageMaker AutoML Job resource from Amazon Web Services. - [SageMaker Hub](awssagemaker-aws-hubdataset.md): SageMaker Hub in AWS is a centralized repository for managing and sharing machine learning resources such as models, ... - [SageMaker Hub Content](awssagemaker-aws-hub-contentdataset.md): SageMaker Hub Content in AWS represents information about machine learning resources shared through SageMaker Hub. It... - [SageMaker Cluster](awssagemaker-clusterdataset.md): SageMaker Cluster in AWS is a managed resource that provides a group of compute instances for running machine learnin... - [SageMaker Cluster Scheduler Config](awssagemaker-cluster-scheduler-configdataset.md): SageMaker Cluster Scheduler Config in AWS provides details about the scheduling configuration for a SageMaker cluster... - [SageMaker Code Repository](awssagemaker-code-repositorydataset.md): SageMaker Code Repository in AWS is a managed integration that connects Amazon SageMaker with source code repositorie... - [SageMaker Compilation Job](awssagemaker-compilation-jobdataset.md): An AWS SageMaker Compilation Job optimizes trained machine learning models for deployment on specific hardware target... - [SageMaker Compilation Job](awssagemaker-compilationjobdataset.md): This table represents the SageMaker Compilation Job resource from Amazon Web Services. - [SageMaker Compute Quota](awssagemaker-compute-quotadataset.md): SageMaker Compute Quota in AWS defines the limits on compute resources that can be used for SageMaker workloads, such... - [SageMaker Context](awssagemaker-contextdataset.md): SageMaker Context in AWS represents metadata that helps track and organize machine learning workflows. It captures in... - [SageMaker Data Quality Job Definition](awssagemaker-data-quality-job-definitiondataset.md): SageMaker Data Quality Job Definition in AWS defines the configuration for monitoring and evaluating the quality of d... - [SageMaker Domain](awssagemaker-domaindataset.md): SageMaker Domain in AWS represents a centralized environment for managing machine learning development within Amazon ... - [SageMaker Endpoint](awssagemaker-endpointdataset.md): An AWS SageMaker Endpoint is a fully managed service that hosts trained machine learning models for real-time inferen... - [SageMaker Endpoint Configuration](awssagemaker-endpoint-configdataset.md): An Amazon SageMaker Endpoint Configuration defines how a SageMaker endpoint will serve machine learning models. It sp... - [SageMaker Experiment](awssagemaker-experimentdataset.md): SageMaker Experiment in AWS is a resource that helps organize, track, and compare machine learning experiments. It al... - [SageMaker Experiment Trial](awssagemaker-experiment-trialdataset.md): This table represents the SageMaker Experiment Trial resource from Amazon Web Services. - [SageMaker Experiment Trial Component](awssagemaker-experiment-trial-componentdataset.md): This table represents the SageMaker Experiment Trial Component resource from Amazon Web Services. - [SageMaker Feature Group](awssagemaker-feature-groupdataset.md): SageMaker Feature Group is a managed resource in Amazon SageMaker that stores and manages machine learning features f... - [SageMaker Flow Definition](awssagemaker-flow-definitiondataset.md): SageMaker Flow Definition in AWS defines the configuration for human-in-the-loop workflows. It specifies how human re... - [SageMaker Hub](awssagemaker-hubdataset.md): SageMaker Hub in AWS is a centralized repository that allows organizations to discover, share, and manage machine lea... - [SageMaker Hub Content](awssagemaker-hub-contentdataset.md): SageMaker Hub Content in AWS represents information about machine learning resources shared through SageMaker Hub. It... - [SageMaker HumanTaskUi](awssagemaker-human-task-uidataset.md): SageMaker HumanTaskUi is an Amazon SageMaker resource that defines the user interface workers interact with when perf... - [SageMaker HyperParameter Tuning Job](awssagemaker-hyper-parameter-tuning-jobdataset.md): SageMaker HyperParameter Tuning Job is an AWS resource that automatically searches for the best set of hyperparameter... - [SageMaker Hyperparameter Tuning Job](awssagemaker-hyperparametertuningjobdataset.md): This table represents the SageMaker Hyperparameter Tuning Job resource from Amazon Web Services. - [SageMaker Image](awssagemaker-imagedataset.md): An AWS SageMaker Image is a custom container image that provides the runtime environment for machine learning tasks i... - [SageMaker Image Version](awssagemaker-image-versiondataset.md): SageMaker Image Version in AWS represents a specific version of a SageMaker Image, which is a container image used to... - [SageMaker Inference Component](awssagemaker-inference-componentdataset.md): SageMaker Inference Component is an AWS resource that provides detailed information about a deployed inference compon... - [SageMaker Inference Experiment](awssagemaker-inference-experimentdataset.md): SageMaker Inference Experiment is an AWS resource that allows you to compare the performance of different machine lea... - [SageMaker Inference Recommender Job](awssagemaker-inference-recommendations-jobdataset.md): SageMaker Inference Recommender Job is an AWS resource that helps optimize machine learning model deployment by autom... - [SageMaker Inference Recommendation Job](awssagemaker-inferencerecommendationjobdataset.md): This table represents the SageMaker Inference Recommendation Job resource from Amazon Web Services. - [SageMaker Ground Truth Labeling Job](awssagemaker-labeling-jobdataset.md): SageMaker Ground Truth Labeling Job is an AWS resource that manages data labeling tasks for machine learning. It allo... - [SageMaker Labeling Job](awssagemaker-labelingjobdataset.md): This table represents the SageMaker Labeling Job resource from Amazon Web Services. - [SageMaker Lineage Group](awssagemaker-lineage-groupdataset.md): SageMaker Lineage Group is an Amazon SageMaker resource that organizes and tracks related machine learning entities s... - [SageMaker MLflow Tracking Server](awssagemaker-mlflow-tracking-serverdataset.md): The SageMaker MLflow Tracking Server is a managed service in AWS that integrates MLflow with Amazon SageMaker. It pro... - [SageMaker Model](awssagemaker-modeldataset.md): An AWS SageMaker Model is a containerized machine learning model that defines how inference should be run in SageMake... - [SageMaker Model Bias Job Definition](awssagemaker-model-bias-job-definitiondataset.md): An AWS SageMaker Model Bias Job Definition is a resource that specifies the configuration for running bias detection ... - [SageMaker Model Card](awssagemaker-model-carddataset.md): SageMaker Model Card is a resource in AWS that provides a standardized way to document machine learning models. It ca... - [SageMaker Model Explainability Job Definition](awssagemaker-model-explainability-job-definitiondataset.md): An AWS SageMaker Model Explainability Job Definition is a resource that specifies the configuration for running expla... - [SageMaker Model Package](awssagemaker-model-packagedataset.md): An AWS SageMaker Model Package is a container for machine learning models that includes model artifacts, inference co... - [SageMaker Model Package Group](awssagemaker-model-package-groupdataset.md): An Amazon SageMaker Model Package Group is a container for organizing and managing multiple versions of machine learn... - [SageMaker Model Quality Job Definition](awssagemaker-model-quality-job-definitiondataset.md): SageMaker Model Quality Job Definition in AWS defines the configuration for monitoring the quality of machine learnin... - [SageMaker Model Card](awssagemaker-modelcarddataset.md): This table represents the SageMaker Model Card resource from Amazon Web Services. - [SageMaker Model Card Export Job](awssagemaker-modelcard-export-jobdataset.md): This table represents the SageMaker Model Card Export Job resource from Amazon Web Services. - [SageMaker Model Card Export Job](awssagemaker-modelcardexportjobdataset.md): This table represents the SageMaker Model Card Export Job resource from Amazon Web Services. - [SageMaker Monitoring Schedule](awssagemaker-monitoring-scheduledataset.md): SageMaker Monitoring Schedule is an AWS resource that defines and manages recurring monitoring jobs for machine learn... - [SageMaker Notebook Instance](awssagemaker-notebook-instancedataset.md): An AWS SageMaker Notebook Instance is a fully managed machine learning compute instance running Jupyter notebooks. It... - [SageMaker Notebook Instance Lifecycle Configuration](awssagemaker-notebook-instance-lifecycle-configdataset.md): An Amazon SageMaker Notebook Instance Lifecycle Configuration lets you define shell scripts that run when a notebook ... - [SageMaker Hyperparameter Tuning Job](awssagemaker-optimization-jobdataset.md): SageMaker Hyperparameter Tuning Job is an AWS resource that automatically searches for the best set of hyperparameter... - [SageMaker Optimization Job](awssagemaker-optimizationjobdataset.md): This table represents the SageMaker Optimization Job resource from Amazon Web Services. - [SageMaker Partner App](awssagemaker-partner-appdataset.md): SageMaker Partner App in AWS represents an integration with third-party applications that extend Amazon SageMaker's m... - [SageMaker Pipeline](awssagemaker-pipelinedataset.md): SageMaker Pipeline is an AWS resource that enables the creation, automation, and management of machine learning workf... - [SageMaker Pipeline Execution](awssagemaker-pipeline-executiondataset.md): SageMaker Pipeline Execution in AWS represents the details of a specific run of a SageMaker pipeline. It provides inf... - [SageMaker Pipeline Execution](awssagemaker-pipelineexecutiondataset.md): This table represents the SageMaker Pipeline Execution resource from Amazon Web Services. - [SageMaker Processing Job](awssagemaker-processing-jobdataset.md): An AWS SageMaker Processing Job is a managed resource that lets you run data processing and model evaluation workload... - [SageMaker Processing Job](awssagemaker-processingjobdataset.md): This table represents the SageMaker Processing Job resource from Amazon Web Services. - [SageMaker Project](awssagemaker-projectdataset.md): SageMaker Project in AWS is a managed resource that helps set up and organize machine learning initiatives by providi... - [SageMaker Space](awssagemaker-spacedataset.md): SageMaker Space is a managed, collaborative environment in Amazon SageMaker that provides users with a pre-configured... - [SageMaker Studio Lifecycle Configuration](awssagemaker-studio-lifecycle-configdataset.md): SageMaker Studio Lifecycle Configuration in AWS defines custom scripts that run automatically when a SageMaker Studio... - [SageMaker Training Job](awssagemaker-training-jobdataset.md): An AWS SageMaker Training Job is a managed resource that runs machine learning model training on specified datasets u... - [SageMaker Training Plan](awssagemaker-training-plandataset.md): SageMaker Training Plan in AWS represents a summary of a scheduled or defined training job configuration within Amazo... - [SageMaker Training Job](awssagemaker-trainingjobdataset.md): This table represents the SageMaker Training Job resource from Amazon Web Services. - [SageMaker User Profile](awssagemaker-user-profiledataset.md): SageMaker User Profile is a resource in Amazon SageMaker that represents an individual user's settings and configurat... - [SageMaker Workforce](awssagemaker-workforcedataset.md): SageMaker Workforce in AWS is a managed resource that defines a group of human labelers who can perform data labeling... - [SageMaker Workteam](awssagemaker-workteamdataset.md): SageMaker Workteam is an Amazon SageMaker resource that defines a group of people who can perform data labeling tasks... - [Savings Plan](awssavings-plandataset.md): This table represents the Savings Plan resource from Amazon Web Services. - [Savings Plan Rate](awssavings-plan-ratedataset.md): This table represents the Savings Plan Rate resource from Amazon Web Services. - [EventBridge Scheduler Group](awsscheduler-groupdataset.md): This table represents the EventBridge Scheduler Group resource from Amazon Web Services. - [EventBridge Scheduler Schedule](awsscheduler-scheduledataset.md): EventBridge Scheduler Schedule in AWS allows you to define and manage time-based schedules that trigger actions or wo... - [Schema](awsschemas-aws-schemadataset.md): Schema in AWS refers to the structure definition used within AWS EventBridge Schemas. It describes the format, proper... - [Schemas Discoverer](awsschemas-discovererdataset.md): Schemas Discoverer in AWS is a resource within the EventBridge Schemas service that helps automatically detect and ca... - [EventBridge Schema Registry](awsschemas-registrydataset.md): EventBridge Schema Registry in AWS is a managed repository that stores and organizes event schemas used in EventBridg... - [EventBridge Schema](awsschemas-schemadataset.md): EventBridge Schema in AWS defines the structure of events used within Amazon EventBridge. It provides a formal descri... - [Secrets Manager Secret](awssecretsmanager-secretdataset.md): An AWS Secrets Manager Secret is a secure resource used to store, manage, and retrieve sensitive information such as ... - [Security Group](awssecurity-groupdataset.md): This table represents the Security Group resource from Amazon Web Services. - [Security Group Rule](awssecurity-group-ruledataset.md): This table represents the Security Group Rule resource from Amazon Web Services. - [Security Hub Automation Rule](awssecurityhub-automation-ruledataset.md): This table represents the Security Hub Automation Rule resource from Amazon Web Services. - [Security Hub Configuration Policy](awssecurityhub-configuration-policydataset.md): Security Hub Configuration Policy in AWS defines the settings and controls applied to an account or organization with... - [Security Hub Finding Aggregator](awssecurityhub-finding-aggregatordataset.md): Security Hub Finding Aggregator in AWS collects and centralizes security findings from multiple regions into a single... - [Security Hub Hub](awssecurityhub-hubdataset.md): Security Hub Hub in AWS provides details about the current Security Hub configuration for an account. It returns info... - [Security Hub Product](awssecurityhub-productdataset.md): Security Hub Product in AWS represents an external or integrated security service that sends findings into AWS Securi... - [Security Lake Data Lake](awssecuritylake-data-lakedataset.md): This table represents the Security Lake Data Lake resource from Amazon Web Services. - [Security Lake Subscriber](awssecuritylake-subscriberdataset.md): This table represents the Security Lake Subscriber resource from Amazon Web Services. - [Serverlessrepo Applications](awsserverlessrepo-applicationsdataset.md): This table represents the serverlessrepo_applications resource from Amazon Web Services. - [Service Quotas Service Quota](awsservice-quotas-service-quotadataset.md): This table represents the Service Quotas Service Quota resource from Amazon Web Services. - [Service Catalog Application](awsservicecatalog-applicationdataset.md): Service Catalog Application in AWS AppRegistry represents a registered application that helps organize and manage res... - [Service Catalog AppRegistry Attribute Group](awsservicecatalog-attribute-groupdataset.md): Service Catalog AppRegistry Attribute Group in AWS is a resource that lets you define and manage metadata for applica... - [Service Catalog Portfolio](awsservicecatalog-portfoliodataset.md): An AWS Service Catalog Portfolio is a collection of approved products that helps organizations manage and govern clou... - [Service Catalog Product](awsservicecatalog-productdataset.md): Service Catalog Product in AWS represents a managed product that can be created, described, and provisioned through A... - [Cloud Map Namespace](awsservicediscovery-namespacedataset.md): Cloud Map Namespace in AWS is a logical container for service discovery resources. It defines a naming boundary where... - [Cloud Map Service](awsservicediscovery-servicedataset.md): Cloud Map Service in AWS Service Discovery lets you create and manage custom names for your application resources. It... - [Service Quotas Quota Change](awsservicequotas-quota-changedataset.md): This table represents the Service Quotas Quota Change resource from Amazon Web Services. - [Service Quotas Quota History](awsservicequotas-quota-historydataset.md): This table represents the Service Quotas Quota History resource from Amazon Web Services. - [SES Addon Instance](awsses-addon-instancedataset.md): This table represents the SES Addon Instance resource from Amazon Web Services. - [SES Addon Subscription](awsses-addon-subscriptiondataset.md): This table represents the SES Addon Subscription resource from Amazon Web Services. - [SES Address List](awsses-address-listdataset.md): This table represents the SES Address List resource from Amazon Web Services. - [SES Archive](awsses-archivedataset.md): This table represents the SES Archive resource from Amazon Web Services. - [SES Configuration Set](awsses-configuration-setdataset.md): An SES Configuration Set in AWS is a set of rules that you can apply to your Amazon Simple Email Service (SES) email ... - [SES Contact List](awsses-contact-listdataset.md): This table represents the SES Contact List resource from Amazon Web Services. - [SES Custom Verification Email Template](awsses-custom-verification-email-templatedataset.md): An SES Custom Verification Email Template in AWS is a reusable template that defines the content and layout of custom... - [SES Dedicated IP Pool](awsses-dedicated-ip-pooldataset.md): This table represents the SES Dedicated IP Pool resource from Amazon Web Services. - [SES Identity](awsses-identitydataset.md): SES Identity in AWS represents an email address or domain that you verify to use with Amazon Simple Email Service. It... - [SES Ingress Point](awsses-ingress-pointdataset.md): This table represents the SES Ingress Point resource from Amazon Web Services. - [SES Multi Region Endpoint](awsses-multi-region-endpointdataset.md): This table represents the SES Multi Region Endpoint resource from Amazon Web Services. - [SES Relay](awsses-relaydataset.md): This table represents the SES Relay resource from Amazon Web Services. - [SES Rule Set](awsses-rule-setdataset.md): This table represents the SES Rule Set resource from Amazon Web Services. - [SES Template](awsses-templatedataset.md): An SES Template in AWS Simple Email Service is a reusable email layout that defines the subject line, text body, and ... - [SES Traffic Policy](awsses-traffic-policydataset.md): This table represents the SES Traffic Policy resource from Amazon Web Services. - [Step Functions Activity](awssfn-activitydataset.md): This table represents the Step Functions Activity resource from Amazon Web Services. - [Step Functions Execution](awssfn-executiondataset.md): This table represents the Step Functions Execution resource from Amazon Web Services. - [Step Functions Maprun](awssfn-maprundataset.md): This table represents the Step Functions Maprun resource from Amazon Web Services. - [Step Functions State Machine Alias](awssfn-statemachinealiasdataset.md): This table represents the Step Functions State Machine Alias resource from Amazon Web Services. - [Shield Attack](awsshield-attackdataset.md): AWS Shield Attack represents details about a Distributed Denial of Service (DDoS) attack detected by AWS Shield. It p... - [Shield Protection](awsshield-protectiondataset.md): AWS Shield Protection is a resource that provides DDoS protection for AWS applications. It allows you to associate pr... - [Shield Protection Group](awsshield-protection-groupdataset.md): A Shield Protection Group in AWS Shield Advanced is a logical grouping of protected resources, such as CloudFront dis... - [Shield Protection Settings](awsshield-settingsdataset.md): Shield Protection Settings in AWS provide details about your AWS Shield Advanced subscription. It includes informatio... - [Signer Signing Profile](awssigner-signing-profiledataset.md): A Signer Signing Profile in AWS is a resource that defines the code signing configuration used to sign software artif... - [Pinpoint SMS and Voice Configuration Set](awssmsvoice-configuration-setdataset.md): A Pinpoint SMS and Voice Configuration Set in AWS is a collection of rules that define how messages are sent and trac... - [Pinpoint SMS and Voice Opt-Out List](awssmsvoice-opt-out-listdataset.md): The Pinpoint SMS and Voice Opt-Out List in AWS stores information about phone numbers that have opted out of receivin... - [Pinpoint SMS and Voice Phone Number](awssmsvoice-phone-numberdataset.md): An AWS Pinpoint SMS and Voice Phone Number represents a dedicated phone number that can be used to send SMS messages ... - [Pinpoint SMS and Voice Pool](awssmsvoice-pooldataset.md): An Amazon Pinpoint SMS and Voice Pool is a collection of phone numbers and sender IDs that can be managed together fo... - [Pinpoint SMS and Voice V2 Protect Configuration](awssmsvoice-protect-configurationdataset.md): Pinpoint SMS and Voice V2 Protect Configuration in AWS defines settings that help safeguard your messaging and voice ... - [Pinpoint SMS and Voice V2 Registration](awssmsvoice-registrationdataset.md): Pinpoint SMS and Voice V2 Registration in AWS represents the registration information required to use SMS and voice m... - [SMS/Voice Registration Attachment](awssmsvoice-registration-attachmentdataset.md): This table represents the SMS/Voice Registration Attachment resource from Amazon Web Services. - [Pinpoint SMS and Voice Sender ID](awssmsvoice-sender-iddataset.md): Pinpoint SMS and Voice Sender ID in AWS represents information about a sender ID used for sending SMS messages. A sen... - [Pinpoint SMS and Voice Verified Destination Number](awssmsvoice-verified-destination-numberdataset.md): A Pinpoint SMS and Voice Verified Destination Number in AWS represents a phone number that has been validated for use... - [Snowball Cluster](awssnowball-clusterdataset.md): Snowball Cluster is an AWS resource that represents a group of Snowball Edge devices working together to transfer or ... - [Snowball Job](awssnowball-jobdataset.md): Snowball Job in AWS refers to a data transfer task using the AWS Snowball service. It represents the process of movin... - [SNS Platform Application](awssns-platform-applicationdataset.md): An SNS Platform Application in AWS represents a mobile app that can send push notifications through Amazon Simple Not... - [SNS Topic](awssns-topicdataset.md): An SNS Topic in AWS is a communication channel that allows publishers to send messages to multiple subscribers at onc... - [SNS Topic Subscription](awssns-topic-subscriptiondataset.md): This table represents the SNS Topic Subscription resource from Amazon Web Services. - [Social Messaging Waba](awssocialmessaging-wabadataset.md): This table represents the Social Messaging Waba resource from Amazon Web Services. - [SQS Queue](awssqs-queuedataset.md): An SQS Queue in AWS is a fully managed message queuing service that enables decoupling and scaling of distributed sys... - [Systems Manager Association](awsssm-associationdataset.md): Systems Manager Association in AWS defines a configuration that automatically applies Systems Manager documents (SSM ... - [Systems Manager Automation Execution](awsssm-automation-executiondataset.md): Systems Manager Automation Execution in AWS represents the running instance of an automation workflow defined in Syst... - [Systems Manager Document](awsssm-documentdataset.md): AWS Systems Manager Document (SSM Document) defines actions that Systems Manager can perform on managed instances or ... - [Systems Manager Incidents Incident Record](awsssm-incidents-incident-recorddataset.md): This table represents the Systems Manager Incidents Incident Record resource from Amazon Web Services. - [Systems Manager Incidents Replication Set](awsssm-incidents-replication-setdataset.md): This table represents the Systems Manager Incidents Replication Set resource from Amazon Web Services. - [Systems Manager Incidents Response Plan](awsssm-incidents-response-plandataset.md): This table represents the Systems Manager Incidents Response Plan resource from Amazon Web Services. - [Systems Manager Managed Instance](awsssm-instancedataset.md): A Systems Manager Managed Instance in AWS represents an Amazon EC2 instance or on-premises server that has been confi... - [Systems Manager Maintenance Window](awsssm-maintenancewindowdataset.md): This table represents the Systems Manager Maintenance Window resource from Amazon Web Services. - [Systems Manager Ops Item](awsssm-opsitemdataset.md): This table represents the Systems Manager Ops Item resource from Amazon Web Services. - [Systems Manager Ops Metadata](awsssm-opsmetadatadataset.md): This table represents the Systems Manager Ops Metadata resource from Amazon Web Services. - [Systems Manager Parameter](awsssm-parameterdataset.md): Systems Manager Parameter in AWS is a resource that stores configuration data and secrets in a secure, hierarchical w... - [Systems Manager Patch Baseline](awsssm-patchbaselinedataset.md): This table represents the Systems Manager Patch Baseline resource from Amazon Web Services. - [Systems Manager Resource Data Sync](awsssm-resourcedatasyncdataset.md): This table represents the Systems Manager Resource Data Sync resource from Amazon Web Services. - [Systems Manager Service Setting](awsssm-service-settingdataset.md): Systems Manager Service Setting is an AWS resource that lets you configure global settings for AWS Systems Manager. T... - [Systems Manager Service Setting](awsssm-servicesettingdataset.md): This table represents the Systems Manager Service Setting resource from Amazon Web Services. - [Systems Manager Session](awsssm-sessiondataset.md): AWS Systems Manager Session provides a secure, interactive shell or remote desktop connection to your Amazon EC2 inst... - [Systems Manager Window Target](awsssm-windowtargetdataset.md): This table represents the Systems Manager Window Target resource from Amazon Web Services. - [Systems Manager Window Task](awsssm-windowtaskdataset.md): This table represents the Systems Manager Window Task resource from Amazon Web Services. - [IAM Identity Center Application](awssso-applicationdataset.md): IAM Identity Center Application in AWS represents an application that can be integrated with AWS IAM Identity Center ... - [IAM Identity Center Application Provider](awssso-application-providerdataset.md): IAM Identity Center Application Provider in AWS represents an external application that can be integrated with AWS IA... - [IAM Identity Center Instance](awssso-instancedataset.md): IAM Identity Center Instance in AWS represents a dedicated configuration of AWS IAM Identity Center (formerly AWS SSO... - [SSO Permission Set](awssso-permission-setdataset.md): An AWS SSO Permission Set is a collection of policies that define a set of permissions for users and groups when acce... - [Trusted Token Issuer](awssso-trusted-token-issuerdataset.md): Trusted Token Issuer in AWS SSO is a resource that represents an external identity provider trusted by AWS IAM Identi... - [Step Function](awsstep-functiondataset.md): This table represents the Step Function resource from Amazon Web Services. - [Storage Gateway Cache Report](awsstoragegateway-cache-reportdataset.md): Provides details about the cache status of an AWS Storage Gateway. The Cache Report includes information such as the ... - [Storage Gateway Device](awsstoragegateway-devicedataset.md): This table represents the Storage Gateway Device resource from Amazon Web Services. - [Storage Gateway Fs Association](awsstoragegateway-fs-associationdataset.md): This table represents the Storage Gateway Fs Association resource from Amazon Web Services. - [Storage Gateway Gateway](awsstoragegateway-gatewaydataset.md): This table represents the Storage Gateway Gateway resource from Amazon Web Services. - [Storage Gateway NFS File Share](awsstoragegateway-nfs-filesharedataset.md): This table represents the Storage Gateway NFS File Share resource from Amazon Web Services. - [Storage Gateway Smb File Share](awsstoragegateway-smb-filesharedataset.md): This table represents the Storage Gateway Smb File Share resource from Amazon Web Services. - [Storage Gateway Virtual Tape](awsstoragegateway-tapedataset.md): AWS Storage Gateway Virtual Tape is a cloud-based storage resource that emulates physical tape libraries, enabling yo... - [Storage Gateway Tape Pool](awsstoragegateway-tapepooldataset.md): This table represents the Storage Gateway Tape Pool resource from Amazon Web Services. - [Storage Gateway Volume](awsstoragegateway-volumedataset.md): Storage Gateway Volume in AWS represents a virtual storage volume managed through the AWS Storage Gateway service. It... - [Subnet](awssubnetdataset.md): This table represents the Subnet resource from Amazon Web Services. - [CloudWatch Synthetics Canary](awssynthetics-canarydataset.md): CloudWatch Synthetics Canary is an AWS resource that lets you create configurable scripts, called canaries, to monito... - [CloudWatch Synthetics Group](awssynthetics-groupdataset.md): CloudWatch Synthetics Group is a resource in AWS that represents a collection of canaries, which are configurable scr... - [Textract Adapter](awstextract-adapterdataset.md): Textract Adapter in AWS is part of the Amazon Textract service, which extracts text, forms, and tables from documents... - [Textract Adapter Version](awstextract-adapter-versiondataset.md): Textract Adapter Version in AWS represents the response structure for retrieving details about a specific adapter ver... - [Timestream Scheduled Query](awstimestream-scheduled-querydataset.md): This table represents the Timestream Scheduled Query resource from Amazon Web Services. - [Timestream Table](awstimestream-tabledataset.md): This table represents the Timestream Table resource from Amazon Web Services. - [Transcribe Call Analytics Category](awstranscribe-call-analytics-categorydataset.md): This table represents the Transcribe Call Analytics Category resource from Amazon Web Services. - [Transcribe Call Analytics Job](awstranscribe-call-analytics-jobdataset.md): Transcribe Call Analytics Job in AWS is a resource that provides details about an analytics job run by Amazon Transcr... - [Transcribe Language Model](awstranscribe-language-modeldataset.md): A Transcribe Language Model in AWS is a custom language model resource used with Amazon Transcribe. It allows you to ... - [Transcribe Medical Scribe Job](awstranscribe-medical-scribe-jobdataset.md): Transcribe Medical Scribe Job in AWS is a resource that provides details about a medical transcription job created th... - [Transcribe Medical Transcription Job](awstranscribe-medical-transcription-jobdataset.md): Transcribe Medical Transcription Job in AWS provides details about a medical transcription job created with Amazon Tr... - [Transcribe Medical Vocabulary](awstranscribe-medical-vocabularydataset.md): Transcribe Medical Vocabulary in AWS allows you to manage custom medical vocabularies used with Amazon Transcribe Med... - [Transcribe Transcription Job](awstranscribe-transcription-jobdataset.md): Transcribe Transcription Job in AWS is a resource that represents the output of an Amazon Transcribe service request.... - [Custom Vocabulary](awstranscribe-vocabularydataset.md): Custom Vocabulary in AWS Transcribe allows you to define domain-specific terms, unique product names, or uncommon wor... - [Transcribe Vocabulary Filter](awstranscribe-vocabulary-filterdataset.md): Transcribe Vocabulary Filter in AWS is a custom word list used with Amazon Transcribe to filter or mask specific term... - [Transfer Family Agreement](awstransfer-agreementdataset.md): Transfer Family Agreement in AWS represents the configuration details of an agreement between trading partners for fi... - [Transfer Family Certificate](awstransfer-certificatedataset.md): Transfer Family Certificate in AWS is a resource used with AWS Transfer Family to manage and validate SSL/TLS certifi... - [Transfer Family Connector](awstransfer-connectordataset.md): AWS Transfer Family Connector is a resource that defines the connection details for integrating AWS Transfer Family w... - [Transfer Family Host Key](awstransfer-host-keydataset.md): Transfer Family Host Key in AWS is a resource used to manage SSH host keys for AWS Transfer Family servers. It allows... - [Transfer Family Profile](awstransfer-profiledataset.md): AWS Transfer Family Profile is a resource that defines user-specific settings for secure file transfers over protocol... - [Transfer Family Server](awstransfer-serverdataset.md): AWS Transfer Family Server is a managed service that enables secure file transfers directly into and out of Amazon S3... - [Transfer Family User](awstransfer-userdataset.md): Transfer Family User in AWS represents an individual user account within AWS Transfer Family, a fully managed service... - [Transfer Family Webapp](awstransfer-webappdataset.md): This table represents the Transfer Family Webapp resource from Amazon Web Services. - [Transfer Family Workflow](awstransfer-workflowdataset.md): AWS Transfer Family Workflow is a managed resource that defines and automates file transfer processes within AWS Tran... - [Transit Gateway](awstransit-gatewaydataset.md): This table represents the Transit Gateway resource from Amazon Web Services. - [Transit Gateway Attachment](awstransit-gateway-attachmentdataset.md): This table represents the Transit Gateway Attachment resource from Amazon Web Services. - [Transit Gateway Peering Attachment](awstransit-gateway-peering-attachmentdataset.md): This table represents the Transit Gateway Peering Attachment resource from Amazon Web Services. - [Transit Gateway Route Table](awstransit-gateway-route-tabledataset.md): This table represents the Transit Gateway Route Table resource from Amazon Web Services. - [Transit Gateway VPC Attachment](awstransit-gateway-vpc-attachmentdataset.md): This table represents the Transit Gateway VPC Attachment resource from Amazon Web Services. - [Translate Parallel Data](awstranslate-parallel-datadataset.md): Translate Parallel Data in AWS refers to a custom dataset used by Amazon Translate to improve translation quality for... - [Translate Terminology](awstranslate-terminologydataset.md): AWS Translate Terminology is a feature of Amazon Translate that allows you to manage and retrieve custom terminology ... - [Verified Permissions Identity Source Item](awsverifiedpermissions-identity-sourcedataset.md): Represents an identity source used in AWS Verified Permissions. It defines the connection between Verified Permission... - [Verified Permissions Policy Item](awsverifiedpermissions-policydataset.md): An AWS Verified Permissions Policy Item represents an individual policy statement within the Verified Permissions ser... - [Verified Permissions Policy Store](awsverifiedpermissions-policy-storedataset.md): Verified Permissions Policy Store in AWS is a managed resource that holds and organizes authorization policies for ap... - [Verified Permissions Policy Template Item](awsverifiedpermissions-policy-templatedataset.md): An AWS Verified Permissions Policy Template Item represents a reusable policy definition that defines access control ... - [Virtual Private Cloud](awsvpcdataset.md): This table represents the Virtual Private Cloud resource from Amazon Web Services. - [VPC Endpoint](awsvpc-endpointdataset.md): This table represents the VPC Endpoint resource from Amazon Web Services. - [VPC Endpoint Connection Notification](awsvpc-endpoint-connection-notificationdataset.md): This table represents the VPC Endpoint Connection Notification resource from Amazon Web Services. - [VPC Flow Log](awsvpc-flow-logdataset.md): This table represents the VPC Flow Log resource from Amazon Web Services. - [VPC Internet Gateway](awsvpc-internet-gatewaydataset.md): This table represents the VPC Internet Gateway resource from Amazon Web Services. - [VPC Lattice Access Log Subscription](awsvpc-lattice-access-log-subscriptiondataset.md): This table represents the VPC Lattice Access Log Subscription resource from Amazon Web Services. - [VPC Lattice Listener](awsvpc-lattice-listenerdataset.md): This table represents the VPC Lattice Listener resource from Amazon Web Services. - [VPC Lattice Resource Configuration](awsvpc-lattice-resource-configurationdataset.md): This table represents the VPC Lattice Resource Configuration resource from Amazon Web Services. - [VPC Lattice Resource Endpoint Association](awsvpc-lattice-resource-endpoint-associationdataset.md): This table represents the VPC Lattice Resource Endpoint Association resource from Amazon Web Services. - [VPC Lattice Resource Gateway](awsvpc-lattice-resource-gatewaydataset.md): This table represents the VPC Lattice Resource Gateway resource from Amazon Web Services. - [VPC Lattice Rule](awsvpc-lattice-ruledataset.md): This table represents the VPC Lattice Rule resource from Amazon Web Services. - [VPC Lattice Service](awsvpc-lattice-servicedataset.md): This table represents the VPC Lattice Service resource from Amazon Web Services. - [VPC Lattice Service Network](awsvpc-lattice-service-networkdataset.md): This table represents the VPC Lattice Service Network resource from Amazon Web Services. - [VPC Lattice Service Network Resource Association](awsvpc-lattice-service-network-resource-associationdataset.md): This table represents the VPC Lattice Service Network Resource Association resource from Amazon Web Services. - [VPC Lattice Service Network Service Association](awsvpc-lattice-service-network-service-associationdataset.md): This table represents the VPC Lattice Service Network Service Association resource from Amazon Web Services. - [VPC Lattice Service Network VPC Association](awsvpc-lattice-service-network-vpc-associationdataset.md): This table represents the VPC Lattice Service Network VPC Association resource from Amazon Web Services. - [VPC Lattice Target Group](awsvpc-lattice-target-groupdataset.md): This table represents the VPC Lattice Target Group resource from Amazon Web Services. - [VPC NAT Gateway](awsvpc-nat-gatewaydataset.md): This table represents the VPC NAT Gateway resource from Amazon Web Services. - [VPC Peering Connection](awsvpc-peering-connectiondataset.md): This table represents the VPC Peering Connection resource from Amazon Web Services. - [VPN Connection](awsvpn-connectiondataset.md): This table represents the VPN Connection resource from Amazon Web Services. - [VPN Gateway](awsvpn-gatewaydataset.md): This table represents the VPN Gateway resource from Amazon Web Services. - [WAF ACL](awswaf-acldataset.md): This table represents the WAF ACL resource from Amazon Web Services. - [WAF Rule](awswaf-ruledataset.md): An AWS WAF Rule defines a set of conditions used to inspect and control web requests based on criteria such as IP add... - [WAF Rule Group](awswaf-rule-groupdataset.md): An AWS WAF Rule Group is a reusable collection of predefined rules that help control and filter web requests based on... - [Web Application Firewall V2 ACL](awswafv2-acldataset.md): This table represents the Web Application Firewall V2 ACL resource from Amazon Web Services. - [WAFV2 Ip Set](awswafv2-ip-setdataset.md): This table represents the WAFV2 Ip Set resource from Amazon Web Services. - [WAF Regex Pattern Set](awswafv2-regex-pattern-setdataset.md): An AWS WAF Regex Pattern Set is a reusable collection of regular expression patterns that you can reference in WAF ru... - [WAF Rule Group](awswafv2-rule-groupdataset.md): An AWS WAF Rule Group is a reusable collection of rules that define conditions to allow, block, or count web requests... - [AWS Well-Architected Lens](awswellarchitected-lensdataset.md): AWS Well-Architected Lens is a framework component that helps evaluate and improve cloud workloads based on AWS best ... - [AWS Well-Architected Profile](awswellarchitected-profiledataset.md): Provides details about an AWS Well-Architected Profile, which contains information on best practice guidance, review ... - [AWS Well-Architected Review Template](awswellarchitected-review-templatedataset.md): Provides details about an AWS Well-Architected Review Template, including its structure, metadata, and configuration.... - [AWS Well-Architected Workload](awswellarchitected-workloaddataset.md): AWS Well-Architected Workload represents a workload reviewed under the AWS Well-Architected Framework. It contains in... - [Amazon Connect Wisdom Assistant](awswisdom-assistantdataset.md): Amazon Connect Wisdom Assistant is a resource that represents an AI-powered assistant within Amazon Connect Wisdom. I... - [Amazon Connect Wisdom Assistant Association](awswisdom-assistant-associationdataset.md): Amazon Connect Wisdom Assistant Association links a Wisdom assistant with another resource, such as a contact center ... - [Amazon Connect Wisdom Content](awswisdom-contentdataset.md): Amazon Connect Wisdom Content represents a knowledge item within Amazon Connect Wisdom, which helps contact center ag... - [Amazon Connect Wisdom Knowledge Base](awswisdom-knowledge-basedataset.md): Amazon Connect Wisdom Knowledge Base is a managed knowledge repository that helps contact center agents quickly find ... - [Amazon Connect Wisdom Quick Response](awswisdom-quick-responsedataset.md): Amazon Connect Wisdom Quick Response provides a summary of predefined quick responses used in Amazon Connect Wisdom. ... - [WorkMail Organization](awsworkmail-organizationdataset.md): WorkMail Organization in AWS represents a managed email and calendaring service for businesses. It provides secure, e... - [WorkSpaces Bundle](awsworkspaces-amazon-bundledataset.md): An AWS WorkSpaces Bundle is a predefined package of compute resources, storage, and software configurations used to c... - [Workspaces Application](awsworkspaces-applicationdataset.md): This table represents the workspaces_application resource from Amazon Web Services. - [WorkSpaces Bundle](awsworkspaces-bundledataset.md): An AWS WorkSpaces Bundle is a predefined package of compute resources, storage, and software configurations used to c... - [WorkSpaces Connection Alias](awsworkspaces-connection-aliasdataset.md): A WorkSpaces Connection Alias in AWS is a unique identifier that allows you to create a seamless, user-friendly URL f... - [WorkSpaces Directory](awsworkspaces-directorydataset.md): WorkSpaces Directory in AWS is a registered directory that enables the use of Amazon WorkSpaces. It acts as the authe... - [WorkSpaces Image](awsworkspaces-imagedataset.md): An AWS WorkSpaces Image is a custom virtual desktop image that includes the operating system, applications, and setti... - [WorkSpaces IP Access Control Group](awsworkspaces-ip-groupdataset.md): An AWS WorkSpaces IP Access Control Group is a resource that lets you define and manage sets of trusted IP address ra... - [WorkSpaces Pool](awsworkspaces-pooldataset.md): WorkSpaces Pool in AWS is a resource that manages a collection of pre-provisioned WorkSpaces that can be quickly assi... - [Workspaces Web Browser Settings](awsworkspaces-web-browser-settingsdataset.md): This table represents the workspaces_web_browser_settings resource from Amazon Web Services. - [Workspaces Web Data Protection Settings](awsworkspaces-web-data-protection-settingsdataset.md): This table represents the workspaces_web_data_protection_settings resource from Amazon Web Services. - [Workspaces Web Identity Provider](awsworkspaces-web-identity-providerdataset.md): This table represents the workspaces_web_identity_provider resource from Amazon Web Services. - [Workspaces Web Ip Access Settings](awsworkspaces-web-ip-access-settingsdataset.md): This table represents the workspaces_web_ip_access_settings resource from Amazon Web Services. - [Workspaces Web Network Settings](awsworkspaces-web-network-settingsdataset.md): This table represents the workspaces_web_network_settings resource from Amazon Web Services. - [Workspaces Web Portal](awsworkspaces-web-portaldataset.md): This table represents the workspaces_web_portal resource from Amazon Web Services. - [Workspaces Web Trust Store](awsworkspaces-web-trust-storedataset.md): This table represents the workspaces_web_trust_store resource from Amazon Web Services. - [Workspaces Web User Access Logging Settings](awsworkspaces-web-user-access-logging-settingsdataset.md): This table represents the workspaces_web_user_access_logging_settings resource from Amazon Web Services. - [Workspaces Web User Settings](awsworkspaces-web-user-settingsdataset.md): This table represents the workspaces_web_user_settings resource from Amazon Web Services. - [WorkSpaces Workspace](awsworkspaces-workspacedataset.md): An AWS WorkSpaces Workspace is a managed, cloud-based virtual desktop that allows users to securely access applicatio... - [X-Ray Group](awsxray-groupdataset.md): An X-Ray Group in AWS is a logical grouping of traces that share specific criteria, such as a filter expression. It a... - [X-Ray Sampling Rule](awsxray-sampling-ruledataset.md): This table represents the X-Ray Sampling Rule resource from Amazon Web Services. - [Getting Started with Datadog](aws-account.md): **Type**:`STRING` - [Getting Started with Datadog](aws-acm.md): **Type**:`STRING` - [Getting Started with Datadog](aws-acmpca-certificateauthority.md): **Type**:`STRING` - [Getting Started with Datadog](aws-ami.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amp-rulegroupsnamespace.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amp-scraper.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amp-workspace.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-app.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-artifact.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-backend-environment.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-branch.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-domain-association.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-job.md): **Type**:`STRING` - [Getting Started with Datadog](aws-amplify-webhook.md): **Type**:`STRING` - [Getting Started with Datadog](aws-analyzer.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-account.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-api.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-apikey.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-authorizer.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-base-path-mapping.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-client-certificate.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-deployment.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-documentationpart.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-domain-name.md): **Type**:`STRING` - [Getting Started with Datadog](aws-apigateway-domainnameaccessassociation.md): **Type**:`STRING`**Provider name**:`accessAssociationSource`**Description**: The ARN of the domain name access asso... - [Getting Started with Datadog](aws-apigateway-gatewayresponse.md): **Type**:`STRING` - [AWS Configuration](aws-config.md): {% callout %} - [Install CloudPrem on AWS EKS](aws-eks.md): {% callout %} - [AWS Fargate Configuration Guide for Datadog Security](aws-fargate-config-guide.md): This guide walks you through configuring [Cloud Security](https://docs.datadoghq.com/security/cloud_security_manageme... - [Use the AWS Integration in Actions](aws-integration-2.md): {% callout %} - [AWS password policy with unchangeable passwords](aws-password-policy-with-unchangeable-passwords.md): {% callout %} - [Capture Requests and Responses From AWS Services](aws-payload-tagging.md): AWS Payload Extraction captures request and response data exchanged between your application and AWS services. This f... - [AWS CodePipeline Setup for CI Visibility](awscodepipeline.md): {% callout %} - [Avoid insecure HTTP requests with Axios](axios-avoid-insecure-http.md): {% callout %} - [Password policy should require at least 14 characters](ayr-n9s-q87.md): Password policies are employed to enforce password complexity requirements, ensuring passwords have a minimum length.... - [CloudTrail log file validation should be enabled](azr-i96-fmv.md): CloudTrail log file validation generates a digitally signed digest file containing a hash of each log that CloudTrail... - [Azure Accounts](azure-accounts.md): .openapi-spec-content img{max-width:100%}.openapi-spec-content h1 a:hover,.openapi-spec-content h2 a:hover{color:#000... - [Azure Configuration Guide for Cloud SIEM](azure-config-guide-for-cloud-siem.md): Cloud SIEM applies detection rules to all processed logs in Datadog to detect threats, like a targeted attack, a thre... - [Azure Integration](azure-integration.md): Configure your Datadog-Azure integration directly through the Datadog API. For more information, see the [Datadog-Azu... - [Connect to Datadog over Azure Private Link](azure-private-link.md): {% callout %} - [Azure Queue Component](azure-queue.md): You can use the Azure Queue component to represent and visualize queue storage from your Azure environment. - [Azure Table Component](azure-table.md): You can use the Azure Table component to represent and visualize NoSQL key-value stores from your Azure environment. - [Activity Log Alert](azureactivity-log-alertdataset.md): This table represents the Activity Log Alert resource from Microsoft Azure. - [Active Directory Administrative Unit](azuread-administrative-unitdataset.md): This table represents the Active Directory Administrative Unit resource from Microsoft Azure. - [Active Directory Application](azuread-applicationdataset.md): This table represents the Active Directory Application resource from Microsoft Azure. - [Active Directory Conditional Access Policy](azuread-conditional-access-policydataset.md): This table represents the Active Directory Conditional Access Policy resource from Microsoft Azure. - [Active Directory Device](azuread-devicedataset.md): This table represents the Active Directory Device resource from Microsoft Azure. - [Active Directory Device Registered Owner](azuread-device-registered-ownerdataset.md): This table represents the Active Directory Device Registered Owner resource from Microsoft Azure. - [Ad Domain](azuread-domaindataset.md): This table represents the ad_domain resource from Microsoft Azure. - [Active Directory Federated Identity Credential](azuread-federated-identity-credentialdataset.md): This table represents the Active Directory Federated Identity Credential resource from Microsoft Azure. - [Active Directory Group](azuread-groupdataset.md): This table represents the Active Directory Group resource from Microsoft Azure. - [Active Directory Internal Domain Federation](azuread-internal-domain-federationdataset.md): This table represents the Active Directory Internal Domain Federation resource from Microsoft Azure. - [Active Directory Named Location](azuread-named-locationdataset.md): This table represents the Active Directory Named Location resource from Microsoft Azure. - [Active Directory OAuth2 Permission Grant](azuread-oauth2-permission-grantdataset.md): This table represents the Active Directory OAuth2 Permission Grant resource from Microsoft Azure. - [Ad Privileged Access Group Assignment Schedule Instance](azuread-privileged-access-group-assignment-schedule-instancedataset.md): This table represents the ad_privileged_access_group_assignment_schedule_instance resource from Microsoft Azure. - [Ad Privileged Access Group Eligibility Schedule Instance](azuread-privileged-access-group-eligibility-schedule-instancedataset.md): This table represents the ad_privileged_access_group_eligibility_schedule_instance resource from Microsoft Azure. - [Active Directory Security Defaults Policy](azuread-security-defaults-policydataset.md): This table represents the Active Directory Security Defaults Policy resource from Microsoft Azure. - [Active Directory Service Principal](azuread-service-principaldataset.md): This table represents the Active Directory Service Principal resource from Microsoft Azure. - [Active Directory Unified Role Assignment Schedule Instance](azuread-unified-role-assignment-schedule-instancedataset.md): This table represents the Active Directory Unified Role Assignment Schedule Instance resource from Microsoft Azure. - [Active Directory Unified Role Definition](azuread-unified-role-definitiondataset.md): This table represents the Active Directory Unified Role Definition resource from Microsoft Azure. - [Active Directory Unified Role Eligibility Schedule Instance](azuread-unified-role-eligibility-schedule-instancedataset.md): This table represents the Active Directory Unified Role Eligibility Schedule Instance resource from Microsoft Azure. - [Active Directory User](azuread-userdataset.md): This table represents the Active Directory User resource from Microsoft Azure. - [Active Directory User Registration Detail](azuread-user-registration-detaildataset.md): This table represents the Active Directory User Registration Detail resource from Microsoft Azure. - [AKS Cluster](azureaks-clusterdataset.md): This table represents the AKS Cluster resource from Microsoft Azure. - [Api Management Service](azureapi-management-servicedataset.md): This table represents the api_management_service resource from Microsoft Azure. - [Api Management Service Api](azureapi-management-service-apidataset.md): This table represents the api_management_service_api resource from Microsoft Azure. - [Api Management Workspace](azureapi-management-workspacedataset.md): This table represents the api_management_workspace resource from Microsoft Azure. - [Api Management Workspace Backend](azureapi-management-workspace-backenddataset.md): This table represents the api_management_workspace_backend resource from Microsoft Azure. - [App Configuration Configuration Store](azureapp-configuration-configuration-storedataset.md): This table represents the app_configuration_configuration_store resource from Microsoft Azure. - [App Managed Environment](azureapp-managed-environmentdataset.md): This table represents the app_managed_environment resource from Microsoft Azure. - [App Service](azureapp-servicedataset.md): This table represents the App Service resource from Microsoft Azure. - [App Service Plan](azureapp-service-plandataset.md): This table represents the App Service Plan resource from Microsoft Azure. - [Application Insights Component](azureapplication-insights-componentdataset.md): This table represents the Application Insights Component resource from Microsoft Azure. - [Role Assignment Schedule Instance](azureauthorization-role-assignment-schedule-instancedataset.md): Role Assignment Schedule Instance in Azure represents a specific occurrence of a role assignment that is governed by ... - [Role Eligibility Schedule Instance](azureauthorization-role-eligibility-schedule-instancedataset.md): A Role Eligibility Schedule Instance in Azure represents a specific assignment that makes a user or service principal... - [Automation Account](azureautomation-accountdataset.md): An Azure Automation Account is a cloud resource that provides a central place to manage automation tasks such as proc... - [Azure Front Door Endpoint](azurecdn-afd-endpointdataset.md): Azure Front Door Endpoint is a globally distributed entry point for delivering web applications with high availabilit... - [CDN Profile](azurecdn-profiledataset.md): An Azure CDN Profile is a top-level resource that defines a content delivery network configuration. It acts as a cont... - [Cognitive Services Account](azurecognitive-services-accountdataset.md): This table represents the cognitive_services_account resource from Microsoft Azure. - [Container Apps](azurecontainer-appsdataset.md): This table represents the Container Apps resource from Microsoft Azure. - [Container Registry](azurecontainer-registrydataset.md): This table represents the Container Registry resource from Microsoft Azure. - [Azure Databricks Access Connector](azuredatabricks-access-connectordataset.md): Azure Databricks Access Connector is a managed identity resource that enables secure access from Azure Databricks to ... - [Azure Databricks Workspace](azuredatabricks-workspacedataset.md): Azure Databricks Workspace is an analytics and machine learning platform built on Apache Spark, fully managed within ... - [Diagnostic Setting](azurediagnostic-settingdataset.md): This table represents the Diagnostic Setting resource from Microsoft Azure. - [Cosmos Database Database Account](azuredocument-db-database-accountdataset.md): This table represents the Cosmos Database Database Account resource from Microsoft Azure. - [Cosmos Database Accounts Cassandra Cluster](azuredocument-db-database-accounts-cassandra-clusterdataset.md): This table represents the Cosmos Database Accounts Cassandra Cluster resource from Microsoft Azure. - [Cosmos Database Accounts Cassandra Keyspace](azuredocument-db-database-accounts-cassandra-keyspacedataset.md): This table represents the Cosmos Database Accounts Cassandra Keyspace resource from Microsoft Azure. - [Cosmos Database Accounts Cassandra Keyspace Table](azuredocument-db-database-accounts-cassandra-keyspace-tabledataset.md): This table represents the Cosmos Database Accounts Cassandra Keyspace Table resource from Microsoft Azure. - [Cosmos Database Accounts MongoDB Database](azuredocument-db-database-accounts-mongo-db-databasedataset.md): This table represents the Cosmos Database Accounts MongoDB Database resource from Microsoft Azure. - [Cosmos Database Accounts MongoDB Database](azuredocument-db-database-accounts-mongodb-databasedataset.md): This table represents the Cosmos Database Accounts MongoDB Database resource from Microsoft Azure. - [Cosmos Database Accounts MongoDB Database Collection](azuredocument-db-database-accounts-mongodb-database-collectiondataset.md): This table represents the Cosmos Database Accounts MongoDB Database Collection resource from Microsoft Azure. - [Cosmos Database Accounts Cloud SQL Database](azuredocument-db-database-accounts-sql-databasedataset.md): This table represents the Cosmos Database Accounts Cloud SQL Database resource from Microsoft Azure. - [Cosmos Database Accounts Table](azuredocument-db-database-accounts-tabledataset.md): This table represents the Cosmos Database Accounts Table resource from Microsoft Azure. - [Event Grid Domain](azureevent-grid-domaindataset.md): This table represents the event_grid_domain resource from Microsoft Azure. - [Event Grid Partner Configuration](azureevent-grid-partner-configurationdataset.md): This table represents the event_grid_partner_configuration resource from Microsoft Azure. - [Event Grid Partner Namespace](azureevent-grid-partner-namespacedataset.md): This table represents the event_grid_partner_namespace resource from Microsoft Azure. - [Event Grid Partner Registration](azureevent-grid-partner-registrationdataset.md): This table represents the event_grid_partner_registration resource from Microsoft Azure. - [Event Grid Partner Topic](azureevent-grid-partner-topicdataset.md): This table represents the event_grid_partner_topic resource from Microsoft Azure. - [Event Grid Topic](azureevent-grid-topicdataset.md): This table represents the event_grid_topic resource from Microsoft Azure. - [Function](azurefunctiondataset.md): This table represents the Function resource from Microsoft Azure. - [Hybrid Compute Machine](azurehybrid-compute-machinedataset.md): This table represents the hybrid_compute_machine resource from Microsoft Azure. - [Key Vault](azurekey-vaultdataset.md): This table represents the Key Vault resource from Microsoft Azure. - [Key Vault Key](azurekey-vault-keydataset.md): This table represents the Key Vault Key resource from Microsoft Azure. - [Key Vault Secret](azurekey-vault-secretdataset.md): This table represents the Key Vault Secret resource from Microsoft Azure. - [Load Balancer](azureload-balancerdataset.md): This table represents the Load Balancer resource from Microsoft Azure. - [Load Balancer Probe](azureload-balancer-probedataset.md): This table represents the Load Balancer Probe resource from Microsoft Azure. - [Log Analytics Storage Insight](azurelog-analytics-storage-insightdataset.md): This table represents the Log Analytics Storage Insight resource from Microsoft Azure. - [Log Analytics Workspace](azurelog-analytics-workspacedataset.md): This table represents the Log Analytics Workspace resource from Microsoft Azure. - [Log Analytics Workspaces](azurelog-analytics-workspacesdataset.md): This table represents the Log Analytics Workspaces resource from Microsoft Azure. - [Logic Apps Workflow](azurelogic-workflowdataset.md): Logic Apps Workflow in Azure is a serverless resource that enables you to automate workflows and integrate applicatio... - [Machine Learning Services Registry](azuremachine-learning-services-registrydataset.md): This table represents the machine_learning_services_registry resource from Microsoft Azure. - [Machine Learning Services Workspace](azuremachine-learning-services-workspacedataset.md): This table represents the machine_learning_services_workspace resource from Microsoft Azure. - [Machine Learning Services Workspace Compute](azuremachine-learning-services-workspace-computedataset.md): This table represents the machine_learning_services_workspace_compute resource from Microsoft Azure. - [Managed Disk](azuremanaged-diskdataset.md): This table represents the Managed Disk resource from Microsoft Azure. - [Management Group](azuremanagement-groupdataset.md): This table represents the management_group resource from Microsoft Azure. - [Management Group Descendant](azuremanagement-group-descendantdataset.md): This table represents the management_group_descendant resource from Microsoft Azure. - [Management Lock](azuremanagement-lockdataset.md): This table represents the management_lock resource from Microsoft Azure. - [Azure Integration Billing](azure.md): Datadog bills for all [Azure Virtual Machines being monitored in Datadog](https://app.datadoghq.com/account/settings#... - [MySQL Flexible Server](azuremysql-flexible-serverdataset.md): This table represents the MySQL Flexible Server resource from Microsoft Azure. - [MySQL Flexible Server Configuration](azuremysql-flexible-server-configurationdataset.md): This table represents the MySQL Flexible Server Configuration resource from Microsoft Azure. - [Azure Database for MySQL Server](azuremysql-serverdataset.md): Azure Database for MySQL Server is a fully managed relational database service based on the MySQL engine. It handles ... - [Application Gateway](azurenetwork-application-gatewaydataset.md): Application Gateway in Azure is a web traffic load balancer that manages and distributes incoming application traffic... - [Azure Bastion](azurenetwork-bastion-hostdataset.md): Azure Bastion is a fully managed service that provides secure and seamless RDP and SSH connectivity to virtual machin... - [Network Front Door](azurenetwork-front-doordataset.md): This table represents the Network Front Door resource from Microsoft Azure. - [Network Interface](azurenetwork-interfacedataset.md): A Network Interface in Azure is a networking resource that connects a virtual machine to a virtual network. It define... - [Private Endpoint](azurenetwork-private-endpointdataset.md): A Private Endpoint in Azure is a network interface that securely connects you to an Azure service using a private IP ... - [Public IP Address](azurenetwork-public-ip-addressdataset.md): A Public IP Address in Azure is a resource that allows Azure services, such as virtual machines, load balancers, or a... - [Route Table](azurenetwork-route-tabledataset.md): A Route Table in Azure is a networking resource that defines how traffic is directed within a virtual network. It con... - [Subnet](azurenetwork-subnetdataset.md): A Subnet in Azure is a logical subdivision of a virtual network that allows you to segment and organize resources wit... - [Network VNET](azurenetwork-vnetdataset.md): This table represents the Network VNET resource from Microsoft Azure. - [Network VNET Peering](azurenetwork-vnet-peeringdataset.md): This table represents the Network VNET Peering resource from Microsoft Azure. - [Network Watcher](azurenetwork-watcherdataset.md): This table represents the Network Watcher resource from Microsoft Azure. - [Policy Assignment](azurepolicy-assignmentdataset.md): This table represents the Policy Assignment resource from Microsoft Azure. - [PostgreSQL Firewall Rule](azurepostgresql-firewall-ruledataset.md): This table represents the PostgreSQL Firewall Rule resource from Microsoft Azure. - [PostgreSQL Flexible Server](azurepostgresql-flexible-serverdataset.md): This table represents the PostgreSQL Flexible Server resource from Microsoft Azure. - [Azure Database for PostgreSQL Server](azurepostgresql-serverdataset.md): Azure Database for PostgreSQL Server is a fully managed relational database service based on the open-source PostgreS... - [Recovery Services Vault](azurerecovery-services-vaultdataset.md): This table represents the Recovery Services Vault resource from Microsoft Azure. - [Azure Managed Redis](azureredisdataset.md): Azure Managed Redis is a fully managed in-memory data store based on the open-source Redis engine. It provides high-p... - [Resource Group](azureresource-groupdataset.md): This table represents the Resource Group resource from Microsoft Azure. - [Resource Tags](azureresource-tagsdataset.md): This table represents the Resource Tags resource from Microsoft Azure. - [Role Assignment](azurerole-assignmentdataset.md): This table represents the Role Assignment resource from Microsoft Azure. - [Role Definition](azurerole-definitiondataset.md): This table represents the Role Definition resource from Microsoft Azure. - [Security Center Auto Provisioning](azuresecurity-center-auto-provisioningdataset.md): This table represents the Security Center Auto Provisioning resource from Microsoft Azure. - [Security Contact](azuresecurity-contactdataset.md): Security Contact in Azure is a resource used to define security-related contact information for an Azure subscription... - [Security Group](azuresecurity-groupdataset.md): This table represents the Security Group resource from Microsoft Azure. - [Service Bus Namespace](azureservice-bus-namespacedataset.md): This table represents the service_bus_namespace resource from Microsoft Azure. - [Service Bus Namespace Queue](azureservice-bus-namespace-queuedataset.md): This table represents the service_bus_namespace_queue resource from Microsoft Azure. - [Service Bus Namespace Topic](azureservice-bus-namespace-topicdataset.md): This table represents the service_bus_namespace_topic resource from Microsoft Azure. - [Service Fabric Cluster](azureservice-fabric-clusterdataset.md): This table represents the service_fabric_cluster resource from Microsoft Azure. - [Service Fabric Managed Cluster](azureservice-fabric-managed-clusterdataset.md): This table represents the service_fabric_managed_cluster resource from Microsoft Azure. - [Signalr Service Signalr](azuresignalr-service-signalrdataset.md): This table represents the signalr_service_signalr resource from Microsoft Azure. - [SQL Firewall Rule](azuresql-firewall-ruledataset.md): This table represents the SQL Firewall Rule resource from Microsoft Azure. - [SQL Server](azuresql-serverdataset.md): This table represents the SQL Server resource from Microsoft Azure. - [SQL Server Database](azuresql-server-databasedataset.md): This table represents the SQL Server Database resource from Microsoft Azure. - [SQL Server Managed Instance](azuresql-server-managed-instancedataset.md): This table represents the SQL Server Managed Instance resource from Microsoft Azure. - [Stack Hci Cluster](azurestack-hci-clusterdataset.md): This table represents the stack_hci_cluster resource from Microsoft Azure. - [Stack Hci Cluster Security Setting](azurestack-hci-cluster-security-settingdataset.md): This table represents the stack_hci_cluster_security_setting resource from Microsoft Azure. - [Storage Account](azurestorage-accountdataset.md): This table represents the Storage Account resource from Microsoft Azure. - [Storage Account Queue Service](azurestorage-account-queue-servicedataset.md): This table represents the Storage Account Queue Service resource from Microsoft Azure. - [Storage Account Table Service](azurestorage-account-table-servicedataset.md): This table represents the Storage Account Table Service resource from Microsoft Azure. - [Storage Blob Container](azurestorage-blob-containerdataset.md): This table represents the Storage Blob Container resource from Microsoft Azure. - [Azure Subscription](azuresubscriptiondataset.md): An Azure Subscription is the fundamental unit for managing resources in Microsoft Azure. It defines a logical contain... - [Azure Synapse Analytics Workspace](azuresynapse-workspacedataset.md): Azure Synapse Analytics Workspace is a cloud-based analytics service that brings together big data and data warehousi... - [Synapse Workspace Azure Ad Only Authentication](azuresynapse-workspace-azure-ad-only-authenticationdataset.md): This table represents the synapse_workspace_azure_ad_only_authentication resource from Microsoft Azure. - [User Registration Details](azureuser-registration-detailsdataset.md): This table represents the user_registration_details resource from Microsoft Azure. - [Virtual Machine Instance](azurevirtual-machine-instancedataset.md): This table represents the Virtual Machine Instance resource from Microsoft Azure. - [Virtual Machine Scale Set](azurevirtual-machine-scale-setdataset.md): This table represents the virtual_machine_scale_set resource from Microsoft Azure. - [Virtual Network Gateway](azurevirtual-network-gatewaydataset.md): This table represents the Virtual Network Gateway resource from Microsoft Azure. - [Azure Active Directory authentication](azure-active-directory-authentication.md): {% callout %} - [Install CloudPrem on Azure AKS](azure-aks.md): {% callout %} - [Azure App Service client certificate disabled](azure-app-service-client-certificate-disabled.md): {% callout %} - [Azure Cognitive Search public network access enabled](azure-cognitive-search-public-network-access-enabled.md): {% callout %} - [Azure Configuration](azure-config.md): {% callout %} - [Azure Container Registry with no locks](azure-container-registry-with-no-locks.md): {% callout %} - [Continuous Testing and Datadog CI Azure DevOps Extension](azure-devops-extension.md): With the [`SyntheticsRunTests`](https://github.com/DataDog/datadog-ci-azure-devops/tree/main/SyntheticsRunTestsTask) ... - [Azure Front Door WAF disabled](azure-front-door-waf-disabled.md): {% callout %} - [Azure instance using basic authentication](azure-instance-using-basic-authentication.md): {% callout %} - [Data Streams Monitoring for Azure Service Bus](azure-service-bus.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Inbound TCP NetBIOS access should be restricted](b03-c2d-8f9.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Jumpcloud admin login without MFA](b23-5ac-d0g.md): Classification:complianceTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-vali... - [Google Workspace accessed by Google](b2e-a9g-30x.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [OneLogin user granted administrative privileges](b2t-p3g-d09.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Elasticsearch clusters should use the latest engine version](b48-4xm-roq.md): Upgrade your Amazon Elasticsearch Service (ES) engine to the latest version. By doing so, you ensure your deployment ... - [Google Cloud IAM policy modified](b58-97e-9f1.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [The API server should validate the service account token in etcd](b5g-dpn-b7g.md): Classification:complianceFramework:cis-kubernetesControl:1.2.27 - [Redshift clusters should use the EC2-VPC platform for better security](b7c-ce0-a71.md): Confirm [Redshift Clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html) are using th... - [S3 bucket objects should not allow public listing via ACL](b7j-x9u-a9c.md): Modify your bucket ACL to remove public`READ`access. - [Inbound HTTP access should be restricted](b88-9f6-aa5.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [The etcd service should be configured with TLS encryption](b8a-e8g-h6k.md): Classification:complianceFramework:cis-kubernetesControl:2.1 - [Backend Error Tracking](backend.md): {% image - [Workload Protection Linux Events Formats](backend-linux.md): Workload Protection events for Linux systems have the following JSON schema: - [Workload Protection Windows Events Formats](backend-windows.md): Workload Protection events for Windows have the following JSON schema: - [Bad hexadecimal concatenation](bad-hexa-concatenation.md): {% callout %} - [Bad nil guard](bad-nil-guard.md): {% callout %} - [Bad null guards can cause null pointer dereferences](bad-null-guard.md): {% callout %} - [Avoid @ts- comments](ban-ts-comment.md): {% callout %} - [Avoid using TSLint comments](ban-tslint-comment.md): {% callout %} - [Avoid certain types](ban-types.md): {% callout %} - [The Docker server certificate file should be owned by root](bap-wei-4kf.md): Classification:complianceFramework:cis-dockerControl:3.11 - [Bar Chart Widget](bar-chart.md): {% image - [Enforces that base is object when using base.Equals](base-equals.md): {% callout %} - [Basic auth file is set](basic-auth-file-is-set.md): {% callout %} - [Bastion Component](bastion.md): You can use the Bastion component to represent and visualize bastion servers from your Azure environment. - [Batch job definition with privileged container properties](batch-job-definition-with-privileged-container-properties.md): {% callout %} - [Access keys should be rotated every 90 days or less](bcz-prk-dr6.md): Access keys consist of an access key ID and a secret access key, and they are used to sign programmatic requests made... - [Possible AWS EC2 privilege escalation via the modification of user data](bd9-8o0-553.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Secure transfer required should be enabled](bdn-uvn-jrd.md): The secure transfer option enhances the security of a storage account by only allowing requests to the storage accoun... - [New Public Repository Container Image detected in AWS ECR](bdv-1hj-qoq.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1525-implant-int... - [Beta Functions](beta.md): Beta functions are available by editing the query JSON directly. - [AWS CloudWatch log group deleted](bif-xha-5if.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [BigQuery Cost Allocation](bigquery.md): Datadog Cloud Cost Management (CCM) automatically allocates the costs of your Google BigQuery resources to individual... - [BigQuery dataset is public](bigquery-dataset-is-public.md): {% callout %} - [BigQuery table is public](bigquery-table-is-public.md): {% callout %} - [Billing and invoices](billing-and-invoices.md): As an Account Owner, you can make changes to your subscription and payment methods at any time. - [Billing](billing.md): The billing cycle begins the first of the month (UTC) regardless of when you sign up. Your first month is prorated ba... - [Bind address not properly set](bind-address-not-properly-set.md): {% callout %} - [Continuous Testing and Bitrise](bitrise-run.md): With the`synthetics-test-automation-bitrise-step-run-tests`step, you can run Synthetic tests during your Bitrise CI... - [Continuous Testing and Bitrise](bitrise-upload.md): With the`synthetics-test-automation-bitrise-step-upload-application`step, you can upload a new version of your appl... - [Bits AI](bits-ai.md): {% callout %} - [Bits AI Dev Agent](bits-ai-dev-agent.md): {% callout %} - [Bits AI Kubernetes Remediation](bits-ai-kubernetes-remediation.md): Bits AI Kubernetes Remediation analyzes and fixes Kubernetes errors in your infrastructure. - [Bits AI SRE](bits-ai-sre.md): {% callout %} - [Enforces an int operand on bitwise and shift operations](bitwise-right-operand-int.md): {% callout %} - [Kubelet authentication should require certificate-based authentication](bk7-jyi-j6m.md): Classification:complianceFramework:cis-kubernetesControl:1.2.5 - [Block Blob Component](block-blob.md): You can use the Block Blob component to represent and visualize block blobs from your Azure environment. - [Enforce block comment alignment](block-comment-formatting.md): {% callout %} - [Block Component](block.md): The Block is the most basic of the available components. Along with Images and Icons, it can be used to represent clo... - [Blowfish should use a large key](blowfish-short-key.md): {% callout %} - [Blueprints](blueprints.md): .openapi-spec-content img{max-width:100%}.openapi-spec-content h1 a:hover,.openapi-spec-content h2 a:hover{color:#000... - [Functions returning boolean should not use prefix get](boolean-get-function-name.md): {% callout %} - [Avoid prefix boolean returning method with `get`](boolean-get-method-name.md): {% callout %} - [Consistent naming for boolean props](boolean-prop-naming.md): {% callout %} - [>-](bos-b0c-7lw.md): To ensure sufficient data retention, it is recommended to set the retention period for your Network Security Group Fl... - [Check that boxed types are not null](boxed-types-null.md): {% callout %} - [Enforce brace spacing for lambdas](brace-spacing.md): {% callout %} - [Browser Error Tracking](browser.md): [Error Tracking](https://docs.datadoghq.com/error_tracking/) processes errors collected from the browser by the Brows... - [Getting Started with Browser Tests](browser-test.md): [Browser tests](https://docs.datadoghq.com/synthetics/browser_tests/) are scenarios that Datadog executes on your web... - [Budgets](budgets.md): Set up budgets and enable engineering teams to visualize how they are tracking against budgets. - [Build Datadog Agent image](build-container-agent.md): Follow the instructions below to build the Datadog Docker Agent image for a given``Agent version (ab... - [Build your Datadog installation](build.md): After you plan your Datadog installation design and best practices, concentrate on the construction of Datadog itself... - [Build an Integration with Datadog](build-integration.md): This page walks Technology Partners through the specific steps to create and submit an integration or Marketplace off... - [Buildkite Setup for CI Visibility](buildkite.md): {% callout %} - [Business Intelligence Integrations](business-intelligence.md): Datadog Data Observability connects directly to your business intelligence tools to help you understand how your data... - [The kubelet.conf file should have permissions of 644 or stricter](bxn-fac-3nh.md): Classification:complianceFramework:cis-kubernetesControl:4.1.5 - [The container's root filesystem should be set to read-only](byb-wyq-f3q.md): Classification:complianceFramework:cis-dockerControl:5.12 - [Bring Your Own Threat Intelligence](byoti-guide.md): Datadog Security supports enriching and searching [traces](https://app.datadoghq.com/security/appsec/traces) with [th... - [Use bytes.Equal instead of bytes.Compare](bytes-compare-equal.md): {% callout %} - [Use bytes.ReplaceAll instead of bytes.Replace](bytes-replaceall.md): {% callout %} - [Do not use bytes.SplitN or bytes.SplitAfterN with limit < 0](bytes-splitn.md): {% callout %} - [>-](bz1-7ay-vqj.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1613-container-and... - [Access denied for Google Cloud Service Account](c13-d72-723.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [Google Cloud Service Account key created](c17-28f-69c.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Google Cloud Service Account created](c19-1d0-3b1.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [Container violated compliance standards](c6a-b25-2e9.md): Detect when a container is not running within compliance standards. - [Amazon S3 bucket policy modified](c70-8d3-554.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [Processes in containers should have isolated Process ID (PID) namespaces](c9n-kkx-t3p.md): Classification:complianceFramework:cis-dockerControl:5.15 - [Kubernetes Service Account Created in Kube Namespace](ca4-360-b9c.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [Redshift clusters should be encrypted](ca8-9ec-a27.md): Ensure that AWS RedShift clusters are encrypted. - [CA certificate identifier is outdated](ca-certificate-identifier-is-outdated.md): {% callout %} - [Cache for Redis Component](cache-for-redis.md): You can use the Cache for Redis component to represent and visualize the Redis caches from your Azure environment. - [DORA Metrics Calculation](calculation.md): {% callout %} - [Consider calling super in constructor](call-super-in-constructor.md): {% callout %} - [Calling on Datadog's API with the Webhooks Integration](calling-on-datadog-s-api-with-the-webhooks-integration.md): You can use the [Webhooks integration](https://docs.datadoghq.com/integrations/webhooks/) to trigger webhooks from Da... - [Can I set up the dd-agent mysql check on my Google CloudSQL?](can-i-set-up-the-dd-agent-mysql-check-on-my-google-cloudsql.md): Much like the "Native" [Amazon RDS Integration](https://docs.datadoghq.com/integrations/amazon_rds/) with MySQL, you ... - [Cancel your Cloudcraft (Standalone) Subscription](cancel-subscription.md): Canceling your Cloudcraft (Standalone) subscription can be done from inside the Cloudcraft application. - [Capturing Handled Errors In Error Tracking](capturing-handled-errors.md): Datadog tracing libraries can automatically report handled errors. The errors are attached through span events to the... - [Case Management Attribute](case-management-attribute.md): View and configure custom attributes within Case Management. See the [Case Management page](https://docs.datadoghq.co... - [Case Management Type](case-management-type.md): View and configure case types within Case Management. See the [Case Management page](https://docs.datadoghq.com/servi... - [Case Management](case-management.md): View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/... - [Prefer case over if-elsif](case-vs-if-elsif.md): {% callout %} - [Integrate Case Management with Error Tracking](case-management-2.md): {% callout %} - [Cases Projects](cases-projects.md): title: Cases Projects - [Cases](cases.md): title: Cases - [Prevent catching NullReference](catch-nullreference.md): {% callout %} - [Category Processor](category-processor.md): Use the category processor to add a new attribute (without spaces or special characters in the new attribute name) to... - [Azure Frontdoor WAF Logged a Request](cb9-5d2-43b.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [AWS security group created, modified or deleted](cca-fc9-b0e.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Cloud Cost Management](ccm.md): {% callout %} - [Beta - CDB instance internet service enabled](cdb-instance-internet-service-enabled.md): {% callout %} - [Beta - CDB instance internet using default intranet port](cdb-instance-using-default-intranet-port.md): {% callout %} - [Beta - CDB instance without backup policy](cdb-instance-without-backup-policy.md): {% callout %} - [CDN configuration is missing](cdn-configuration-is-missing.md): {% callout %} - [Inbound Telnet access should be restricted](ce6-3tg-khk.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Certificate has expired](certificate-has-expired.md): {% callout %} - [Certificate RSA key bytes lower than 256](certificate-rsa-key-bytes-lower-than-256.md): {% callout %} - [AWS CloudTrail configuration modified](cf4-844-4a0.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Outbound access on all ports should be restricted](cfd-f0b-f05.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Use SHELL to change the default shell](change-default-shell.md): {% callout %} - [Change Widget](change.md): The Change graph shows you the change in a metric over a period of time. It compares the absolute or relative (%) cha... - [Change Failure Detection](change-failure-detection.md): {% callout %} - [Change Overlays](change-overlays.md): As teams iterate, deploy code, and make changes to their applications and services, identifying the exact change that... - [Change Tracking](change-tracking.md): {% callout %} - [Changing Your Container Registry](changing-container-registry.md): Datadog publishes container images in Google's gcr.io, Azure ACR, AWS' ECR, and on Docker Hub: - [Chat with Bits AI SRE](chat-bits-ai-sre.md): {% callout %} - [Chat with Bits AI](chat-with-bits-ai.md): {% callout %} - [Check to prevent a length less than 0](check-len.md): {% callout %} - [Do not bypass certificates validation](check-server-ssl-sertificates.md): {% callout %} - [Integration Assets Reference](check-references.md): This page walks you through the files that you need to populate in order to create an offering on the [**Integrations... - [Check Status Widget](check-status.md): Service checks monitor the up or down status of a specific service. Alerts are triggered when the monitoring Agent fa... - [Chef](chef.md): The Datadog Chef cookbook automates the installation and configuration of the Datadog Agent across supported Linux an... - [File permissions](chmod-permissions.md): {% callout %} - [CI Visibility Pipelines](ci-visibility-pipelines.md): Search or aggregate your CI Visibility pipeline events and send them to your Datadog site over HTTP. See the [CI Pipe... - [CI Visibility Tests](ci-visibility-tests.md): Search or aggregate your CI Visibility test events over HTTP. See the [Test Visibility in Datadog page](https://docs.... - [CI Visibility Billing](ci-visibility.md): {% callout %} - [Continuous Testing and CI/CD](cicd-integrations.md): {% alert level="info" %} - [ECB mode is insecure](cipher-padding-oracle.md): {% callout %} - [Monitor CI Providers Deployments](ciproviders.md): {% callout %} - [CircleCI Setup for CI Visibility](circleci.md): {% callout %} - [Continuous Testing and CircleCI Orb](circleci-orb.md): Run Datadog Synthetic tests in your CircleCI pipelines using the Datadog CircleCI orb. - [Use instance_of? for class comparison](class-comparison.md): {% callout %} - [Check class definition language](class-definition.md): {% callout %} - [Class methods should use self as first argument](class-methods-use-self.md): {% callout %} - [Use self to define class methods](class-methods.md): {% callout %} - [Class name should be in CamelCase](class-name.md): {% callout %} - [Follow class naming conventions](class-naming-conventions.md): {% callout %} - [Class names should be upper camel case](class-naming.md): {% callout %} - [Warns on class private constructors that are dead code](class-no-private-constructors.md): {% callout %} - [Enforce comment placement in class parameter](class-parameter-comment.md): {% callout %} - [Classes with SOQL queries must specify sharing level](class-sharing-level.md): {% callout %} - [Beta - CLB instance log setting disabled](clb-instance-log-setting-disabled.md): {% callout %} - [Beta - CLB listener using insecure protocols](clb-listener-using-insecure-protocols.md): {% callout %} - [Client-Side Feature Flags](client.md): {% callout %} - [Client certificate authentication not set up properly](client-certificate-authentication-not-setup-properly.md): {% callout %} - [Closures should not have too many lines](closure-max-lines.md): {% callout %} - [Cloud Cost Management](cloud-cost-management.md): The Cloud Cost Management API allows you to set up, edit, and delete Cloud Cost Management accounts for AWS, Azure, a... - [Cloud Network Monitoring](cloud-network-monitoring.md): The Cloud Network Monitoring API allows you to fetch aggregated connections and DNS traffic with their attributes. Se... - [Setup App and API Protection on Google Cloud Run functions](cloud-run.md): {% callout %} - [Cloud Cost Management](cloud-cost-management-2.md): {% callout %} - [Cloud DNS without DNSSEC](cloud-dns-without-dnssec.md): {% callout %} - [Deploying Cloud Security via Cloud Integrations](cloud-integrations.md): Use the following instructions to enable Misconfigurations and Identity Risks (CIEM) on AWS, Azure, and GCP. - [Cloud KMS key ring is anonymously or publicly accessible](cloud-kms-key-rings-are-public.md): {% callout %} - [Cloud-based Authentication](cloud-provider-authentication.md): {% callout %} - [Cloud Run service is public](cloud-run-service-is-public.md): {% callout %} - [Cloud Security](cloud-security-management.md): {% callout %} - [Cloud SIEM](cloud-siem.md): {% callout %} - [Cloud Storage](cloud-storage.md): {% callout %} - [Cloud Storage is anonymous or publicly accessible](cloud-storage-anonymous-or-publicly-accessible.md): {% callout %} - [Cloud Storage bucket is publicly accessible](cloud-storage-bucket-is-publicly-accessible.md): {% callout %} - [Cloud Storage bucket logging not enabled](cloud-storage-bucket-logging-not-enabled.md): {% callout %} - [Cloud Storage bucket versioning disabled](cloud-storage-bucket-versioning-disabled.md): {% callout %} - [Can you give me a demo of the product?](cloudcraft-pro-demo.md): You can book an online demo with a member of the Cloudcraft team on the [Request a live demo page](https://www.cloudc... - [Cloudcraft (Standalone)](cloudcraft.md): [Cloudcraft is a diagramming tool for professionals](https://www.cloudcraft.co/) that manage cloud-based infrastructu... - [Cloudflare Integration](cloudflare-integration.md): Manage your Datadog Cloudflare integration directly through the Datadog API. See the [Cloudflare integration page](ht... - [CloudFormation metadata contains plaintext credentials](cloudformation-specifying-credentials-not-safe.md): {% callout %} - [CloudFront Component](cloudfront.md): Use the CloudFront component to represent CloudFront from your Amazon Web Services architecture. - [CloudFront logging disabled](cloudfront-logging-disabled.md): {% callout %} - [CloudFront viewer protocol policy allows HTTP](cloudfront-viewer-protocol-policy-allows-http.md): {% callout %} - [CloudFront without minimum protocol TLS 1.2](cloudfront-without-minimum-protocol-tls-12.md): {% callout %} - [CloudFront without WAF](cloudfront-without-waf.md): {% callout %} - [CloudPrem](cloudprem.md): {% callout %} - [CloudTrail log file validation disabled](cloudtrail-log-file-validation-disabled.md): {% callout %} - [CloudTrail log files not encrypted with KMS](cloudtrail-log-files-not-encrypted-with-kms.md): {% callout %} - [CloudTrail log files S3 bucket is publicly accessible](cloudtrail-log-files-s3-bucket-is-publicly-accessible.md): {% callout %} - [CloudTrail log files S3 bucket with logging disabled](cloudtrail-log-files-s3-bucket-with-logging-disabled.md): {% callout %} - [CloudTrail logging disabled](cloudtrail-logging-disabled.md): {% callout %} - [Setting up AWS CloudTrail Logs for Cloud Security](cloudtrail-logs.md): Set up AWS CloudTrail Logs to get the most out of [Cloud Security Identity Risks](https://docs.datadoghq.com/security... - [CloudTrail multi-region disabled](cloudtrail-multi-region-disabled.md): {% callout %} - [CloudTrail not integrated with CloudWatch](cloudtrail-not-integrated-with-cloudwatch.md): {% callout %} - [CloudTrail SNS topic name undefined](cloudtrail-sns-topic-name-undefined.md): {% callout %} - [CloudWatch AWS Config configuration changes alarm missing](cloudwatch-aws-config-configuration-changes-alarm-missing.md): {% callout %} - [CloudWatch AWS organizations changes missing alarm](cloudwatch-aws-organizations-changes-missing-alarm.md): {% callout %} - [CloudWatch changes to NACL alarm missing](cloudwatch-changes-to-nacl-alarm-missing.md): {% callout %} - [Cloudwatch CloudTrail configuration changes alarm missing](cloudwatch-cloudtrail-configuration-changes-alarm-missing.md): {% callout %} - [>-](cloudwatch-disabling-or-scheduled-deletion-of-customer-created-cmk-alarm-missing.md): {% callout %} - [CloudWatch IAM policy changes alarm missing](cloudwatch-iam-policy-changes-alarm-missing.md): {% callout %} - [CloudWatch log group without KMS](cloudwatch-log-group-not-encrypted.md): {% callout %} - [CloudWatch logging disabled](cloudwatch-logging-disabled.md): {% callout %} - [CloudWatch logs destination with vulnerable policy](cloudwatch-logs-destination-with-vulnerable-policy.md): {% callout %} - [CloudWatch management console auth failed alarm missing](cloudwatch-management-console-auth-failed-alarm-missing.md): {% callout %} - [CloudWatch console sign-in without MFA alarm missing](cloudwatch-management-console-sign-in-without-mfa-alarm-missing.md): {% callout %} - [CloudWatch metrics disabled](cloudwatch-metrics-disabled.md): {% callout %} - [CloudWatch network gateways changes alarm missing](cloudwatch-network-gateways-changes-alarm-missing.md): {% callout %} - [CloudWatch root account use missing](cloudwatch-root-account-use-alarm-missing.md): {% callout %} - [CloudWatch route table changes alarm missing](cloudwatch-route-table-changes-alarm-missing.md): {% callout %} - [CloudWatch S3 policy change alarm missing](cloudwatch-s3-policy-change-alarm-missing.md): {% callout %} - [Cloudwatch security group changes alarm missing](cloudwatch-security-group-changes-alarm-missing.md): {% callout %} - [CloudWatch unauthorized access alarm missing](cloudwatch-unauthorized-access-defined-alarm-missing.md): {% callout %} - [CloudWatch VPC changes alarm missing](cloudwatch-vpc-changes-alarm-missing.md): {% callout %} - [CloudWatch without retention period specified](cloudwatch-without-retention-period-specified.md): {% callout %} - [Cluster Agent Troubleshooting](cluster-agent.md): This document contains troubleshooting information for the following components: - [Troubleshooting Cluster and Endpoint Checks](cluster-and-endpoint-checks.md): When leader election is enabled, only the leader serves cluster check configurations to the node-based Agents. If onl... - [Cluster admin rolebinding with superuser permissions](cluster-admin-role-binding-with-super-user-permissions.md): {% callout %} - [Cluster Agent for Kubernetes](cluster-agent-2.md): The Datadog Cluster Agent provides a streamlined, centralized approach to collecting cluster level monitoring data. B... - [Autoscaling with Cluster Agent Custom & External Metrics](cluster-agent-autoscaling-metrics.md): {% alert level="info" %} - [Disable the Datadog Admission Controller with the Cluster Agent](cluster-agent-disable-admission-controller.md): The Datadog Cluster Agent manages the Datadog Admission Controller by creating, updating, and deleting Admission Cont... - [Cluster allows unsafe sysctls](cluster-allows-unsafe-sysctls.md): {% callout %} - [Beta - check Databricks cluster AWS attribute best practices](cluster-aws-attributes.md): {% callout %} - [Beta - check Databricks cluster Azure attribute best practices](cluster-azure-attributes.md): {% callout %} - [Beta - check Databricks cluster GCP attribute best practices](cluster-gcp-attributes.md): {% callout %} - [Cluster labels disabled](cluster-labels-disabled.md): {% callout %} - [Cluster Sizing](cluster-sizing.md): {% callout %} - [Cluster Check Runners](clustercheckrunners.md): The Cluster Agent can dispatch out two types of checks: [endpoint checks](https://docs.datadoghq.com/agent/cluster_ag... - [Cluster Checks](clusterchecks.md): The Datadog Agent automatically discovers containers and creates check configurations by using the [Autodiscovery mec... - [Credential stuffing attack](clw-d08-ehj.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [CMK is unusable](cmk-is-unusable.md): {% callout %} - [CMK rotation disabled](cmk-rotation-disabled.md): {% callout %} - [CMK unencrypted storage](cmk-unencrypted-storage.md): {% callout %} - [CNI plugin does not support network policies](cni-plugin-does-not-support-network-policies.md): {% callout %} - [Code Changes Detection](code-changes-detection.md): {% callout %} - [Code Coverage](code-coverage.md): {% callout %} - [Code Origin for Spans](code-origin.md): Code Origin captures the exact locations in your codebase where APM spans are created. When enabled on a compatible s... - [Code Security](code-security.md): {% callout %} - [CodeBuild not encrypted](codebuild-not-encrypted.md): {% callout %} - [CodeBuild project encrypted with AWS managed key](codebuild-project-encrypted-with-aws-managed-key.md): {% callout %} - [Codefresh Setup for CI Visibility](codefresh.md): {% callout %} - [Cognito user pool without MFA](cognito-userpool-without-mfa.md): {% callout %} - [Collecting Browser Errors](collecting-browser-errors.md): Front-end errors are collected with Browser SDK. The error message and stack trace are included when available. - [Collection size should not always be true or false](collection-size.md): {% callout %} - [do not modify a dictionary while iterating on it](collection-while-iterating.md): {% callout %} - [Enforce consistent spacing around colon](colon-spacing.md): {% callout %} - [Avoid command injection](command-injection.md): {% callout %} - [Cluster Agent Commands and Options](commands.md): The available commands for the Datadog Cluster Agents are: - [Enforce proper spacing for declarations with comments](comment-declaration-spacing.md): {% callout %} - [TODO and FIXME comments must have ownership](comment-fixme-todo-ownership.md): {% callout %} - [Enforce line comment spacing](comment-spacing.md): {% callout %} - [Ensure comment wording is inclusive](comments.md): {% callout %} - [Commitment Programs](commitment-programs.md): {% alert level="info" %} - [Community](community.md): Datadog loves our awesome open source community! We wouldn't be able to do it without you. - [Use operators to compare values, not functions](comp-operator-not-function.md): {% callout %} - [Prevent identical comparison](compare-identical.md): {% callout %} - [Compare Profiles](compare-profiles.md): The Continuous Profiler can compare two profiles or profile aggregations with each other to help you identify code pe... - [Do not check address to nil](comparing-address-nil.md): {% callout %} - [in comparisons, variables must be left](comparison-constant-left.md): {% callout %} - [Do not compare with NaN](comparison-nan.md): {% callout %} - [Do not compare to true](comparison-true.md): {% callout %} - [Compatibility Requirements](compatibility.md): Choose your language to see the compatibility requirements and supported integrations for Datadog APM. - [Compatible semantic tags](compatible-semantic-tags.md): For compatible series of data, Datadog can map colors to meaning. When a compatible tag is detected, Datadog suggests... - [Return a Task and not `null`](completed-task-not-null.md): {% callout %} - [Manage Cloud Security Misconfigurations Compliance Rules](compliance-rules.md): Cloud Security Misconfigurations [out-of-the-box compliance rules](https://docs.datadoghq.com/security/default_rules/... - [AWS Components](components-aws.md): - [Region](https://docs.datadoghq.com/cloudcraft/components-aws/region) - [Components: Azure](components-azure.md): - [Virtual Machine](https://docs.datadoghq.com/cloudcraft/components-azure/virtual-machine) - [Components: Common](components-common.md): - [Block](https://docs.datadoghq.com/cloudcraft/components-common/block) - [Components](components.md): {% callout %} - [Compose and the Datadog Agent](compose-and-the-datadog-agent.md): [Compose](https://docs.docker.com/compose/overview) is a Docker tool that simplifies building applications on Docker ... - [Beta - Nifcloud computing has common private network](computing-instance-has-common-private.md): {% callout %} - [Beta - Nifcloud computing has public ingress security group rule](computing-instance-has-public-ingress-sgr.md): {% callout %} - [Beta - Nifcloud computing undefined security group to instance](computing-instance-security-group-undefined.md): {% callout %} - [Beta - Nifcloud computing undefined description to security group](computing-security-group-description-undefined.md): {% callout %} - [Beta - Nifcloud computing undefined description to security group rule](computing-security-group-rule-description-undefined.md): {% callout %} - [Avoid slow string concatenation](concat-strings.md): {% callout %} - [Use append to concatenate slices](concatenate-slices.md): {% callout %} - [Avoid conditions that are always true](condition-always-true.md): {% callout %} - [Wrap assignment in condition](condition-safe-alignment.md): {% callout %} - [If conditions should have different code blocks](condition-similar-block.md): {% callout %} - [Agent Runtime Configuration Management](config.md): If you are running Agent 6.19+/7.19+, you can dynamically change some settings at runtime without having to restart t... - [Configuration aggregator to all regions disabled](config-configuration-aggregator-to-all-regions-disabled.md): {% callout %} - [Config rule for encrypted volumes disabled](config-rule-for-encrypted-volumes-is-disabled.md): {% callout %} - [Config rule for encrypted volumes disabled](config-rule-for-encryption-volumes-disabled.md): {% callout %} - [Configuring Single Sign-On With SAML](configuration.md): This page covers how to enable single sign-on (SSO) with SAML in Datadog, as well as how enterprise customers can ena... - [Set Up Your Mobile Device for Datadog On-Call](configure-mobile-device-for-on-call.md): Being on-call requires reliable and timely notifications to ensure you can respond to incidents effectively. This gui... - [Configure integrations and settings](configure.md): {% callout %} - [Configure Apdex score by service](configure-an-apdex-for-your-traces-with-datadog-apm.md): [Apdex](https://www.apdex.org/) (Application Performance Index) is an open standard developed by an alliance of compa... - [Enable SDK-dependent products on Linux](configure-apm-features-linux.md): {% callout %} - [Data Security](configure-data-security.md): Datadog tracing libraries collect data from an instrumented application. That data is sent to Datadog as traces and i... - [Primary Operations in Services](configuring-primary-operation.md): APM services calculate trace metrics for errors, throughput, and latency. These are calculated based on resources tha... - [Confluent Cloud](confluent-cloud.md): Manage your Datadog Confluent Cloud integration accounts and account resources directly through the Datadog API. See ... - [Avoid negation in your ternary operation](confusing-ternary.md): {% callout %} - [Connect an Amazon EKS Cluster with Cloudcraft](connect-amazon-eks-cluster-with-cloudcraft.md): By scanning your Amazon EKS clusters, Cloudcraft allows you to generate system architecture diagrams to help visualiz... - [Connect an Azure AKS Cluster with Cloudcraft](connect-an-azure-aks-cluster-with-cloudcraft.md): By scanning your Azure AKS clusters, Cloudcraft allows you to generate system architecture diagrams to help visualize... - [Connect your AWS Account to Cloudcraft](connect-aws-account-with-cloudcraft.md): Connecting your AWS accounts to Cloudcraft allows you to visualize your infrastructure by reverse-engineering the liv... - [Connect your Azure Account with Cloudcraft](connect-azure-account-with-cloudcraft.md): This article walks you through connecting your Azure account to Cloudcraft. - [Correlate Database Monitoring and Traces](connect-dbm-and-apm.md): This guide assumes that you have configured [Database Monitoring](https://docs.datadoghq.com/database_monitoring/#get... - [Correlate Logs and Traces](connect-logs-and-traces.md): {% image - [Investigate Slow Traces or Endpoints](connect-traces-and-profiles.md): If your application is showing performance problems in production, integrating distributed tracing with code stack tr... - [Connection between CloudFront origin not encrypted](connection-between-cloudfront-origin-not-encrypted.md): {% callout %} - [APM Connection Errors](connection-errors.md): If the application with the tracing library cannot reach the Datadog Agent, look for connection errors in the [tracer... - [Connections](connections.md): {% callout %} - [Understanding Duplicate Colors in the Consistent Palette](consistent-color-palette.md): The **Consistent** color palette is designed to assign stable, repeatable colors to tag values, making it easier to c... - [Ensure correct usage of ConstantExpected](constant-expected.md): {% callout %} - [Container Discovery Management](container-discovery-management.md): By default, the Datadog Agent automatically discovers all containers available. This document describes how to restri... - [Container Images for Docker Environments](container-images-for-docker-environments.md): If you are using Docker, there are several container images available through GCR and ECR that you may want to use wi... - [Container Images](container-images.md): The Container Images API allows you to query Container Image data for your organization. See the [Container Images Vi... - [Container host PID is true](container-host-pid-is-true.md): {% callout %} - [Container Images Explorer](container-images-2.md): {% image - [Container is privileged](container-is-privileged.md): {% callout %} - [Container Registry repo is public](container-registry-repository-is-public.md): {% callout %} - [Container resources limits undefined](container-resources-limits-undefined.md): {% callout %} - [Container with unmasked /proc access](container-runs-unmasked.md): {% callout %} - [Containers with added capabilities](container-with-added-capabilities.md): {% callout %} - [Container Map](containermap.md): Like [Host Maps](https://docs.datadoghq.com/infrastructure/hostmap/), [Containers Maps](https://app.datadoghq.com/inf... - [Containers](containers.md): To maintain the health, performance, and security of your containerized environments, you can install the Datadog Age... - [Containers Explorer](containers-explorer.md): {% image - [Container with low UID](containers-run-with-low-uid.md): {% callout %} - [Container running as root](containers-running-as-root.md): {% callout %} - [Containers with added capabilities](containers-with-added-capabilities.md): {% callout %} - [Containers with sys admin capabilities](containers-with-sys-admin-capabilities.md): {% callout %} - [Use Contains for simple equality](contains-not-any.md): {% callout %} - [Content Anomaly](content-anomaly.md): Content anomaly detection analyzes incoming logs to identify and alert on anomalous log content. You can set anomaly ... - [Content Packs](content-packs.md): [Cloud SIEM Content Packs](https://app.datadoghq.com/security/siem/content-packs) provide out-of-the box content for ... - [Call the context cancellation function](context-cancelable.md): {% callout %} - [The Context should be the first argument in a function](context-first-argument.md): {% callout %} - [Context Links](context-links.md): Dashboards collect data from multiple sources and display this data as visualizations. - [Continuous Delivery Visibility](continuous-delivery.md): {% callout %} - [Continuous Integration Visibility](continuous-integration.md): {% callout %} - [Continuous Testing](continuous-testing.md): {% alert level="info" %} - [Enforce using control statement brackets](control-statement-braces.md): {% callout %} - [Kubernetes Control Plane Monitoring](control-plane.md): This section aims to document specificities and to provide good base configurations for monitoring the Kubernetes Con... - [Ensure cookies have the secure flag](cookie-http-only.md): {% callout %} - [Avoid potential cookie injections](cookie-injection.md): {% callout %} - [Ensure cookies have the secure flag](cookie-secure-flag.md): {% callout %} - [Session must be secure](cookie-secure.md): {% callout %} - [Cookies HTTP only](cookies-http-only.md): {% callout %} - [Cookies should not have a long expiration](cookies-persistence.md): {% callout %} - [Ensure cookies have the secure flag](cookies-secure-flag.md): {% callout %} - [COPY with more than 2 args must end with /](copy-end-slash.md): {% callout %} - [COPY cannot reference the FROM alias](copy-reference-from.md): {% callout %} - [Correlated Logs Are Not Showing Up In The Trace ID Panel](correlated-logs-not-showing-up-in-the-trace-id-panel.md): The [trace](https://docs.datadoghq.com/tracing/glossary/#trace) panel contains information about the trace, host, and... - [Correlation](correlation.md): {% callout %} - [Metric Correlations](correlations.md): {% alert level="info" %} - [COS node image not used](cos-node-image-not-used.md): {% callout %} - [CoScreen](coscreen.md): {% video - [Cosmos DB Component](cosmos-db.md): You can use the Cosmos DB component to represent and visualize serverless databases from your Azure environment. - [Cosmos DB account without tags](cosmos-db-account-without-tags.md): {% callout %} - [CosmosDB account IP range filter not set](cosmosdb-account-ip-range-filter-not-set.md): {% callout %} - [Cost Changes](cost-changes.md): Cloud Cost Management can help you proactively detect and respond to unexpected cost changes before they become signi... - [Cost Details](cost-details.md): Cost Summary and Cost Chargebacks help you understand your estimated month-to-date, projected end-of-month, and histo... - [Datadog CoTerm](coterm.md): Datadog CoTerm is a CLI utility that can record terminal sessions and add a layer of validation to your terminal comm... - [Count](count.md): | Function | Description | Example | - [Ensure code coverage exclusions are justified](coverage-justification.md): {% callout %} - [Coverage](coverage-map.md): Workload Protection [Coverage](https://app.datadoghq.com/security/workload-protection/inventory/coverage) provides a ... - [Tracing C++ Applications](cpp.md): {% alert level="danger" %} - [CPU limits not set](cpu-limits-not-set.md): {% callout %} - [CPU requests not set](cpu-requests-not-set.md): {% callout %} - [Crafting Better Diagrams: Cloudcraft''s Live Diagramming and Filtering](crafting-better-diagrams.md): Cloudcraft is a powerful tool for creating diagrams of your cloud infrastructure. With the New Live Experience featur... - [DatadogDashboard CRD](crd-dashboard.md): To deploy a Datadog dashboard, you can use the Datadog Operator and`DatadogDashboard`custom resource definition (CRD). - [DatadogMonitor CRD](crd-monitor.md): To deploy a Datadog monitor, you can use the Datadog Operator and`DatadogMonitor`custom resource definition (CRD). - [DatadogSLO CRD](crd-slo.md): To create a [Service Level Objective](https://docs.datadoghq.com/service_level_objectives/) (SLO), you can use the Da... - [Create a Cloud SIEM Detection Rule](create-a-cloud-siem-detection-rule.md): This guide provides steps for creating a Cloud SIEM detection rule and outlines best practices for rule configuration. - [Create an Integration Dashboard](create-an-integration-dashboard.md): This page provides steps for creating an out-of-the-box (OOTB) integration dashboard in Datadog and best practices to... - [Create a Monitor Template](create-an-integration-monitor-template.md): This page guides Technology Partners through creating and packaging monitor templates with their official Datadog int... - [Create a Strong Password and Protect Your Data](create-strong-password.md): Creating and maintaining strong, unique passwords, is a fundamental part of keeping your data safe anywhere on the in... - [Avoid create_with bypasses strong parameter protection](create-with.md): {% callout %} - [Create your first live cloud diagram](create-your-first-cloudcraft-diagram.md): Cloudcraft allows you to import your AWS and Azure cloud environments as *live diagrams*. By reverse-engineering the ... - [Create and Manage Datastores](create.md): {% callout %} - [Create a Case](create-case.md): {% callout %} - [Create a Custom Rule](create-rule.md) - [Creating a JMX integration](creating-a-jmx-integration.md): This guide describes the creation of a JMX integration using the [Developer Toolkit](https://github.com/DataDog/integ... - [Credit Card Billing](credit-card.md): Datadog accepts payment by credit card through the [Plan](https://app.datadoghq.com/account/billing) page. Administra... - [CronJob deadline not configured](cronjob-deadline-not-configured.md): {% callout %} - [Cross-account IAM assume role policy without external ID or MFA](cross-account-iam-assume-role-policy-without-external-id-or-mfa.md): {% callout %} - [Cross-org Paging](cross-org-paging.md): {% callout %} - [Cross-Organization Visibility](cross-org-visibility.md): Some companies rely on multiple Datadog [organizations](https://docs.datadoghq.com/account_management/multi_organizat... - [Cross-Organization Connections API](cross-org-visibility-api.md): {% callout %} - [Do not use weak crypto algorithm](crypto-algorithm.md): {% callout %} - [Avoid weak hash algorithm from CryptoJS](crypto-avoid-weak-hash.md): {% callout %} - [CS Kubernetes node pool auto repair disabled](cs-kubernetes-node-pool-auto-repair-disabled.md): {% callout %} - [Datadog CSI Driver](csi-driver.md): This page provides an overview of the Datadog CSI Driver and installation instructions on a Kubernetes cluster. - [CSM Agents](csm-agents.md): Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits acros... - [CSM Coverage Analysis](csm-coverage-analysis.md): Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits acros... - [CSM Threats](csm-threats.md): Workload Protection monitors file, network, and process activity across your environment to detect real-time threats ... - [SSRF attempts on routes executing network queries](csp-nc6-zb3.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Avoid DML statements in constructor](csrf-constructor.md): {% callout %} - [Migrating to New Plan & Usage CSV Headers the week of February 19, 2024](csv-headers-billing-migration.md): The headers for Plan & Usage Cost Chargebacks CSV files will be updated the week of February 19, 2024. The updates al... - [ensure that both __exit__ and __enter__ are defined](ctx-manager-enter-exit-defined.md): {% callout %} - [Verify certificates during SSL/TLS connections](curl-certificate-verification.md): {% callout %} - [Do not disable hostname validation](curl-hostname-verification.md): {% callout %} - [Use either wget or curl but not both](curl-or-wget.md): {% callout %} - [Ensure that SSL peers are verified](curl-verify-peer.md): {% callout %} - [Adding a Custom Python Package to the Agent](custom-python-package.md): {% tab title="Linux" %} - [Guidelines for Writing Custom Workload Protection Rules](custom-rules-guidelines.md): At some point, you may want to write your own [custom Workload Protection Agent rules](https://docs.datadoghq.com/sec... - [Send Custom Pipelines to Datadog](custom.md): {% callout %} - [Custom Allocation Rules](custom-allocation-rules.md): Custom allocation rules let you split and assign shared costs to any available tags, such as teams, projects, or envi... - [Custom Charts](custom-charts.md): {% callout %} - [Custom Checks](custom-check.md): To run a [custom check](https://docs.datadoghq.com/developers/custom_checks/), you can configure the`DatadogAgent`r... - [Custom Checks](custom-checks.md): Custom checks, also known as custom Agent checks, enable you to collect metrics and other data from your custom syste... - [Adding Custom Commands to Pipeline Traces](custom-commands.md): {% callout %} - [Custom Detection Rules](custom-detection-rules.md): Out-of-the-box detection rules help you cover the majority of threat scenarios, but you can also create custom detect... - [Create Custom Compliance Frameworks](custom-frameworks.md): With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom framew... - [Code-Based Custom Instrumentation](custom-instrumentation.md): Code-based custom instrumentation allows for precise monitoring of specific components in your application. It allows... - [Custom Organization Landing Page](custom-landing.md): The Datadog organization landing page is the first page your users see when they log on to Datadog or navigate to the... - [Custom Metrics Billing](custom-metrics.md): If a metric is not submitted from one of the [more than 1,000 Datadog integrations](https://docs.datadoghq.com/integr... - [Custom Recommendations](custom-recommendations.md): {% image - [Custom Detection Rules](custom-rules.md): {% callout %} - [Adding Custom Tags and Measures to Pipeline Traces](custom-tags-and-measures.md): {% callout %} - [Custom Time Frames](custom-time-frames.md): {% alert level="info" %} - [Customer Gateway Component](customer-gateway.md): Use the Customer Gateway component to represent the customer gateway device from your Amazon Web Services architecture. - [Customization](customization.md): Customize your Events Explorer to fit your visualization and analyzing needs. - [VPC endpoint should restrict public access](cut-36a-zvo.md): Harden your VPC endpoint by restricting AWS actions that can be invoked through it. - [Beta - CVM instance disable monitor service](cvm-instance-disable-monitor-service.md): {% callout %} - [Beta - CVM instance has public IP](cvm-instance-has-public-ip.md): {% callout %} - [Beta - CVM instance using default security group](cvm-instance-using-default-security-group.md): {% callout %} - [Beta - CVM instance using default VPC](cvm-instance-using-default-vpc.md): {% callout %} - [Beta - CVM instance using user data](cvm-instance-using-user-data.md): {% callout %} - [The /usr/sbin/runc executable should be audited, if applicable](cxn-x8g-aze.md): Classification:complianceFramework:cis-dockerControl:1.2.12 - [The API server should have a TLS connection setup](cyx-7ju-5rj.md): Classification:complianceFramework:cis-kubernetesControl:1.2.30 - [Systemd service modified](cz4-vmk-ju2.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1569-sy... - [Anomalous amount of Salesforce query results](cz6-1ud-98v.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [AWS Config modified](d17-702-f4a.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Google Cloud IAM role created](d24-0f0-62d.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](d5u-2ht-0v0.md): Create an activity log alert for the Create or Update Security Solution event. - [Vault root token](d6v-ktd-7pk.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Google Workspace Alert Center](d8d-awv-jsf.md): Classification:attack - [Inbound SMTP access should be restricted](d9b-0f7-0a9.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Dashboard Lists API (v1)](dashboard-lists-api-v1-doc.md): Interact with your dashboard lists through the API to make it easier to organize, find, and share all of your dashboa... - [Dashboard Lists](dashboard-lists.md): Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team... - [Dashboard is enabled](dashboard-is-enabled.md): {% callout %} - [Dashboards](dashboards.md): Dashboards provide real-time insights into the performance and health of systems and applications within an organizat... - [Datadog Data Collection and Resolution](data-collection-resolution.md): Find below a summary of Datadog data [collection](https://docs.datadoghq.com/glossary/#collection-interval) and [reso... - [Data Access Control](data-access.md): Your data in Datadog may contain sensitive data, and should be handled carefully. If you are ingesting sensitive data... - [DogStatsD Data Aggregation](data-aggregation.md): Datadog DogStatsD implements the StatsD protocol [with some differences](https://docs.datadoghq.com/developers/dogsta... - [Code Coverage Data Collected](data-collected.md): {% callout %} - [Data Directory](data-directory.md): Account\>Account Alias\>ACM PCA Certificate Authority\>Amazon AppFlow Connector\>Amazon AppFlow Flow\>Amazon CloudFro... - [Data Observability Overview](data-observability.md): Data Observability (DO) helps data teams improve the reliability of data for analytics and AI applications and optimi... - [Reducing Data Related Risks](data-security.md): {% alert level="info" %} - [Data Streams Monitoring](data-streams.md): {% callout %} - [Warehouse Integrations](data-warehouses.md): Datadog Data Observability connects directly to your cloud data warehouse to help monitor the health of your data. Wh... - [Database for MySQL Component](database-for-mysql.md): You can use the Database for MySQL component to represent and visualize MySQL databases from your Azure environment. - [Database for PostgreSQL Component](database-for-postgresql.md): You can use the Database for PostgreSQL component to represent and visualize PostgreSQL databases from your Azure env... - [Exploring Database Hosts](database-hosts.md): {% image - [Identifying Databases for Database Monitoring](database-identifier.md): Each database instance that Datadog monitors has a unique identifier. For Postgres, MySQL, SQL Server, and Oracle, us... - [Database Monitoring](database-monitoring.md): {% callout %} - [Enable Data Observability: Jobs Monitoring for Databricks](databricks.md): [Data Observability: Jobs Monitoring](https://docs.datadoghq.com/data_jobs) gives visibility into the performance and... - [Beta - Databricks cluster or job with none or insecure permissions](databricks-permissions.md): {% callout %} - [do not use special method on data class](dataclass-special-methods.md): {% callout %} - [Datadog Agent Manager for Windows](datadog-agent-manager-windows.md): The Datadog Agent Manager GUI is browser-based. The port the GUI runs on can be configured in your`datadog.yaml`fil... - [Datadog Integration](datadog-integration.md): The integration between Datadog and Cloudcraft provides users with a streamlined workflow for monitoring and visualiz... - [Access and Search CloudPrem logs](datadog-account.md): {% callout %} - [Send logs to CloudPrem with the Datadog Agent](datadog-agent.md): {% callout %} - [Set up Datadog Agent for OpenLineage Proxy](datadog-agent-for-openlineage.md): You can configure the Datadog Agent to act as a proxy for [OpenLineage events](https://openlineage.io/), forwarding t... - [Datadog Clipboard](datadog-clipboard.md): The Datadog Clipboard is a cross-platform tool for collecting and sharing signals across contexts. It is personal to ... - [Cloudcraft in Datadog](datadog-cloudcraft.md): {% callout %} - [Datadog Costs](datadog-costs.md): Daily Datadog costs give you visibility into daily Datadog spending across dashboards, notebooks, [cost monitors](htt... - [Datadog for Intune](datadog-for-intune.md): This guide provides step-by-step instructions to configure and deploy the Datadog for Intune mobile app within your o... - [Datadog Operator](datadog-operator.md): [Datadog Operator](http://github.com/DataDog/datadog-operator) is an open source [Kubernetes Operator](https://kubern... - [Migrating to version 1.0 of the Datadog Operator](datadogoperator-migration.md): {% alert level="danger" %} - [Datagram Format and Shell Usage](datagram-shell.md): This section specifies the raw datagram format for metrics, events, and service checks that DogStatsD accepts. The ra... - [Enable Data Observability: Jobs Monitoring for Spark on Google Cloud Dataproc](dataproc.md): [Data Observability: Jobs Monitoring](https://docs.datadoghq.com/data_jobs) gives visibility into the performance and... - [Dataproc clusters has public IPs](dataproc-cluster-has-public-ip.md): {% callout %} - [Dataproc clusters publicly accessible](dataproc-clusters-is-public.md): {% callout %} - [Datasets](datasets.md): Data Access Controls in Datadog is a feature that allows administrators and access managers to regulate access to sen... - [Datastores](datastores.md): {% callout %} - [Date Remapper](date-remapper.md): As Datadog receives dates, it timestamps them using the value(s) from any of these default attributes: - [DAX cluster not encrypted](dax-cluster-not-encrypted.md): {% callout %} - [Beta - Nifcloud RDB has backup retention less than 2 days](db-does-not-have-long-backup-retention.md): {% callout %} - [Beta - Nifcloud RDB has public DB access](db-has-public-access.md): {% callout %} - [Beta - Nifcloud RDB has common private network](db-instance-has-common-private.md): {% callout %} - [DB instance storage not encrypted](db-instance-storage-not-encrypted.md): {% callout %} - [Beta - Nifcloud RDB undefined description to DB security group](db-security-group-description-undefined.md): {% callout %} - [Beta - Nifcloud RDB has public DB ingress security group rule](db-security-group-has-public-ingress-sgr.md): {% callout %} - [DB security group has public interface](db-security-group-has-public-interface.md): {% callout %} - [DB security group open to large scope](db-security-group-open-to-large-scope.md): {% callout %} - [DB security group with public scope](db-security-group-with-public-scope.md): {% callout %} - [DB snapshot is public](db-snapshot-public.md): {% callout %} - [dbt](dbt.md): Datadog can access your dbt Cloud or dbt Core metadata to extract information about job runs, including run durations... - [User attempted login with leaked password](dc3-7b8-f07.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Google Cloud unauthorized user activity](dcf-339-120.md): Classification:complianceTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-vali... - [.NET Custom Instrumentation using the Datadog API](dd-api.md): {% alert level="info" %} - [Agent Hosts](ddagent-hostsdataset.md): The Agent Hosts table provides information about hosts where Datadog Agents are installed and actively collecting dat... - [APIs](ddapisdataset.md): This table contains APIs, which are interfaces exposed by services for internal or external communication. Populated ... - [Containers](ddcontainersdataset.md): The Containers table provides real-time visibility into all containers across your environment monitored by Datadog. ... - [Datadog Agent Integrations](dddatadog-agent-integrationsdataset.md): The Datadog Agent Integrations table provides information about integrations (checks) configured on Datadog Agents ac... - [Datadog Agents](dddatadog-agentsdataset.md): The Datadog Agents table provides comprehensive metadata about Datadog Agent installations and configurations across ... - [Datadog Operator](dddatadog-operatorsdataset.md): This dataset stores metadata information about Datadog Operator usage. The Datadog Operator is a Kubernetes operator ... - [Frontend Apps](ddfrontend-appsdataset.md): This table contains frontend applications, which are user-facing web, mobile, or desktop clients. Populated by [RUM](... - [Host GPU Agents](ddhost-gpu-agentsdataset.md): The Host GPU Agents table populates some of the Agent-related fields in the`Resource Catalog`product in DataDog. - [Hosts](ddhostsdataset.md): The Hosts table provides an inventory of hosts monitored by Datadog. It includes systems running the Datadog Agent an... - [Logs](ddlogsdataset.md): This dataset represents log events collected by Datadog Log Management. It provides access to application logs, infra... - [Network Devices](ddnetwork-devicesdataset.md): The Network Devices dataset provides metadata and status information about all network devices discovered and monitor... - [Product Analytics](ddproduct-analyticsdataset.md): This dataset represents Product Analytics data collected by Datadog, built on top of Real User Monitoring (RUM). Prod... - [Queues](ddqueuesdataset.md): This table contains queues, which are messaging components used for asynchronous communication. Populated by [APM](ht... - [RUM Events](ddrumdataset.md): This dataset represents Real User Monitoring (RUM) events collected by Datadog. It captures user sessions, page views... - [Security Inventory Libraries](ddsecurity-inventory-librariesdataset.md): Dataset representing **libraries** registered in the Datadog Security Inventory. Each record describes a software pac... - [Services](ddservicesdataset.md): This table contains backend services in your environment. Populated by [APM](https://docs.datadoghq.com/tracing/), [U... - [APM Spans](ddspansdataset.md): This dataset represents APM span data collected by Datadog Application Performance Monitoring. Spans represent indivi... - [Systems](ddsystemsdataset.md): This table contains systems, which are logical groupings of related services queues, and other components. Populated ... - [Add the Datadog Tracing Library](dd-libraries.md): To automatically instrument your application with Datadog libraries: - [Enabling the Native Profiler for Compiled Languages](ddprof.md): {% alert level="danger" %} - [DDSketch-based Metrics in APM](ddsketch-trace-metrics.md): Trace metrics are collected automatically for your services and resources and are retained for 15 months. The latency... - [DDSQL Editor](ddsql-editor.md): {% callout %} - [DDSQL Reference](ddsql-reference.md): Available for: - [Dead Letter Queues](dead-letter-queues.md): {% callout %} - [Avoid enabling debug mode in applications](debug-mode-on.md): {% callout %} - [Debug Mode](debug-mode.md): The Agent, by default, logs in`INFO`level. You can set the log level to`DEBUG`to get more information from your l... - [Check declaration names for wording issues](declarations.md): {% callout %} - [Declare an Incident](declare.md): In the Datadog paradigm, any of the following are appropriate situations for declaring an incident: - [Prevent decompression bomb](decompression-bomb.md): {% callout %} - [Fortinet Fortimanager successful brute force login](def-000-023.md): {% alert level="danger" %} - [>-](def-000-02e.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Step Functions state machines should have logging turned on](def-000-04d.md): This control checks whether logging is enabled for an AWS Step Functions state machine. If logging is not turned on, ... - [''Create or Update Security Solutions'' activity log alert should be configured](def-000-059.md): To improve the detection of suspicious activity and gain insights into changes made to security solutions, it is reco... - [Windows PowerShell Set-Acl on folder](def-000-062.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1222-file-an... - [Uninstall Samba Package](def-000-07a.md): The`samba`package can be removed with the following command: - [IAM policy changes should be monitored](def-000-07k.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Unfamiliar IAM user retrieved a decrypted AWS Systems Manager parameter](def-000-088.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [ElastiCache Redis replication groups should be encrypted at rest](def-000-08b.md): ElastiCache for Redis replication groups should be encrypted at rest - [Ensure that logging for Azure Key Vault is Enabled](def-000-08w.md): This rule checks if Azure Key Vault has a diagnostic setting enabled. Diagnostic settings allow you to send logs and ... - [Compute instances should only have internal IP addresses](def-000-08x.md): Compute instances should not be configured to have external IP addresses. - [Virtual Machines should utilize Azure Managed Disks](def-000-090.md): To optimize the configuration of your virtual machines, it is recommended to migrate blob-based VHDs to managed disks... - [Tailscale API access token created](def-000-09i.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Verify Group Who Owns cron.hourly](def-000-09m.md): To properly set the group owner of`/etc/cron.hourly`, run the command: - [Network Firewall policies should have at least one associated rule group](def-000-0an.md): This control verifies if a Network Firewall policy includes at least one stateful or stateless rule group. - [>-](def-000-0bg.md): To ensure the security of your AWS environment, you should centrally manage the root user credentials for all account... - [>-](def-000-0cb.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Zendesk account assumption is enabled](def-000-0dj.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Public endpoint exposes stack trace errors](def-000-0e1.md): This public API endpoint was found [exposing stack trace errors](https://app.datadoghq.com/security/appsec/vm/code?qu... - [S3 bucket policy should prevent public write access](def-000-0f1.md): Update your bucket policy as your Amazon S3 bucket is writeable by anyone. - [Bruteforce attack](def-000-0f4.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [API Gateway execution logging should be enabled for REST APIs](def-000-0fh.md): This control evaluates whether execution logging is enabled for all stages of an Amazon API Gateway REST API. The con... - [Ensure One Logging Service Is In Use](def-000-0fl.md): Ensure that a logging system is active and in use. - [Verify Permissions of Files in /var/log/sssd](def-000-0h2.md): To properly set the permissions of`/var/log/sssd/*`, run the command: - [Uninstall nftables package](def-000-0hk.md): nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frame... - [Azure AD possible MFA fatigue attack followed by successful login](def-000-0i4.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Microsoft Intune Enterprise MDM disabled for Slack](def-000-0k2.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [PAM authentication library hooked using eBPF](def-000-0kg.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1056-input... - [>-](def-000-0ld.md): AWS Database Migration Service (DMS) replication instances should be configured to use multiple Availability Zones (M... - [Restrict usage of ptrace to descendant processes](def-000-0mn.md): To set the runtime status of the`kernel.yama.ptrace_scope`kernel parameter, run the following command: - [Windows CrackMapExec execution patterns](def-000-0n1.md): {% alert level="danger" %} - [DNSFilter threat request allowed](def-000-0nh.md): {% alert level="danger" %} - [>-](def-000-0ow.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Zendesk user's suspension status is changed](def-000-0q9.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows active directory user assigned right to control user objects](def-000-0qd.md): {% alert level="danger" %} - [EKS Cluster Access Manager API should be enabled](def-000-0r1.md): Amazon EKS recommends using the Cluster Access Manager API for managing EKS cluster access, replacing the`aws-auth`... - [Unauthenticated route processes payments](def-000-0r8.md): Unauthenticated users have access to an API that's processing payments. Attackers can abuse this endpoint to perform ... - [Verify Group Who Owns /var/log/messages File](def-000-0rt.md): To properly set the group owner of`/var/log/messages`, run the command: - [AWS IAM role has administrative privileges](def-000-0ta.md): This rule ensures that none of your IAM roles have highly-privileged policies or administrative policies attached to ... - [Keeper activity observed from Tor client IP](def-000-0u9.md): {% alert level="danger" %} - [>-](def-000-0v4.md): The`log_error_verbosity`flag controls the verbosity/details of messages logged. Valid values are: - [Disable Accepting ICMP Redirects for All IPv4 Interfaces](def-000-0vc.md): To set the runtime status of the`net.ipv4.conf.all.accept_redirects`kernel parameter, run the following command: - [Verify Permissions on /var/log/wtmp(.*) Files](def-000-0vh.md): To properly set the permissions of`/var/log/(b|w)tmp(.*|-*)`, run the command: - [Suricata anomaly detected from source IP address](def-000-0w8.md): Classification:anomaly - [Azure user has dangerous key vault role](def-000-0wh.md): This rule detects Azure AD users with dangerous key vault roles. It specifically detects the assignment of Key Vault ... - [Uninstall mcstrans Package](def-000-0x2.md): The`mcstransd`daemon provides category label information to client processes requesting information. The label tran... - [IAM groups should have assigned permissions](def-000-0x9.md): IAM groups without permissions can lead to potential security risks and misconfigurations. Groups without assigned po... - [EBS volume snapshot should not be shared with external accounts](def-000-0xs.md): This rule evaluates whether Amazon Elastic Block Store (Amazon EBS) volume snapshots are shared with external AWS acc... - [Microsoft 365 Exchange inbox rule set up to automatically forward email](def-000-0z3.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1114-email-collec... - [Disabling or deletion of Customer-Managed Keys should be monitored](def-000-0zl.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [EKS clusters should have audit logs enabled](def-000-0zv.md): This control checks if an Amazon EKS cluster has audit logging enabled. It fails if the audit logging is not activate... - [Endpoint accepts unsigned JWT](def-000-0zy.md): This publicly exposed API endpoint accepts unsigned JWTs. The JWT specification allows for unsecured JWTs where the a... - [Disable Postfix Network Listening](def-000-107.md): Edit the file`/etc/postfix/main.cf`to ensure that only the following`inet_interfaces`line appears: - [Verify Permissions on /var/log/messages File](def-000-10n.md): To properly set the permissions of`/var/log/messages`, run the command: - [AWS IAM role has administrative privileges and is inactive](def-000-11s.md): If an IAM role is highly privileged or has administrative privileges and is inactive, this may indicate the role is n... - [EC2 launch templates should not configure network interfaces with public IPs](def-000-126.md): This rule evaluates whether Amazon EC2 launch templates are configured to avoid assigning public IP addresses to netw... - [Windows explorer executable modified](def-000-13p.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1036-masqueradin... - [>-](def-000-14d.md): Service Account keys consist of a key ID (private_key_id) and a private key. These keys are used to sign programmatic... - [Windows password protected ZIP file opened with suspicious email attachments](def-000-14w.md): {% alert level="danger" %} - [Ensure Log Files Are Owned By Appropriate User](def-000-15a.md): The owner of all log files written by`rsyslog`should be`root`. These log files are determined by the second part o... - [AWS EC2 key pair creation attempt with known suspicious naming convention](def-000-192.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [System Audit Logs Must Have Mode 0640 or Less Permissive](def-000-199.md): If`log_group`in`/etc/audit/auditd.conf`is set to a group other than the`root`group account, change the mode of ... - [Stratus Red Team usage](def-000-1a3.md): Classification:complianceFramework:Control: - [OSSEC Alert: Unusual spike in authentication failure](def-000-1a8.md): {% alert level="danger" %} - [>-](def-000-1b4.md): This check assesses Kubernetes clusters for vulnerabilities associated with the Ingress NGINX Controller, collectivel... - [>-](def-000-1bz.md): If the kubelet refers to a configuration file with the`--config`argument, you should set its file ownership to main... - [Disable GNOME3 Automounting](def-000-1cl.md): The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB f... - [RDS instances should have IAM authentication enabled](def-000-1do.md): This control checks if an RDS instance has IAM database authentication enabled. The control specifically evaluates RD... - [Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters](def-000-1dr.md): The pam_pwquality module's`ucredit=`parameter controls requirements for usage of uppercase letters in a password. W... - [API scan detected on service](def-000-1e8.md): Detect when your API endpoints are being probed by a third party. The goal of the attacker may be to find undocumente... - [User preferences endpoint without HTTPS](def-000-1ev.md): This API endpoint handles user profile settings over an unencrypted channel. - [Login attempt from new location detected](def-000-1fb.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Secrets Manager secrets should have automatic rotation enabled](def-000-1h2.md): This control verifies whether secrets stored in AWS Secrets Manager are set up for automatic rotation. The control wi... - [Falco finding](def-000-1if.md): {% alert level="danger" %} - [Distributed Credential Stuffing campaign (user count)](def-000-1ij.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [AWS IAM role has access to a large number of resources](def-000-1im.md): This rule identifies when an IAM role has a policy attached which permits them access to a significant number of reso... - [>-](def-000-1jd.md): Verify that users have the Service Account User (`iam.serviceAccountUser`) and Service Account Token Creator (`iam.se... - [Route uses HTTP to connect to external APIs](def-000-1km.md): The service communicates with third-party APIs using HTTP. The request or its response may be tampered with between y... - [RDS logs should be collected and retained for no less than 90 days](def-000-1kx.md): RDS instances should have CloudWatch Logs exports enabled with log retention configured for no less than 90 days to e... - [Malicious IP connected to MySQL database](def-000-1l4.md): Classification:attackTactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-s... - [Google Cloud Kubernetes Engine cluster should not be publicly accessible](def-000-1oa.md): The control plane of a GKE cluster should not be open to the internet. Limiting internet access significantly reduces... - [Neptune DB clusters should be deployed across multiple Availability Zones](def-000-1or.md): This control verifies whether an Amazon Neptune DB cluster has read replica instances spread across multiple Availabi... - [Ensure PAM Enforces Password Requirements - Minimum Length](def-000-1p4.md): The pam_pwquality module's`minlen`parameter controls requirements for minimum characters required in a password. Ad... - [>-](def-000-1q9.md): This check verifies that AWS CloudFront field-level encryption is enabled when using the POST method in the CloudFron... - [Google Compute Engine image created](def-000-1qw.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [AWS ListResources executed by new principal identity](def-000-1sc.md): {% alert level="danger" %} - [Tor client IP address identified within Google Cloud environment](def-000-1so.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1090-proxy](h... - [Privileged Azure Entra user is synced from on-premises AD](def-000-1u4.md): Synced accounts, especially those with high privilege levels, are often targeted by attackers and can be used to exte... - [Publicly accessible EC2 host is running IMDSv1 and has an SSRF vulnerability](def-000-1vr.md): A publicly accessible compute instance is affected by an SSRF vulnerability and is running IMDSv1. - [Excessive sensitive activity from an IP (WAF instrumented)](def-000-1w1.md): Detect excessive activity performed from an IP. - [Set PAM''s Password Hashing Algorithm](def-000-1wb.md): The PAM system service can be configured to only store encrypted representations of passwords. In "/etc/pam.d/common-... - [An AKS Cluster's Kubelet should only allow explicitly authorized requests](def-000-1wp.md): Kubelets can be configured to allow all authenticated requests (even anonymous ones) without needing explicit authori... - [Cognito identity pools should only allow authenticated identities](def-000-1yd.md): Cognito identity pools should not allow unauthenticated identities to assume IAM roles. When this parameter is enable... - [Limit Password Reuse (ubuntu2404)](def-000-1yr.md): Do not allow root to reuse recent passwords. This can be accomplished by using the`enforce_for_root`option for the ... - [Ensure that Role Based Access Control for Azure Key Vault is enabled](def-000-1z8.md): Enable role-based access control (RBAC) for Azure Key Vault to provide more granular access control and better securi... - [SSH interesting hostname login notice from Zeek](def-000-1zk.md): Classification:attack - [Load Balancers should span multiple Availability Zones](def-000-1zq.md): This check assesses whether load balancers (Application, Network, or Gateway) are configured to operate across at lea... - [GitLab group visibility changed to public](def-000-21e.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Redis modified cron job directory to execute commands](def-000-21l.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1053-sc... - [Unauthenticated route is used to invite users](def-000-21s.md): An unauthenticated API route is being used to handle user invitations, which may expose your application to potential... - [Verify Permissions of Files in /var/log/gdm3](def-000-238.md): To properly set the permissions of`/var/log/gdm3/*`, run the command: - [IAM Access Analyzer should be enabled in all active regions](def-000-23j.md): AWS IAM Access Analyzer is an AWS service that analyzes permissions to your resources, helping you ensure they are co... - [Feature returning private information abused by IP](def-000-25u.md): Tactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltration-over-web-service](... - [Verify All Account Password Hashes are Shadowed with SHA512](def-000-268.md): Verify the operating system requires the shadow password suite configuration be set to encrypt interactive user passw... - [RDS instances should be configured to copy tags to snapshots](def-000-26f.md): This control verifies RDS DB instances are set to automatically copy all tags to snapshots upon creation. Proper iden... - [Ensure a Single Time Synchronization Service is in Use](def-000-26n.md): The system must have exactly one active time synchronization service to avoid conflicts and ensure consistent time sy... - [Network Firewall stateless rule groups should not be empty](def-000-26o.md): This control verifies whether an AWS Network Firewall stateless rule group includes at least one rule. - [Kubernetes DNS enumeration](def-000-28m.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1046-network-servi... - [All keys in non-RBAC Azure Key Vaults should have an expiration time set](def-000-290.md): To enhance security, it is essential to ensure that all keys in non-role-based access control (RBAC) Azure Key Vaults... - [Windows delete volume shadow copies via WMI with PowerShell](def-000-29r.md): {% alert level="danger" %} - [Authentication using Client Certificates should be disabled](def-000-2at.md): Client certificates should be disabled, which require certificate rotation, for authentication. [Kubernetes does not ... - [Atlassian administrator impersonated user](def-000-2b1.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Windows suspicious Teams application related ObjectAccess event](def-000-2bb.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1528-steal... - [Ensure Authentication Required for Single User Mode](def-000-2bk.md): Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bo... - [Configure Firewalld to Restrict Loopback Traffic](def-000-2e5.md): Configure`firewalld`to restrict loopback traffic to the`lo`interface. The loopback traffic must be trusted by ass... - [Disable the GNOME3 Login User List](def-000-2ef.md): In the default graphical environment, users logging directly into the system are greeted with a login screen that dis... - [Ensure gpgcheck Enabled In Main yum Configuration](def-000-2ff.md): The`gpgcheck`option controls whether RPM packages' signatures are always checked prior to installation. To configur... - [Verify Permissions on passwd File](def-000-2g8.md): To properly set the permissions of`/etc/passwd`, run the command: - [Windows restricted software access by the Software Restriction Policies](def-000-2i0.md): {% alert level="danger" %} - [>-](def-000-2iy.md): To set the runtime status of the`net.ipv4.conf.default.accept_source_route`kernel parameter, run the following comm... - [Delinea Privilege Manager detected a bad-rated application action event](def-000-2kb.md): {% alert level="danger" %} - [Google Workspace user has unenrolled from Advanced Protection](def-000-2kn.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Recently written or modified suid file has been executed](def-000-2m5.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1548-abuse-e... - [>-](def-000-2m8.md): {% alert level="danger" %} - [IAM users should not have both Console access and Access Keys](def-000-2mt.md): AWS IAM users should be granted the minimum necessary access according to the principle of least privilege. Having bo... - [Auditd configuration modified](def-000-2o8.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Verify Group Ownership of Message of the Day Banner](def-000-2or.md): To properly set the group owner of`/etc/motd`, run the command: - [EC2 Auto Scaling group should use multiple Availability Zones](def-000-2pt.md): This check verifies if an Amazon EC2 Auto Scaling group extends across a minimum of two Availability Zones (AZs). All... - [Cisco Duo bypass code created by administrator](def-000-2qy.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1556-modify-... - [Keycloak multiple users impersonated by single user](def-000-2rd.md): {% alert level="danger" %} - [Service Accounts should only use GCP managed keys](def-000-2rk.md): User managed service accounts should not have user-managed keys. - [Multiple Microsoft Teams deleted](def-000-2ru.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1531-account-access-r... - [''Delete Public Ip Address Rule'' activity log alert should be configured](def-000-2sc.md): To enhance network security monitoring and expedite the detection of suspicious activity, it is recommended to create... - [Auth0 suspicious IP throttling disabled](def-000-2su.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Impossible travel GitLab event](def-000-2te.md): {% alert level="danger" %} - [Ensure No Daemons are Unconfined by SELinux](def-000-2un.md): Daemons for which the SELinux policy does not contain rules will inherit the context of the parent process. Because d... - [IAM SSH public keys should be rotated at least every 90 days](def-000-2w4.md): This control verifies if an IAM user's SSH public keys are being rotated at least every 90 days. - [>-](def-000-2y3.md): This check verifies that an Amazon EC2 Auto Scaling group uses more than one instance type. The check fails if the Au... - [Add nodev Option to /var/log](def-000-2yc.md): The`nodev`mount option can be used to prevent device files from being created in`/var/log`. Legitimate character a... - [Uninstall nginx Package](def-000-2yu.md): The`nginx`package can be removed with the following command: - [RDS databases should have 'Auto Minor Version Upgrade' enabled](def-000-2za.md): Ensuring that RDS database instances have the Auto Minor Version Upgrade flag enabled allows the instances to automat... - [Remove ftp Package](def-000-2zi.md): FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server a... - [Windows suspicious PowerShell mailbox export to share](def-000-316.md): {% alert level="danger" %} - [RDS instances should have deletion protection enabled](def-000-31m.md): This control ensures that deletion protection is activated for an RDS instance that uses one of the below specified d... - [Anomalous number of Google Cloud Storage Buckets Accessed](def-000-330.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1619-cloud-storage... - [Symantec VIP unusual spike in authentication failed events](def-000-33d.md): {% alert level="danger" %} - [>-](def-000-33e.md): Ensure that Azure Databricks workspaces are deployed in a customer-managed virtual network (VNet) to provide enhanced... - [>-](def-000-33f.md): Enable customer-managed keys (CMK) for Azure Databricks workspace encryption to control encryption keys for data at r... - [RDS cluster snapshots should not be shared with external accounts](def-000-33v.md): This rule evaluates whether Amazon RDS cluster snapshots are shared with external AWS accounts that are not onboarded... - [>-](def-000-346.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Verify User Who Owns /etc/security/opasswd File](def-000-34k.md): To properly set the owner of`/etc/security/opasswd`, run the command: - [WAF Classic rules should be migrated to WAFv2](def-000-35b.md): All AWS WAF Classic resources should be migrated to WAFv2 as WAF Classic support ends on September 30, 2025. WAFv2 of... - [>-](def-000-36k.md): To prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and re... - [Verify ownership of log files](def-000-375.md): Any operating system providing too much information in error messages risks compromising the data and security of the... - [Attack Tool](def-000-37g.md): Tactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-scanning](https://atta... - [>-](def-000-38f.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltrati... - [AWS IAM role can assume a role with administrative privileges](def-000-38i.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Cloud Asset Inventory should be enabled](def-000-39z.md): GCP Cloud Asset Inventory is a service that provides a historical view of GCP resources and IAM policies through a ti... - [Verify Group Who Owns Backup gshadow File](def-000-3bd.md): To properly set the group owner of`/etc/gshadow-`, run the command: - [CodeBuild logs stored in S3 should be encrypted](def-000-3c9.md): This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted. - [Install libselinux Package](def-000-3ce.md): The`libselinux`package can be installed with the following command: - [DynamoDB tables should have deletion protection enabled](def-000-3cf.md): This check verifies if deletion protection is turned on for an Amazon DynamoDB table. If the table does not have dele... - [Mimecast Alert: email contains malicious file](def-000-3di.md): {% alert level="danger" %} - [Windows MSSQL XPCmdshell change](def-000-3dv.md): {% alert level="danger" %} - [Asana role change to admin or super-admin detected](def-000-3fk.md): {% alert level="danger" %} - [The Chrony package is installed](def-000-3fs.md): System time should be synchronized between all systems in an environment. This is typically done by establishing an a... - [>-](def-000-3h3.md): This control checks whether your IAM policies for Bedrock invocation actions require Bedrock Guardrails to be attache... - [>-](def-000-3h4.md): This control checks whether your IAM user inline policies for Bedrock invocation actions require Bedrock Guardrails t... - [>-](def-000-3h5.md): This control checks whether your IAM group inline policies for Bedrock invocation actions require Bedrock Guardrails ... - [>-](def-000-3h6.md): This control checks whether your IAM role inline policies for Bedrock invocation actions require Bedrock Guardrails t... - [>-](def-000-3h7.md): {% alert level="danger" %} - [An external Microsoft Teams member was added then removed](def-000-3id.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [SSH access should be restricted from the internet](def-000-3ih.md): GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies traffic when its conditions are m... - [>-](def-000-3j4.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Remove telnet Clients (ubuntu2404)](def-000-3j5.md): The telnet client allows users to start connections to other systems via the telnet protocol. - [Ivanti nZTA critical and major events detected](def-000-3j6.md): {% alert level="danger" %} - [>-](def-000-3l9.md): Storage accounts with activity log exports have the option to utilize Customer Managed Keys (CMKs) for encryption. By... - [>-](def-000-3lu.md): To set the runtime status of the`net.ipv6.conf.default.accept_source_route`kernel parameter, run the following comm... - [Suricata possible ARP spoofing detected](def-000-3m1.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1557-adver... - [Windows BITS transfer job downloaded to suspicious folder](def-000-3ns.md): {% alert level="danger" %} - [Windows potential lsass process dump via procdump](def-000-3o4.md): {% alert level="danger" %} - [Linux Hardening: LOCKDOWN mode should be ''none confidentiality''](def-000-3oj.md): | Impact | Remediation complexity | Severity | Recommended value | - [Ensure a Table Exists for Nftables](def-000-3om.md): Tables in nftables hold chains. Each table only has one address family and only applies to packets of this family. Ta... - [RDS instances should publish logs to CloudWatch Logs](def-000-3on.md): This control verifies whether an Amazon RDS DB instance is configured to publish specific logs to Amazon CloudWatch L... - [Verify Group Who Owns Backup group File](def-000-3pb.md): To properly set the group owner of`/etc/group-`, run the command: - [Disable Mounting of freevxfs](def-000-3pl.md): To configure the system to prevent the`freevxfs`kernel module from being loaded, add the following line to the file... - [Set SSH authentication attempt limit](def-000-3tb.md): The`MaxAuthTries`parameter specifies the maximum number of authentication attempts permitted per connection. Once t... - [A GKE Cluster's Kubelet configuration file should disable anonymous requests](def-000-3tk.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [A log metric filter and alert should exist for custom role changes](def-000-3v6.md): It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) r... - [Credential access via registry hive dumping](def-000-3vo.md): {% alert level="danger" %} - [Timeouts for streaming connections in an AKS worker node should be enabled](def-000-3wd.md): Timeouts on streaming connections should be enabled. Setting idle timeouts ensures that the node is protected against... - [Ensure System Log Files Have Correct Permissions](def-000-3wi.md): The file permissions for all log files written by`rsyslog`should be set to 640, or more restrictive. These log file... - [Disable Apport Service](def-000-3ww.md): The Apport modifies certain kernel configuration values at runtime which may decrease the overall security of the sys... - [Amazon SES modification attempt](def-000-3xr.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [JWT authentication bypass attempt](def-000-3zd.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Verify the UEFI Boot Loader grub.cfg User Ownership](def-000-3ze.md): The file`/boot/efi/EFI/redhat/grub.cfg`should be owned by the`root`user to prevent destruction or modification of... - [Verify SSH Keys Modified on Host](def-000-3zj.md): | Impact | Remediation complexity | Severity | Recommended value | - [IAM roles should be used within the last 90 days](def-000-3zx.md): Ensuring IAM roles are actively used within the last 90 days helps maintain a secure AWS environment. Inactive roles ... - [>-](def-000-40w.md): To set the runtime status of the`net.ipv4.conf.all.secure_redirects`kernel parameter, run the following command: - [Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters](def-000-410.md): The pam_pwquality module's`lcredit`parameter controls requirements for usage of lowercase letters in a password. Wh... - [User has changed country](def-000-41h.md): Detect whenever a user uses an application from a new country. - [Elasticsearch domains should use at least three data nodes](def-000-43h.md): This control checks whether Elasticsearch domains have at least three data nodes and ensures the zoneAwarenessEnabled... - [All secrets in Non-RBAC Azure Key Vault should have an expiration time set](def-000-441.md): To improve security, it is essential to ensure that all secrets in non-role-based access control (RBAC) Azure Key Vau... - [>-](def-000-448.md): Enabling the vulnerability assessment (VA) setting is recommended, along with the option to send email notifications ... - [Ensure Users Cannot Change GNOME3 Session Idle Settings](def-000-44d.md): If not already configured, ensure that users cannot change GNOME3 session idle settings by adding`/org/gnome/desktop... - [RDP access should be restricted from the internet](def-000-45s.md): GCP Firewall Rules are specific to a VPC Network. Each rule either allows or denies traffic when its conditions are m... - [MSK clusters should be encrypted in transit among broker nodes](def-000-465.md): This rule checks whether Amazon MSK clusters have encryption enabled for data in transit among broker nodes. - [Control plane authorized networks should be enabled](def-000-46l.md): Master authorized networks should be enabled to restrict access to the cluster's control plane by using an allowlist ... - [The web app should redirect all HTTP traffic to HTTPS](def-000-46o.md): Azure Web Apps allow sites to use both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure... - [Add nodev Option to /var](def-000-471.md): The`nodev`mount option can be used to prevent device files from being created in`/var`. Legitimate character and b... - [Anomalous number of Google Cloud Storage Objects Accessed](def-000-472.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Password spray attack observed](def-000-47i.md): {% alert level="danger" %} - [Auto-Upgrade for nodes should be enabled in GKE clusters](def-000-47j.md): Auto-upgrade should be enabled for nodes. Auto-upgrade keeps nodes at the current version of Kubernetes and applies s... - [Microsoft 365 Exchange inbox rule set up to hide email](def-000-48i.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1564-hide-ar... - [Ensure ip6tables Firewall Rules Exist for All Open Ports](def-000-48n.md): Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. - [>-](def-000-48q.md): It is recommended that a metric filter and alarm be set up for SQL instance configuration changes. - [The Chronyd service is enabled](def-000-48y.md): chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a... - [Use Only Strong Ciphers](def-000-49c.md): Limit the ciphers to strong algorithms. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. T... - [Verify Ownership of Files in /var/log/sssd](def-000-4bo.md): To properly set the owner of`/var/log/sssd/*`, run the command: - [DMS replication tasks for the source database should have logging enabled](def-000-4c8.md): This control verifies whether logging is enabled with at least the default severity level (`LOGGER_SEVERITY_DEFAULT`)... - [>-](def-000-4de.md): Disabling the EC2 setting 'EC2 Serial Console access' prevents the use of low-level serial connections to EC2 instanc... - [Verify User Who Owns /etc/security/opasswd.old File](def-000-4dh.md): To properly set the owner of`/etc/security/opasswd.old`, run the command: - [PingOne multiple Kerberos check failed attempts](def-000-4dz.md): {% alert level="danger" %} - [Excessive resource consumption of third-party API](def-000-4e0.md): Applications often rely on third-party services paid for per request. Attackers might abuse this and cause operationa... - [Verify Permissions on SSH Server Private *_key Key Files](def-000-4e1.md): SSH server private keys - files that match the`/etc/ssh/*_key`glob, have to have restricted permissions. If those f... - [The AKS kubeconfig file should have permissions set to 644 or more restrictive](def-000-4e8.md): If kubelet is configured by a kubeconfig file, ensure that the kubeconfig file has permissions of`644`or more restr... - [>-](def-000-4f4.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [RDS clusters should have IAM authentication enabled](def-000-4f8.md): This control verifies IAM database authentication is enabled for an Amazon RDS cluster. IAM database authentication p... - [Endpoint exposes stack trace errors](def-000-4fb.md): An API endpoint was found [exposing stack trace errors](https://app.datadoghq.com/security/appsec/vm/code?query=statu... - [Add nosuid Option to /tmp](def-000-4g0.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/tmp`. The SUID and SGID permission... - [Configure GNOME3 DConf User Profile](def-000-4h4.md): By default, DConf provides a standard user profile. This profile contains a list of DConf configuration databases. Th... - [Route 53 public hosted zones should log DNS queries](def-000-4hf.md): This control verifies whether DNS query logging is activated for an Amazon Route 53 public hosted zone. - [Google Workspace Tor client detected](def-000-4hw.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1090-proxy](h... - [EC2 instances managed by SSM should have a compliant association status](def-000-4io.md): This control verifies if the AWS Systems Manager`association_status`status is`Success`following the execution of ... - [Redshift clusters should use enhanced VPC routing](def-000-4ix.md): This control verifies if an Amazon Redshift cluster has Enhanced VPC Routing activated. - [Cloudflare CASB Finding](def-000-4jd.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [An AKS's Kubelet should use TLS authentication](def-000-4kv.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [Projects should have OS Login enabled for SSH authentication](def-000-4mc.md): Enabling OS Login binds SSH certificates to IAM users and facilitates effective SSH certificate management. - [AWS IAM AmazonSESFullAccess policy was applied to a role](def-000-4or.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Windows NoFilter tool execution](def-000-4p1.md): {% alert level="danger" %} - [Authentication route is not protected by AAP's ATO Detection](def-000-4ph.md): This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by App & API P... - [Add noexec Option to /dev/shm](def-000-4qp.md): The`noexec`mount option can be used to prevent binaries from being executed out of`/dev/shm`. It can be dangerous ... - [Amazon Bedrock model invocations disabled](def-000-4re.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [AWS Management Console authentication failures should be monitored](def-000-4sx.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Serial port connection for VM instances should be disabled](def-000-4sz.md): Interacting with a serial port is often referred to as the serial console, which is similar to using a terminal windo... - [AWS Lambda function has administrative privileges](def-000-4to.md): This rule ensures that none of your Lambda functions have IAM roles with highly-privileged policies or administrative... - [>-](def-000-4um.md): The pam_faillock.so module must be loaded in preauth in /etc/pam.d/system-auth. - [GitHub enterprise owner added](def-000-4y6.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](def-000-4y8.md): The pam_pwquality module's`dictcheck`check if passwords contains dictionary words. When`dictcheck`is set to`1`p... - [Google Security Command Center](def-000-4ym.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [AWS IAM AdministratorAccess policy was applied to a role](def-000-4z1.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [DataSync tasks should have logging enabled](def-000-4z9.md): DataSync tasks should have logging enabled. CloudWatch logging provides visibility into data transfer operations, inc... - [Use Only FIPS 140-2 Validated Ciphers](def-000-4zd.md): Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block... - [Verify Essential Linux Binary Modified on Host](def-000-4zi.md): | Impact | Remediation complexity | Severity | Recommended value | - [Verify ufw Enabled](def-000-53h.md): The`ufw`service can be enabled with the following command: - [Disable GNOME3 Automount running](def-000-53p.md): The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB f... - [The AWS managed policy AWSCompromisedKeyQuarantine has been attached](def-000-57b.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [>-](def-000-57e.md): This control examines whether your IAM Group inline policies allow AWS KMS decryption actions on all KMS resources. T... - [All GIDs referenced in /etc/passwd must be defined in /etc/group](def-000-57u.md): Add a group to the system for each GID referenced without a corresponding group. - [EC2 instances should be managed by SSM](def-000-57v.md): This control verifies that running EC2 instances are managed by AWS Systems Manager (SSM). SSM is a service designed ... - [Install the systemd_timesyncd Service](def-000-58i.md): The systemd_timesyncd service should be installed. - [Only one active access key should exist per user](def-000-58w.md): Access keys are long-term credentials for an IAM user or the AWS account root user. They allow users to sign programm... - [Ensure the Default Bash Umask is Set Correctly](def-000-59p.md): To ensure the default umask for users of the Bash shell is set properly, add or correct the`umask`setting in`/etc/... - [Delinea Privilege Manager detected a password disclosure event](def-000-5ah.md): {% alert level="danger" %} - [VPC-native clusters should be used](def-000-5b2.md): Alias IPs should be enabled for the node network CIDR range in order to subsequently configure IP-based policies and ... - [VPCs should have an interface VPC endpoint configured for SSM Incident Manager](def-000-5bn.md): Virtual private clouds (VPCs) should have interface VPC endpoints configured for SSM Incident Manager to enable priva... - [OCI ConsoleLogin without MFA triggered Impossible Travel scenario](def-000-5c9.md): {% alert level="danger" %} - [Azure AD new verified domain added to tenant](def-000-5cu.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1078-valid-accou... - [Add noexec Option to /tmp](def-000-5cv.md): The`noexec`mount option can be used to prevent binaries from being executed out of`/tmp`. Add the`noexec`option ... - [Chrony Configure Pool and Server](def-000-5dk.md): `Chrony`is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks ac... - [AppSync GraphQL APIs should have field-level logging enabled](def-000-5ea.md): Enable field-level logging for your AWS AppSync GraphQL APIs - [Google Workspace user disabled 2-step verification](def-000-5em.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [>-](def-000-5ey.md): A database server should accept connections only from trusted networks and IPs and restrict access from public IP add... - [Verify pam_unix module is activated](def-000-5ez.md): `pam_unix`is the standard Unix authentication module. It uses standard calls from the system's libraries to retrieve... - [Azure AI API keys listed outside of known AI web portals](def-000-5fo.md): {% alert level="danger" %} - [IAM roles should not allow untrusted GitHub Actions to assume them](def-000-5g7.md): When a GitHub Action needs to assume an IAM role, it is recommended to use [identity federation](https://docs.github.... - [Authentication route use Basic Auth](def-000-5ga.md): The API endpoint uses an authentication protocol that is not considered secure. The "HTTP/1.0" protocol includes the ... - [Forcepoint Security Service Edge alert event](def-000-5gi.md): {% alert level="danger" %} - [Private endpoint should be enabled for MySQL servers](def-000-5hk.md): This rule checks if private endpoint connections are enabled for MySQL servers. Enabling private endpoint connections... - [Uninstall dovecot Package](def-000-5hv.md): The`dovecot-core`package can be removed with the following command: - [Password recovery request completed](def-000-5if.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [>-](def-000-5je.md): A publicly accessible EC2 instance has one or more critical security vulnerabilities with access to Elasticcache with... - [Disable Mounting of hfsplus](def-000-5jf.md): To configure the system to prevent the`hfsplus`kernel module from being loaded, add the following line to the file ... - [VPC changes should be monitored](def-000-5l5.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Ensure that /etc/cron.deny does not exist](def-000-5m7.md): The file`/etc/cron.deny`should not exist. Use`/etc/cron.allow`instead. - [Verify Group Who Owns /etc/at.allow file](def-000-5ma.md): If`/etc/at.allow`exists, it must be group-owned by`root`. To properly set the group owner of`/etc/at.allow`, run ... - [Route returns sensitive PII data without rate limit](def-000-5my.md): The API returns sensitive personally identifiable information (PII) and does not implement any rate-limiting protection. - [>-](def-000-5nt.md): Ensure that if the kubelet refers to a configuration file with the`--config`argument. You should set its file owner... - [Palo Alto Cortex XDR: New incident detected](def-000-5ob.md): {% alert level="danger" %} - [Distributed Credential Stuffing campaign (attacker fingerprint)](def-000-5q2.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [DocumentDB clusters should have an appropriate backup retention period set](def-000-5q3.md): This check determines if an Amazon DocumentDB cluster maintains a backup retention period of at least 7 days. A value... - [EKS clusters should run on a supported version of Kubernetes](def-000-5q8.md): This control checks whether an Elastic Kubernetes Service (EKS) cluster is operating on a supported version of Kubern... - [Verify Owner on cron.hourly](def-000-5qc.md): To properly set the owner of`/etc/cron.hourly`, run the command: - [GitLab new administrator added](def-000-5rx.md): {% alert level="danger" %} - [Wiz threat finding](def-000-5sj.md): {% alert level="danger" %} - [Avoid using remember in pam_unix module](def-000-5t5.md): The`remember`option stores the last n passwords for each user in`/etc/security/opasswd`, enforcing password histor... - [Disable Samba](def-000-5uw.md): The`smb`service can be disabled with the following command: - [Disable tftpd-hpa Service](def-000-5w7.md): The`tftpd-hpa`service should be disabled. The`tftpd-hpa`service can be disabled with the following command: - [Windows PowerShell AADInternals cmdlets execution](def-000-5yk.md): {% alert level="danger" %} - [Classic Load Balancers should span multiple Availability Zones](def-000-5zp.md): This check ensures Classic Load Balancers are configured to operate across at least two Availability Zones (AZs). Loa... - [Verify ownership of Message of the Day Banner](def-000-605.md): To properly set the owner of`/etc/motd`, run the command: - [AWS Java_Ghost security group creation attempt](def-000-60z.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Amazon Bedrock console activity](def-000-61e.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Ensure PAM Enforces Password Requirements - Minimum Different Categories](def-000-61f.md): The pam_pwquality module's`minclass`parameter controls requirements for usage of different character classes, or ty... - [Unwanted HTTP header in response](def-000-62j.md): This publicly exposed API endpoint was found responding with headers that reveal sensitive information about the tech... - [Enable cron Daemon](def-000-63u.md): The`crond`service is used to execute commands at preconfigured times. It is required by almost all systems to perfo... - [Ensure the Default Umask is Set Correctly For Interactive Users](def-000-644.md): Remove the`UMASK`environment variable from all interactive users initialization files. - [GKE Sandbox should be used for untrusted workloads](def-000-65v.md): Use the GKE Sandbox feature to restrict untrusted workloads as an additional layer of protection when running in a mu... - [>-](def-000-65w.md): Amazon Cognito identity pools can be configured to offer [guest access](https://docs.aws.amazon.com/location/latest/d... - [AWS Config should be enabled and recording in all active regions](def-000-66b.md): This check ensures that AWS Config is enabled in all regions. AWS Config continuously monitors and records your AWS r... - [GitHub anomalous bot org activity](def-000-66c.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Windows SAM registry hive handle request](def-000-66l.md): {% alert level="danger" %} - [ECR private repositories should not grant public image downloads](def-000-66s.md): Identify when Amazon Elastic Container Repositories container images can be downloaded by anyone. - [Remove ufw Package](def-000-674.md): The`ufw`package can be removed with the following command: - [An AKS Cluster's Kubelet should be allowed to manage iptables](def-000-67a.md): It is recommended that kubelets be allowed to manage changes to`iptables`. This ensures that the`iptables`configur... - [Verify User Who Owns /var/log/auth.log File](def-000-67h.md): To properly set the owner of`/var/log/auth.log`, run the command: - [GitHub anomalous bot git activity](def-000-68c.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Verify No .forward Files Exist](def-000-68i.md): The`.forward`file specifies an email address to forward the user's mail to. - [Configure Periodic Execution of AIDE](def-000-68t.md): At a minimum, AIDE should be configured to run a weekly scan. To implement a daily execution of AIDE at 4:05am using ... - [>-](def-000-68x.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Palo Alto Networks Firewall - command and control traffic observed](def-000-69d.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1071-app... - [Verify Permissions on files in the /var/log/apt/.* directory](def-000-6a7.md): To properly set the permissions of`/var/log/apt/.*`, run the command: - [Uninstall telnet-server Package](def-000-6b3.md): The`telnet-server`package can be removed with the following command: - [Uninstall rsh Package](def-000-6be.md): The`rsh-client`package contains the client commands for the rsh services - [Azure App Service should have authentication enabled](def-000-6cs.md): Azure App Service Authentication is a powerful feature that prevents anonymous HTTP requests from reaching your app a... - [Prevent Login to Accounts With Empty Password](def-000-6do.md): If an account is configured for password authentication but does not have an assigned password, it may be possible to... - [>-](def-000-6e8.md): This control ensures existing Amazon RDS event subscriptions for database parameter groups have notifications enabled... - [Auto-Repair for nodes should be enabled in GKE clusters](def-000-6ee.md): Auto-repair should be enabled for nodes. Auto-repair fixes nodes in a degraded state. Fixing nodes in a degraded stat... - [Suricata high number of requests detected from single IP address](def-000-6er.md): Technique:[T1110-brute-force](https://attack.mitre.org/techniques/T1110) - [GitHub SSH key added by suspicious IP](def-000-6fb.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Google Compute Engine network created](def-000-6fd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Cisco Secure Endpoint rise in number of user login requests detected](def-000-6fl.md): {% alert level="danger" %} - [Amazon SNS enumeration in multiple regions using a long-term access key](def-000-6g0.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Malicious IP connected to PostgreSQL database](def-000-6g3.md): Classification:attackTactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-s... - [API Gateways should be associated with a WAF Web ACL](def-000-6ge.md): This check verifies if an AWS WAF web ACL is linked to an API Gateway stage. Failure occurs if a web ACL is not attac... - [Have I Been Pwned latest breach detected](def-000-6gy.md): {% alert level="danger" %} - [>-](def-000-6h2.md): This control verifies whether the default stateless action for fragmented packets in a Network Firewall policy is set... - [Add noexec Option to /var/tmp](def-000-6h3.md): The`noexec`mount option can be used to prevent binaries from being executed out of`/var/tmp`. Add the`noexec`opt... - [Penetration testing user agent identified](def-000-6h6.md): {% alert level="danger" %} - [Verify /boot/efi/EFI/redhat/user.cfg Group Ownership](def-000-6hf.md): The file`/boot/efi/EFI/redhat/user.cfg`should be group-owned by the`root`group to prevent reading or modification... - [Network Firewall firewalls should have deletion protection enabled](def-000-6hx.md): This control verifies if deletion protection is activated for an AWS Network Firewall. - [EC2 instances should not use multiple ENIs](def-000-6i0.md): This check verifies if an EC2 instance is using multiple Elastic Network Interfaces (ENIs). If necessary, you can sup... - [Cloud DNS should have DNSSEC enabled](def-000-6jk.md): Cloud Domain Name System (DNS) is a fast, reliable, and cost-effective domain name system that powers millions of dom... - [Limit Users' SSH Access](def-000-6ju.md): By default, the SSH configuration allows any user with an account to access the system. There are several options ava... - [Ivanti nZTA device vulnerability risk detected](def-000-6kl.md): {% alert level="danger" %} - [Enable systemd_timesyncd Service](def-000-6kx.md): The`systemd_timesyncd`service can be enabled with the following command: - [Verify /boot/grub2/grub.cfg Group Ownership](def-000-6ln.md): The file`/boot/grub2/grub.cfg`should be group-owned by the`root`group to prevent destruction or modification of t... - [Impossible travel event observed from 1Password user](def-000-6lp.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Verify Permissions on Backup gshadow File](def-000-6lz.md): To properly set the permissions of`/etc/gshadow-`, run the command: - [GitHub anomalous number of repositories cloned by user](def-000-6mc.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [>-](def-000-6mw.md): A publicly accessible Google Compute instance has one or more critical severity vulnerabilities. - [Primary email update request](def-000-6my.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Windows vulnerable spn enumerated](def-000-6n8.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1558-steal... - [Verify Ownership on SSH Server Private *_key Key Files](def-000-6nr.md): SSH server private keys, files that match the`/etc/ssh/*_key`glob, must be owned by`root`user. - [LastPass brute force attempt](def-000-6ty.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Verify Group Who Owns /var/log/cloud-init.log* File](def-000-6u2.md): To properly set the group owner of`/var/log/cloud-init.log*`, run the command: - [Cloud KMS cryptokeys should restrict anonymous and/or public access](def-000-6vi.md): It is recommended that the IAM policy on Cloud KMS`cryptokeys`should restrict anonymous and/or public access. - [>-](def-000-6vu.md): It is recommended to set`3625 (trace flag)`database flag to`off`for GCP SQL Server instance. - [Sophos Alert: Core clean up failed](def-000-6vw.md): {% alert level="danger" %} - [Set SSH Client Alive Count Max](def-000-6wc.md): The SSH server sends at most`ClientAliveCountMax`messages during a SSH session and waits for a response from the SS... - [Atlassian administrative API token activity observed](def-000-6xe.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Verify Group Who Owns /etc/at.deny file](def-000-6xf.md): If`/etc/at.deny`exists, it must be group-owned by`root`. To properly set the group owner of`/etc/at.deny`, run th... - [>-](def-000-6z9.md): Use trusted key groups for signed URLs and cookies in CloudFront distributions instead of trusted signers (CloudFront... - [PingOne multiple failed authentication attempts](def-000-6zg.md): {% alert level="danger" %} - [Verify Permissions on /etc/audit/auditd.conf](def-000-70r.md): To properly set the permissions of`/etc/audit/auditd.conf`, run the command: - [All secrets in RBAC Azure Key Vault should have an expiration time set](def-000-711.md): To enhance security, it is crucial to ensure that all secrets in role-based access control (RBAC) Azure Key Vaults ha... - [Data encryption for SQL Database Server should be enabled](def-000-712.md): By default, Transparent Data Encryption (TDE) is enabled on every SQL Server, ensuring real-time encryption and decry... - [Auto Scaling group launch configuration should not assign public IP addresses](def-000-714.md): This control examines whether the launch configuration of an Auto Scaling group assigns a public IP address to its in... - [Configure Firewalld to Trust Loopback Traffic](def-000-726.md): Assign loopback interface to the`firewalld``trusted`zone in order to explicitly allow the loopback traffic in the ... - [Verify Permissions on cron.daily](def-000-73s.md): To properly set the permissions of`/etc/cron.daily`, run the command: - [Public endpoint has no defined schema](def-000-74q.md): This publicly exposed endpoint has no OpenAPI schema uploaded. - [>-](def-000-75j.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [>-](def-000-768.md): This metric evaluates whether RSA certificates overseen by AWS Certificate Manager utilize a key length that is a min... - [Ensure that /etc/at.deny does not exist](def-000-772.md): The file`/etc/at.deny`should not exist. Use`/etc/at.allow`instead. - [''Delete SQL Server Firewall Rule'' activity log alert should be configured](def-000-77s.md): To improve the monitoring of network access changes and reduce the time it takes to detect suspicious activity, it is... - [Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces](def-000-78s.md): To set the runtime status of the`net.ipv4.tcp_syncookies`kernel parameter, run the following command: - [SSH password guessing notice from Zeek](def-000-79f.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Container breakout using runc file descriptors](def-000-7b9.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1611-es... - [Add nosuid Option to /home](def-000-7bk.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/home`. The SUID and SGID permissio... - [Ensure that Root's Path Does Not Include World or Group-Writable Directories](def-000-7bn.md): For each element in root's path, run: - [GitHub SSH certificate requirement disabled](def-000-7d7.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-7dd.md): {% alert level="danger" %} - [ECS task definitions should maintain unique execution/task roles](def-000-7dk.md): Amazon ECS task definitions should use different IAM roles for task execution and task operations to ensure proper se... - [Verify Grouponwership of Files in /var/log/sssd](def-000-7ec.md): To properly set the group owner of`/var/log/sssd/*`, run the command: - [Configure Accepting Router Advertisements on All IPv6 Interfaces](def-000-7ge.md): To set the runtime status of the`net.ipv6.conf.all.accept_ra`kernel parameter, run the following command: - [Ensure rsyncd service is disabled](def-000-7gg.md): The`rsyncd`service can be disabled with the following command: - [Verify Permissions on /var/log/auth.log File](def-000-7h6.md): To properly set the permissions of`/var/log/auth.log`, run the command: - [Unauthorized activity detected](def-000-7hq.md): Tactic:[TA0004-privilege_escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1134-access-token-manipulati... - [Verify Group Who Owns cron.weekly](def-000-7ib.md): To properly set the group owner of`/etc/cron.weekly`, run the command: - [>-](def-000-7lz.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Verify User Who Owns group File](def-000-7ma.md): To properly set the owner of`/etc/group`, run the command: - [>-](def-000-7n1.md): This control checks whether your IAM user inline policies for write access to Bedrock Knowledge Base (KB) sources inc... - [Network Firewall logging should be enabled](def-000-7og.md): This control verifies whether at least one type of logging is enabled for an AWS Network Firewall. - [Verify User Who Owns shadow File](def-000-7pm.md): To properly set the owner of`/etc/shadow`, run the command: - [Uninstall xinetd Package](def-000-7q8.md): The`xinetd`package can be removed with the following command: - [Publicly accessible Azure VM uses password-based SSH authentication](def-000-7qa.md): A publicly accessible compute instance has password-based SSH authentication. The usage of password-based SSH authent... - [CodeBuild projects should have logging enabled](def-000-7qi.md): This control verifies that a CodeBuild project environment has logging enabled, requiring at least one log option, ei... - [LastPass activity from a potentially malicious IP address](def-000-7r5.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [ECS clusters should have Container Insights enabled](def-000-7ro.md): This control verifies whether ECS clusters have Container Insights enabled. - [>-](def-000-7rw.md): {% alert level="danger" %} - [Atlassian Tor client activity detected](def-000-7th.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [>-](def-000-7to.md): This check verifies whether an Application Load Balancer is set to use either the defensive or strictest desync mitig... - [Microsoft 365 eDiscovery search export downloaded](def-000-7v2.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Trellix Endpoint Security tampering with exploit prevention has been detected](def-000-7vv.md): {% alert level="danger" %} - [RDS clusters should have deletion protection enabled](def-000-7x0.md): This control ensures that deletion protection is enabled for an RDS cluster. Enabling cluster deletion protection add... - [LastPass activity from a Tor client IP address](def-000-7x4.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1090-proxy](h... - [OSSEC Alert: OSSEC agent disconnected](def-000-7xu.md): {% alert level="danger" %} - [Remove autofs Package](def-000-7y5.md): autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. The`autofs`package can be ... - [Dataproc cluster should be encrypted using customer-managed encryption key](def-000-7z5.md): When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VM... - [>-](def-000-7z9.md): {% alert level="danger" %} - [Disable DHCPD6 Service](def-000-7zq.md): The`dhcp6`service should be disabled on any system that does not need to act as a DHCP server. The`isc-dhcp-server... - [Executable bit added to newly created file](def-000-80h.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1222-file-an... - [Unusual 1Password item usage action observed from user](def-000-80w.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Ensure iptables Firewall Rules Exist for All Open Ports](def-000-81p.md): Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. - [Azure should send security alert emails to subscription owners](def-000-82p.md): Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft.... - [Google App Engine service account used outside of Google Cloud](def-000-839.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [>-](def-000-83p.md): It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes. - [Zoom account sign in requirements changed](def-000-83x.md): {% alert level="danger" %} - [DMS replication instances should have automatic minor version upgrades enabled](def-000-847.md): This control verifies whether the automatic minor version upgrade feature is enabled for an AWS DMS replication insta... - [Azure AD sign in from AzureHound default user agent](def-000-85j.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1069-permission-gr... - [SentinelOne Threats](def-000-85o.md): Classification:attack - [GitHub Advanced Security modification](def-000-85z.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Slack user role elevated to administrative privileges](def-000-868.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Azure AD Identity Protection risky user](def-000-86b.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Ensure that System Accounts Are Locked](def-000-87u.md): Some accounts are not associated with a human user of the system, and exist to perform some administrative functions.... - [Modify the System Message of the Day Banner](def-000-89v.md): To configure the system message banner edit`/etc/motd`. Replace the default text with a message compliant with the l... - [Verify Permissions on shadow File](def-000-89z.md): To properly set the permissions of`/etc/shadow`, run the command: - [App Service should use the latest version of TLS encryption](def-000-8ew.md): The Transport Layer Security (TLS) protocol ensures secure data transmission over the internet through standard encry... - [>-](def-000-8g1.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Cisco Duo administrator locked out after too many failed login attempts](def-000-8gg.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Verify nftables Service is Enabled](def-000-8gm.md): The nftables service allows for the loading of nftables rulesets during boot, or starting on the nftables service The... - [Azure AppService HTTP Logs Enabled](def-000-8gn.md): This rule ensures that HTTP logs are enabled for Azure App Service resources. HTTP logs are crucial for monitoring an... - [Windows fsutil suspicious invocation](def-000-8h1.md): {% alert level="danger" %} - [SageMaker notebook instances should be launched in a custom VPC](def-000-8hf.md): This control evaluates whether an Amazon SageMaker notebook instance is launched within a custom virtual private clou... - [Auth0 brute-force protection disabled](def-000-8hj.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows syskey registry keys access](def-000-8hs.md): {% alert level="danger" %} - [>-](def-000-8iq.md): By default, DConf uses a binary database as a data backend. The system-level database is compiled from keyfiles in th... - [OSSEC Alert: Possible attack detected](def-000-8jx.md): {% alert level="danger" %} - [User Initialization Files Must Not Run World-Writable Programs](def-000-8ke.md): Set the mode on files being executed by the user initialization files with the following command: - [Microsoft 365 Security and Compliance](def-000-8mq.md): Classification:attack - [Ensure that System Accounts Do Not Run a Shell Upon Login](def-000-8n9.md): Some accounts are not associated with a human user of the system, and exist to perform some administrative functions.... - [RDS cluster snapshots should not be publicly shared](def-000-8nn.md): Ensures that your Amazon RDS cluster snapshots are **not publicly accessible** to protect sensitive data from unautho... - [GitHub organization was transferred between enterprise accounts](def-000-8o2.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [AWS Verified Access anomalous failed authentication attempts by user](def-000-8oe.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [AWS ListResources by long term access key](def-000-8qc.md): {% alert level="danger" %} - [The Chronyd service is disabled](def-000-8s8.md): The`chrony`service can be disabled with the following command: - [>-](def-000-8su.md): To set the runtime status of the`net.ipv4.icmp_echo_ignore_broadcasts`kernel parameter, run the following command: - [Azure should use the latest Java version available](def-000-8u1.md): New versions of Java software are periodically released to address security vulnerabilities and introduce new functio... - [Tailscale security email modified](def-000-8u5.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [A potentially malicious file was sent in a Microsoft Teams message](def-000-8ui.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [Tailscale user role updated](def-000-8uj.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [Add nosuid Option to /var](def-000-8uy.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/var`. The SUID and SGID permission... - [Redis sandbox escape (CVE-2022-0543)](def-000-8w8.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1190-exploit-publi... - [Install pam-runtime Package](def-000-8wp.md): The`libpam-runtime`package can be installed with the following command: - [>-](def-000-8xd.md): To set the runtime status of the`net.ipv4.conf.all.accept_source_route`kernel parameter, run the following command: - [Neptune cluster snapshots should not be shared with external accounts](def-000-8xh.md): This rule evaluates whether Amazon Neptune cluster snapshots are shared with external AWS accounts that are not onboa... - [IAM role has trust policy containing cross-OU principal](def-000-8xi.md): This control examines whether IAM roles have trust policies that allow access to principals from different AWS organi... - [Add nodev Option to /dev/shm](def-000-8y3.md): The`nodev`mount option can be used to prevent creation of device files in`/dev/shm`. Legitimate character and bloc... - [Verify User Who Owns /var/log/localmessages File](def-000-8yi.md): To properly set the owner of`/var/log/localmessages`, run the command: - [OneLogin API activity from malicious IP address](def-000-8yj.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Impossible travel event observed across multiple sources](def-000-8z5.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [KMS keys should not be unintentionally deleted](def-000-8zc.md): This control verifies if KMS keys are set for deletion. The control will not pass if a KMS key is set for deletion an... - [Azure Key Vault should be recoverable](def-000-8ze.md): The key vault contains object keys, secrets, and certificates. If a key vault is made unavailable accidentally, it ca... - [ECS services should not have public IP addresses assigned](def-000-8zx.md): A public IP address is an IP address that can be accessed from the internet. When you configure your Amazon ECS insta... - [Security groups should not allow unrestricted access to ports with high risk](def-000-91j.md): This rule verifies that security groups do not allow unrestricted traffic on ports: - [Windows Kerberoasting RC4 encrypted tickets](def-000-924.md): {% alert level="danger" %} - [Ivanti connect secure impossible travel detected](def-000-92s.md): {% alert level="danger" %} - [ElastiCache Redis replication groups should be encrypted in transit](def-000-92v.md): ElastiCache for Redis replication groups should be encrypted in transit - [Security Group should restrict HTTP(S) access from the internet](def-000-937.md): It is important to regularly assess network security groups for potential port misconfigurations. Specifically, ports... - [Process hidden using mount](def-000-94p.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1564-hide-ar... - [Verify User Who Owns /etc/cron.allow file](def-000-94v.md): If`/etc/cron.allow`exists, it must be owned by`root`. To properly set the owner of`/etc/cron.allow`, run the comm... - [An AKS Cluster's Kubelet should rotate client certificates automatically](def-000-959.md): Client certificates should be rotated. This ensures there is no downtime due to expired certificates. - [High volume of AWS Sagemaker notebooks created in a short period of time](def-000-95a.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [>-](def-000-95r.md): This control verifies whether an Elasticsearch domain endpoint uses the most recent TLS security policy. It will fail... - [Windows shadow copies deletion using operating systems utilities](def-000-99n.md): {% alert level="danger" %} - [Unusual 1Password device authorization activity](def-000-99w.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Authenticated route use expensive APIs without rate limiting](def-000-9a0.md): This API makes use of third-party services paid for per request and does not implement any rate-limiting protection. - [Publicly accessible application in container with elevated privileges](def-000-9ai.md): Granting excessive capabilities to a pod or container can lead to unintended lateral movement to other containers or ... - [Windows MSSQL add sysadmin account](def-000-9c9.md): {% alert level="danger" %} - [AWS accounts should be configured with security contact information](def-000-9cn.md): Ensuring that the security contact information is complete and accurate allows AWS to reach out to the right personne... - [>-](def-000-9dd.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Disable Squid](def-000-9e8.md): The`squid`service can be disabled with the following command: - [Verify Group Who Owns cron.monthly](def-000-9f0.md): To properly set the group owner of`/etc/cron.monthly`, run the command: - [Ensure that chronyd is running under chrony user account](def-000-9fb.md): chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks acro... - [KMS encryption keys should be rotated every 90 days or less](def-000-9fh.md): Google Cloud Key Management Service stores cryptographic keys in a hierarchical structure designed for useful and ele... - [>-](def-000-9fj.md): To follow the principle of least privilege and to prevent potential privilege escalation, assign instances to a servi... - [>-](def-000-9fr.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [WAF Classic rule groups should be migrated to WAFv2](def-000-9g6.md): All AWS WAF Classic resources should be migrated to WAFv2 as WAF Classic support ends on September 30, 2025. WAFv2 of... - [Windows hosts file modified](def-000-9j6.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1036-masqueradin... - [AWS Private CA root certificate authority should be disabled](def-000-9j8.md): AWS Private CA root certificate authority should be disabled. Root CAs are the trust anchor for your PKI hierarchy an... - [Verify the UEFI Boot Loader grub.cfg Group Ownership](def-000-9ji.md): The file`/boot/efi/EFI/redhat/grub.cfg`should be group-owned by the`root`group to prevent destruction or modifica... - [Add nodev Option to /var/log/audit](def-000-9jq.md): The`nodev`mount option can be used to prevent device files from being created in`/var/log/audit`. Legitimate chara... - [OpenSearch domains should be deployed within a VPC](def-000-9k4.md): This control verifies if OpenSearch domains are deployed within a VPC. Note that this control does not assess the VPC... - [Verify Group Who Owns /etc/cron.allow file](def-000-9kg.md): If`/etc/cron.allow`exists, it must be group-owned by`crontab`. To properly set the group owner of`/etc/cron.allow... - [Windows HybridConnectionManager service running](def-000-9kt.md): {% alert level="danger" %} - [Security groups should restrict traffic to trusted IPv6 addresses](def-000-9mn.md): Security groups provide stateful filtering of ingress and egress network traffic to AWS resources. Allowing unrestric... - [GitHub Trufflehog user agent activity observed](def-000-9n6.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1552-unsec... - [Verify Groupownership of Files in /var/log/apt](def-000-9ne.md): To properly set the group owner of`/var/log/apt/*`, run the command: - [Windows WCE wceaux.dll access](def-000-9o1.md): {% alert level="danger" %} - [>-](def-000-9q9.md): To improve the detection of suspicious activity and gain insights into network access changes, it is recommended to c... - [Email with malicious attachment opened by user](def-000-9rc.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing... - [Limit Password Reuse (STIGs - ubuntu2004)](def-000-9rw.md): Do not allow users to reuse recent passwords. This can be accomplished by using the`remember`option for the`pam_un... - [Asana brute force attempt](def-000-9t7.md): {% alert level="danger" %} - [Slack SSO setting changed](def-000-9ue.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [PingOne multiple failed authentication attempts by OTP](def-000-9w1.md): {% alert level="danger" %} - [VPC Flow Logs should be enabled for all VPC subnets](def-000-9yy.md): Flow Logs is a feature that enables users to capture information about the IP traffic going to and from network inter... - [Microsoft 365 Copilot Studio agent authentication modified](def-000-9yz.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Verify Permissions on /etc/audit/rules.d/*.rules](def-000-9z7.md): To properly set the permissions of`/etc/audit/rules.d/*.rules`, run the command: - [>-](def-000-9zz.md): {% alert level="danger" %} - [GitHub review settings altered to skip review after PR push](def-000-a0l.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Azure user granted scoped role assignment over administrative unit](def-000-a11.md): {% alert level="danger" %} - [GitLab group access token created](def-000-a18.md): {% alert level="danger" %} - [Cognito user pools should have deletion protection enabled](def-000-a1d.md): Amazon Cognito user pools should have deletion protection enabled. Deletion protection prevents accidental deletion o... - [GitHub PR review enforcement removed for main](def-000-a1l.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [FSx OpenZFS file systems should copy tags to backups and volumes](def-000-a2x.md): This control verifies whether an Amazon FSx for OpenZFS file system is set up to copy tags to its backups and volumes. - [>-](def-000-a3f.md): A publicly accessible host is affected by [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094). The vulner... - [Unauthenticated route write using predictable IDs](def-000-a4s.md): The API accepts predictable identifiers (IDs) without any authentication mechanism. Attackers can leverage this by gu... - [GitHub mass zip file exfiltration of repositories using an OAuth access token](def-000-a74.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltrati... - [Azure user added to restricted management administrative unit](def-000-a79.md): {% alert level="danger" %} - [GitHub OAuth access token compromise](def-000-a7l.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1528-steal... - [Okta Active Directory environment linked](def-000-a7q.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [Azure restricted management administrative unit created](def-000-a89.md): {% alert level="danger" %} - [Windows persistence via sticky key backdoor](def-000-a8k.md): {% alert level="danger" %} - [GitHub setting changed to fork private repository](def-000-a8l.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Verify Group Who Owns /var/log/waagent.log File](def-000-a8v.md): To properly set the group owner of`/var/log/waagent.log`, run the command: - [Set the GNOME3 Login Warning Banner Text](def-000-a90.md): In the default graphical environment, configuring the login warning banner text in the GNOME Display Manager's login ... - [Set Password Maximum Age](def-000-a9f.md): To specify password maximum age for new accounts, edit the file`/etc/login.defs`and add or correct the following line: - [Verify Permissions on Backup shadow File](def-000-a9r.md): To properly set the permissions of`/etc/shadow-`, run the command: - [Temporary AWS security credentials generated for user](def-000-a9s.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Azure group has access to a large number of resources](def-000-aa6.md): To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least scop... - [Azure administrative unit created](def-000-aa7.md): {% alert level="danger" %} - [>-](def-000-aat.md): The`log_min_messages`flag defines the minimum message severity level that is considered as an error statement. Mess... - [Verify User Who Owns Backup group File](def-000-abh.md): To properly set the owner of`/etc/group-`, run the command: - [Windows PowerShell create volume shadow copy](def-000-abi.md): {% alert level="danger" %} - [>-](def-000-ac6.md): {% alert level="danger" %} - [Asana impossible travel detected](def-000-adg.md): {% alert level="danger" %} - [PingOne device locked out after too many failed attempts](def-000-aee.md): {% alert level="danger" %} - [Verify User Who Owns passwd File](def-000-aek.md): To properly set the owner of`/etc/passwd`, run the command: - [RDS cluster exports snapshots to publicly accessible S3 bucket](def-000-ag8.md): A private RDS cluster is exporting database snapshots to a publicly accessible S3 bucket. This configuration can expo... - [DynamoDB table replicates to a public S3 bucket](def-000-ag9.md): A DynamoDB table is exporting to a publicly accessible S3 bucket. This configuration can expose sensitive data to una... - [Windows PowerShell suspicious Get-ADDBAccount usage](def-000-agx.md): {% alert level="danger" %} - [Additional AWS regions enabled](def-000-ahh.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1535-unused-... - [Ensure AppArmor is enabled in the bootloader configuration](def-000-ai1.md): Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot para... - [Disable Kernel Parameter for IPv6 Forwarding](def-000-aj3.md): To set the runtime status of the`net.ipv6.conf.all.forwarding`kernel parameter, run the following command: - [BigQuery data sets should specify a default customer-managed encryption key](def-000-ajz.md): By default, BigQuery uses envelope encryption with Google-managed cryptographic keys to encrypt the data at rest. The... - [Fortinet Fortimanager alert](def-000-ak0.md): {% alert level="danger" %} - [Projects should not have legacy networks configured for older projects](def-000-ak9.md): To prevent use of legacy networks, a project should not have a legacy network configured. Legacy networks can no long... - [Google Cloud exposed service account key](def-000-al8.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1552-unsec... - [Disable Accepting Router Advertisements on all IPv6 Interfaces by Default](def-000-am0.md): To set the runtime status of the`net.ipv6.conf.default.accept_ra`kernel parameter, run the following command: - [An EKS Cluster's Kubelet should be allowed to manage iptables](def-000-am9.md): It is recommended that kubelets be allowed to manage changes to`iptables`. This ensures that the`iptables`configur... - [>-](def-000-an3.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Amazon Bedrock discovery attempt by long term access key](def-000-an8.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Enable PAM](def-000-anx.md): UsePAM Enables the Pluggable Authentication Module interface. If set to "yes" this will enable PAM authentication usi... - [>-](def-000-aoc.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Uninstall avahi Server Package](def-000-aoq.md): If the system does not need to have an Avahi server which implements the DNS Service Discovery and Multicast DNS prot... - [MySQL instances should have the 'local_infile' database flag set to 'off](def-000-apa.md): Datadog recommends setting the`local_infile`database flag for a Cloud SQL MySQL instance to off. - [Verify Non-Root Password Modifications on Host](def-000-aph.md): | Impact | Remediation complexity | Severity | Recommended value | - [Asana user multi-factor authentication method disabled](def-000-apr.md): {% alert level="danger" %} - [>-](def-000-apy.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [IAM roles with policies attached should be used within the last 90 days](def-000-aq6.md): Ensuring IAM roles are actively used within the last 90 days helps maintain a secure AWS environment. Inactive roles ... - [ECS services should have volume encryption for mounted EFS volumes](def-000-as4.md): ECS services that mount EFS volumes should ensure that all mounted EFS file systems have encryption enabled to protec... - [>-](def-000-asx.md): A publicly accessible host is affected by [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094). The vulner... - [Verify Owner on SSH Server config file](def-000-at7.md): To properly set the owner of`/etc/ssh/sshd_config`, run the command: - [Default network access rule for storage accounts should be set to deny](def-000-atz.md): Ensure default network access rule for storage accounts is set to deny to prevent unauthorized access. - [>-](def-000-au9.md): To reduce the risk of [confused deputy](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html) attack... - [VPCs should have interface endpoint for Amazon ECR API](def-000-aw1.md): Virtual private clouds (VPCs) should have interface VPC endpoints configured for Amazon ECR API to enable private acc... - [VPCs should have interface endpoint for ECR Docker Registry](def-000-aw2.md): Virtual private clouds (VPCs) should have interface VPC endpoints configured for ECR Docker Registry to enable privat... - [CloudFormation stacks should have termination protection enabled](def-000-aw4.md): CloudFormation stacks should have termination protection enabled to prevent accidental deletion. Termination protecti... - [OpenSearch domains should have encryption at rest enabled](def-000-aw5.md): This check ensures an OpenSearch domain has encryption-at-rest enabled. To enhance security for sensitive information... - [Microsoft 365 Exchange transport rule set up to automatically forward email](def-000-axe.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1114-email-collec... - [Alpha clusters should not be used for production workloads](def-000-axx.md): Alpha clusters are not suitable for production workloads. They are intended for early adopters to test new features b... - [The GKE cluster should be encrypted using customer-managed keys in KMS](def-000-axy.md): Kubernetes secrets, stored in etcd, at the application layer should be encrypted using a customer-managed key in Clou... - [GKE nodes should use the metadata server](def-000-axz.md): Pods should not have full access to a node's metadata. Using the GKE metadata server keeps sensitive metadata on a se... - [Private application load balancers should drop HTTP headers](def-000-ay9.md): This control checks that private AWS Application Load Balancers (ALBs) are set to discard invalid HTTP headers. The c... - [Command injection attempt detected](def-000-az2.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Distributed Credential Stuffing campaign (attempt count)](def-000-azr.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [Trend Micro Email Security alert: High volume of emails from sender](def-000-b0v.md): {% alert level="danger" %} - [Azure user removed from restricted administrative unit](def-000-b12.md): {% alert level="danger" %} - [>-](def-000-b1r.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Verify User Who Owns /etc/at.deny file](def-000-b2e.md): If`/etc/at.deny`exists, it must be owned by`root`. To properly set the owner of`/etc/at.deny`, run the command: - [Neptune DB clusters should publish audit logs to CloudWatch Logs](def-000-b39.md): This control verifies if a Neptune DB cluster is configured to publish audit logs to Amazon CloudWatch Logs. The para... - [>-](def-000-b3z.md): Storage Logging operates on the server-side, logging details of both successful and failed requests in the storage ac... - [Unauthenticated route returns non-sensitive PII data](def-000-b46.md): The API allows unauthenticated users to access non-sensitive personally identifiable information (PII), which may not... - [Set Existing Passwords Maximum Age](def-000-b54.md): Configure non-compliant accounts to enforce a 365-day maximum password lifetime restriction by running the following ... - [Enable rsyslog Service](def-000-b5b.md): The`rsyslog`service provides syslog-style logging by default on Ubuntu 20.04. The`rsyslog`service can be enabled ... - [Configure ntpd To Run As ntp User](def-000-b5y.md): ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across ... - [AWS Lambda function modified by IAM user](def-000-b61.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [AWS principal granted access to a EKS cluster then removed](def-000-b69.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1070-indicat... - [OpenSearch domains should have at least three data nodes](def-000-b6i.md): This check determines if Amazon OpenSearch Service domains are configured with at least three data nodes. Having a mi... - [Windows PurpleSharp execution](def-000-b8k.md): {% alert level="danger" %} - [AWS Management Console sign-ins without MFA should be monitored](def-000-b8q.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Enable GNOME3 Screensaver Lock After Idle Period](def-000-b8z.md): To activate locking of the screensaver in the GNOME3 desktop when it is activated, add or set`lock-enabled`to`true... - [Azure administrative unit modified](def-000-b90.md): {% alert level="danger" %} - [Instance roles should be used for AWS resource access from instances](def-000-ba6.md): This check ensures the EC2 instance uses IAM instance roles for granting resource access. By assigning an IAM role to... - [All Interactive User Home Directories Must Be Group-Owned By The Primary Group](def-000-bb1.md): Change the group owner of interactive users home directory to the group found in`/etc/passwd`. To change the group o... - [Verify All Account Password Hashes are Shadowed](def-000-bbp.md): If any password hashes are stored in`/etc/passwd`(in the second field, instead of an`x`or`*`), the cause of this... - [S3 bucket policy changes should be monitored](def-000-bc0.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [PingOne multiple authentication assertions failed by FIDO device](def-000-bc6.md): {% alert level="danger" %} - [An AKS Cluster's Kubelet should not allow hostname overrides](def-000-be3.md): Hostnames in the cluster should not be overriden. This could potentially break the TLS setup between Kubelet and the ... - [A GKE Cluster's Kubelet's read-only port should be disabled](def-000-be9.md): The read-only port should be disabled so unauthenticated users cannot retrieve potentially sensitive information abou... - [AWS IAM AmazonSESFullAccess policy was applied to a group](def-000-beg.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [AWS IAM Roles Anywhere trust anchor created](def-000-bf8.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Object-level logging should be enabled for S3 bucket write events](def-000-bf9.md): S3 object-level API write event operations, such as`GetObject`,`DeleteObject`, and`PutObject`, are considered data... - [''Create or Update Public Ip Address'' activity log alert should be configured](def-000-bfa.md): To enhance network security monitoring and expedite the detection of suspicious activity, it is recommended to create... - [Windows PowerShell Rubeus execution](def-000-bfe.md): {% alert level="danger" %} - [Missing X-Frame-Options HTTP header](def-000-bh2.md): This publicly exposed API endpoint does not implement the X-Frame-Options header. This header allows to control wheth... - [Ensure the Default Umask is Set Correctly in /etc/profile](def-000-bhr.md): To ensure the default umask controlled by`/etc/profile`is set properly, add or correct the`umask`setting in`/etc... - [Set Interval For Counting Failed Password Attempts](def-000-bhu.md): Utilizing`pam_faillock.so`, the`fail_interval`directive configures the system to lock out an account after a numbe... - [Atlassian Confluence admin key usage](def-000-bhv.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [Critical windows file modified](def-000-bhz.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1036-masqueradin... - [Multiple GitLab OTP attempts denied](def-000-bjq.md): {% alert level="danger" %} - [Deactivate Wireless Network Interfaces](def-000-bk3.md): Deactivating wireless network interfaces should prevent normal usage of the wireless capability. - [Ensure PAM Enforces Password Requirements - Minimum Digit Characters](def-000-bkt.md): The pam_pwquality module's`dcredit`parameter controls requirements for usage of digits in a password. When set to a... - [Command injection exploited](def-000-blm.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Configure systemd-journal-upload URL](def-000-bme.md): Ubuntu 24.04 must offload rsyslog messages for networked systems in real time and offload standalone systems at least... - [Verify that audit tools are owned by group root](def-000-bn1.md): The Ubuntu 20.04 operating system audit tools must have the proper ownership configured to protected against unauthor... - [CloudTrail trails should be integrated with CloudWatch Logs](def-000-bop.md): It is recommended that CloudTrail logs be sent to CloudWatch Logs. AWS CloudTrail records the identity of the API cal... - [>-](def-000-bpm.md): This control examines whether your IAM User inline policies allow AWS KMS decryption actions on all KMS resources. Th... - [Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces](def-000-bqb.md): To set the runtime status of the`net.ipv4.conf.all.send_redirects`kernel parameter, run the following command: - [AWS IAM user has a large permissions gap](def-000-bqd.md): To mitigate the impact of credential exposure or compromise, IAM policies should be scoped down to the least level of... - [Verify permissions on Message of the Day Banner](def-000-bqi.md): To properly set the permissions of`/etc/motd`, run the command: - [Storage for critical data should be encrypted with Customer Managed Key](def-000-bt0.md): By default all data in Azure storage account, including blobs, disks, files, queues, tables, and object metadata, is ... - [Windows active directory privileged users or groups reconnaissance](def-000-bts.md): {% alert level="danger" %} - [RDS clusters should be configured to copy tags to snapshots](def-000-bxd.md): This control verifies RDS DB clusters are set to automatically copy all tags to snapshots upon creation. Proper ident... - [Generic DNS tunnel detected by Zeek](def-000-bxh.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1071-app... - [Set configuration for loopback traffic](def-000-byk.md): Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback ne... - [Verify Who Owns /etc/shells File](def-000-c16.md): To properly set the owner of`/etc/shells`, run the command: - [Verify Permissions on gshadow File](def-000-c1c.md): To properly set the permissions of`/etc/gshadow`, run the command: - [Require Re-Authentication When Using the sudo Command](def-000-c1q.md): The sudo`timestamp_timeout`tag sets the amount of time sudo password prompt waits. The default`timestamp_timeout`... - [>-](def-000-c46.md): {% alert level="danger" %} - [EFS file systems should be in backup plans](def-000-c4m.md): This control verifies whether Amazon EFS file systems are incorporated into AWS Backup plans. - [An EKS Cluster's Kubelet's read-only port should be disabled](def-000-c4p.md): The read-only port should be disabled so unauthenticated users cannot retrieve potentially sensitive information abou... - [An EKS Cluster's Kubelet should have the eventRecordQPS entry set](def-000-c51.md): Security relevant information should be captured. The`eventRecordQPS`setting in the Kubelet configuration controls ... - [Windows suspicious computer name containing Samtheadmin](def-000-c5t.md): {% alert level="danger" %} - [All Interactive User Home Directories Must Have mode 0750 Or Less Permissive](def-000-c78.md): Change the mode of interactive users home directories to`0750`. To change the mode of interactive users home directo... - [Add nodev Option to /tmp](def-000-c7a.md): The`nodev`mount option can be used to prevent device files from being created in`/tmp`. Legitimate character and b... - [The GKE kubeconfig file should have permissions set to 644 or more restrictive](def-000-c7s.md): If kubelet is configured by a kubeconfig file, ensure that the kubeconfig file has permissions of`644`or more restr... - [An EKS's Kubelet should use TLS authentication](def-000-c8j.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [Ensure All User Initialization Files Have Mode 0740 Or Less Permissive](def-000-c8z.md): Set the mode of the user initialization files to`0740`with the following command: - [Verify /boot/efi/EFI/redhat/user.cfg User Ownership](def-000-c9k.md): The file`/boot/efi/EFI/redhat/user.cfg`should be owned by the`root`user to prevent reading or modification of the... - [Disable the CUPS Service](def-000-ca0.md): The`cups`service can be disabled with the following command: - [Endpoint accepts JWT with known security limitations](def-000-ca9.md): This publicly exposed API endpoint accepts JWT signed using HMAC and a symmetric key (such as`HS256`).Although not v... - [>-](def-000-cbg.md): By enabling the`log_connections`setting, every attempted server connection is logged along with the successful comp... - [>-](def-000-cbi.md): Enabling the EC2 setting 'VPC Block Public Access' is an important preventative measure against inadvertent exposure ... - [Verify No netrc Files Exist](def-000-cc3.md): The`.netrc`files contain login information used to auto-login into FTP servers and reside in the user's home direct... - [>-](def-000-cci.md): This control verifies that Amazon Bedrock custom models are **not** outputting model data to publicly accessible Amaz... - [Oracle Cloud user failed login followed by success](def-000-ccv.md): {% alert level="danger" %} - [Windows MSI installation from web](def-000-ce3.md): {% alert level="danger" %} - [EC2 Transit Gateways should not automatically accept VPC attachment requests](def-000-cea.md): This check verifies whether EC2 transit gateways are set to automatically accept shared VPC attachments. The check wi... - [GKE clusters should have monitoring and logging enabled](def-000-cev.md): This control validates the configuration of logging and monitoring on GKE Clusters. Exporting logs and metrics to a d... - [FTP deployments should be disabled](def-000-cf1.md): By default, Azure Functions, App Service applications, and API Apps can be deployed over FTP. If an essential deploym... - [EMR block public access setting should be enabled](def-000-cfj.md): Amazon EMR provides the 'Block public access' (BPA) setting to help restrict unintended public access to data stored ... - [Redis server wrote suspicious module file](def-000-cfq.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1129-shared-module... - [A log metric filter and alert should exist for audit configuration changes](def-000-ch4.md): Google Cloud Platform (GCP) services write audit log entries to the Admin Activity and Data Access logs to help answe... - [Potential Google Cloud cryptomining attack from Tor IP](def-000-chb.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Ensure LDAP client is not installed](def-000-ci5.md): The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from ... - [>-](def-000-cju.md): By default, BigQuery encrypts data at rest by employing`Envelope Encryption`using Google managed cryptographic keys... - [Google Workspace user edited account recovery information](def-000-cl5.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](def-000-cm1.md): Enabling`log_retention_days`helps PostgreSQL Database to set the number of days a log file is retained, which in tu... - [AWS principal assigned administrative privileges in an EKS cluster](def-000-cm5.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Verify Permissions on /etc/security/opasswd File](def-000-cmn.md): To properly set the permissions of`/etc/security/opasswd`, run the command: - [GitHub payment method removed](def-000-cp5.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Verify Permissions and Ownership of Old Passwords File](def-000-cpg.md): To properly set the owner of`/etc/security/opasswd`, run the command: - [Azure managed identity has access to a large number of resources](def-000-cq4.md): To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least scop... - [VPCs should have interface endpoint for SSM](def-000-cq7.md): Virtual private clouds (VPCs) should have interface VPC endpoints configured for AWS Systems Manager (SSM) to enable ... - [Install iptables-persistent Package](def-000-cqr.md): The`iptables-persistent`package can be installed with the following command: - [AppSync GraphQL APIs should not use API keys for authentication](def-000-crl.md): Use approved authorization mechanisms for your AWS AppSync GraphQL APIs - [GitHub personal access token impossible travel detected from suspicious IP](def-000-cro.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [RDS instance snapshots should not be shared with external accounts](def-000-cry.md): This rule evaluates whether Amazon RDS instance snapshots are shared with external AWS accounts that are not onboarde... - [The Web UI Dashboard should be disabled](def-000-cs0.md): The Web UI dashboard should be disabled since it is historically a good source of vulnerabilities for a cluster. - [EKS Cluster secrets encryption should be enabled and use KMS CMKs](def-000-csa.md): EKS clusters should use AWS KMS customer-managed keys (CMKs) for envelope encryption of Kubernetes secrets. This allo... - [Uninstall DHCP Server Package](def-000-csn.md): If the system does not need to act as a DHCP server, the dhcp package can be uninstalled. The`isc-dhcp-server`packa... - [Remove NIS Client](def-000-csq.md): The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol ... - [Disable dnsmasq Service](def-000-cu7.md): The`dnsmasq`service can be disabled with the following command: - [Auth0 Guardian MFA push notifications rejected by user](def-000-cue.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Atlassian user added to organization administrative group](def-000-cuu.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Windows Impacket PsExec execution](def-000-cv5.md): {% alert level="danger" %} - [Verify User Who Owns /var/log/waagent.log File](def-000-cvb.md): To properly set the owner of`/var/log/waagent.log`, run the command: - [Impossible travel scenario observed in Cloudflare logs](def-000-cws.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [ElastiCache Redis replication groups should have automatic failover enabled](def-000-cy0.md): Enable automatic failover for your ElastiCache for Redis replication groups - [>-](def-000-cyc.md): To ensure the security of your AWS environment, you should centrally manage root user credentials and sessions for al... - [Disable LDAP Server (slapd)](def-000-czh.md): The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from ... - [Microsoft 365 Copilot Studio agent access control policy set to open](def-000-czi.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Looney Tunables (CVE-2023-4911) exploited for privilege escalation](def-000-czm.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1068-ex... - [Disable snmpd Service](def-000-d0h.md): The`snmpd`service can be disabled with the following command: - [Network ACL changes should be monitored](def-000-d0q.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Neptune DB clusters should have IAM database authentication enabled](def-000-d17.md): This control verifies whether IAM database authentication is enabled for a Neptune DB cluster. - [''Delete Policy Assignment'' activity log alert should be configured](def-000-d1v.md): To enhance the detection of unsolicited changes and streamline the monitoring of modifications made in the **Policy -... - [Verify Permissions on cron.monthly](def-000-d2s.md): To properly set the permissions of`/etc/cron.monthly`, run the command: - [GitHub activity from automated scraping tool](def-000-d3y.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Add nosuid Option to /var/log/audit](def-000-d4e.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/var/log/audit`. The SUID and SGID ... - [Keycloak high number of error events from a realm](def-000-d5h.md): {% alert level="danger" %} - [Gitlab SSO disabled](def-000-d87.md): {% alert level="danger" %} - [Cloud DNS logging should be enabled for VPC networks](def-000-d8s.md): Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come f... - [>-](def-000-d94.md): A privileged, publicly accessible Azure VM instance has one or more critical severity vulnerabilities. - [Enable GNOME3 Login Warning Banner](def-000-dbo.md): In the default graphical environment, displaying a login warning banner in the GNOME Display Manager's login screen c... - [GitHub personal access token used by previously unseen user agent](def-000-dca.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty](def-000-dct.md): Ensure that the group`sugroup`referenced by`var_pam_wheel_group_for_su`variable and used as value for the`pam_wh... - [Trend Micro Vision One Endpoint Security alert: Spyware or grayware detected](def-000-ddt.md): {% alert level="danger" %} - [User Initialization Files Must Be Owned By the Primary User](def-000-dev.md): Set the owner of the user initialization files for interactive users to the primary owner with the following command: - [Unauthenticated activity detected](def-000-df3.md): Tactic:[TA0004-privilege_escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1134-access-token-manipulati... - [>-](def-000-dfy.md): Unpatched vulnerabilities can increase the likelihood of exposing weaknesses, creating an entry point for attackers t... - [KMS roles assigned to users should utilize 'Separation of Duties](def-000-dge.md): It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users. - [Snowflake known malicious client application session](def-000-dgf.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [The app service should enable registration with Azure Active Directory](def-000-dgk.md): Managed service identity in App Service makes an app more secure by eliminating secrets from the app, such as credent... - [DynamoDB tables should have point-in-time recovery enabled](def-000-dgn.md): This feature verifies if point-in-time recovery (PITR) has been activated for an Amazon DynamoDB table. - [Disable systemd_timesyncd Service](def-000-dgq.md): The`systemd_timesyncd`service can be disabled with the following command: - [RDS instances should be deployed inside of a VPC](def-000-dgt.md): This validation verifies if an Amazon RDS instance is set up in an EC2-VPC. - [Remove telnet Clients](def-000-dgw.md): The telnet client allows users to start connections to other systems via the telnet protocol. - [A log metric filter and alert should exist for VPC network changes](def-000-dh3.md): It is recommended that a metric filter and alarm be set up for Virtual Private Cloud (VPC) network changes. - [>-](def-000-dif.md): To set the runtime status of the`net.ipv4.conf.default.send_redirects`kernel parameter, run the following command: - [Customer-Managed Encryption Keys (CMEK) should be used for boot disks](def-000-dj0.md): Use Customer-Managed Encryption Keys (CMEK) to encrypt node boot disks using keys managed within Cloud Key Management... - [GitHub mass deletion of repositories](def-000-djb.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Disable GNOME3 Automount Opening](def-000-dk2.md): The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB f... - [>-](def-000-dmd.md): This control checks whether an Amazon OpenSearch Service domain endpoint is configured to use the latest TLS security... - [Disable named Service](def-000-dme.md): The`named`service can be disabled with the following command: - [IAM policies should not use ''Effect: Allow'' with ''NotAction''](def-000-dml.md): IAM policies using 'Effect: Allow' with 'NotAction' permits all actions except those explicitly denied, which can lea... - [EFS access points should enforce a user identity](def-000-dmn.md): This control verifies whether Amazon EFS access points are configured to enforce a specific user identity. The contro... - [Route vulnerable to Server-Side Request Forgery (SSRF)](def-000-dmz.md): An API endpoint was found [vulnerable to SSRF attacks](https://app.datadoghq.com/security/appsec/vm/code?query=status... - [GKE Kubelet kubeconfig file ownership should be assigned to root](def-000-dn7.md): Ensure that the file ownership of the kubelet's kubeconfig file is set to`root:root`. You should set its file owners... - [Modify the System Login Banner](def-000-dnw.md): To configure the system login banner edit`/etc/issue`. Replace the default text with a message compliant with the lo... - [Verify Permissions on Backup group File](def-000-do8.md): To properly set the permissions of`/etc/group-`, run the command: - [GitLab brute force attack](def-000-dpx.md): {% alert level="danger" %} - [Route returns sensitive PII data without HTTPS](def-000-dq2.md): The API transmits sensitive personally identifiable information (PII) over a non encrypted channel. - [Forcepoint Security Service Edge high number of download events from a user](def-000-dqn.md): {% alert level="danger" %} - [Sudoers policy file modified](def-000-dqx.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1548-abuse-e... - [Windows RottenPotato like attack pattern](def-000-dqy.md): {% alert level="danger" %} - [Tailscale user approval configuration disabled](def-000-dr5.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Uninstall apache2 Package](def-000-dsi.md): The`apache2`package can be removed with the following command: - [User enumeration through password reset](def-000-dth.md): Tactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1589-gather-victim-identity-inform... - [Verify Groupownership of Files in /var/log/gdm](def-000-dtq.md): To properly set the group owner of`/var/log/gdm/*`, run the command: - [Verify Ownership of Files in /var/log/gdm](def-000-dtr.md): To properly set the owner of`/var/log/gdm/*`, run the command: - [Verify SSL Certificate Modified on Host](def-000-duv.md): | Impact | Remediation complexity | Severity | Recommended value | - [Ensure No World-Writable Files Exist](def-000-dv8.md): It is generally a good idea to remove global (other) write access to a file when it is discovered. However, check wit... - [>-](def-000-dvu.md): {% alert level="danger" %} - [Verify Group Who Owns /var/log/secure File](def-000-dvv.md): To properly set the group owner of`/var/log/secure`, run the command: - [Verify Permissions on /etc/at.allow file](def-000-dvy.md): If`/etc/at.allow`exists, it must have permissions`0640`or more restrictive. To properly set the permissions of`/... - [All Interactive User Home Directories Must Be Owned By The Primary User](def-000-dyw.md): Change the owner of interactive users home directories to that correct owner. To change the owner of a interactive us... - [Require Authentication for Emergency Systemd Target](def-000-dzd.md): Emergency mode is intended as a system recovery method, providing a single user root access to the system during a fa... - [SentinelOne Alerts](def-000-dzm.md): Classification:attack - [AWS principal added to multiple EKS clusters](def-000-dzx.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Verify Permissions on /etc/shells File](def-000-e08.md): To properly set the permissions of`/etc/shells`, run the command: - [DynamoDB tables should scale automatically with demand](def-000-e0r.md): This control verifies if an Amazon DynamoDB table can automatically adjust its read and write capacity based on deman... - [API Gateway stage REST API should have AWS X-Ray tracing enabled](def-000-e0t.md): This check verifies if active tracing is enabled for AWS X-Ray on your Amazon API Gateway REST API stages. Active tra... - [CloudFront distributions should use SNI to serve HTTPS requests](def-000-e19.md): This check examines whether Amazon CloudFront distributions are using a custom SSL/TLS certificate and have been set ... - [Public endpoint lacks assigned owner](def-000-e1g.md): This public endpoint has no assigned team. This can lead to maintenance issues and increase the likelihood of undetec... - [Verify User Who Owns gshadow File](def-000-e24.md): To properly set the owner of`/etc/gshadow`, run the command: - [Uninstall openldap-servers Package](def-000-e34.md): The slapd package is not installed by default on a Ubuntu 20.04 system. It is needed only by the OpenLDAP server, not... - [Verify Only Root Has UID 0](def-000-e36.md): If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other th... - [Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server](def-000-e49.md): The`rsyslog`daemon should not accept remote messages unless the system acts as a log server. To ensure that it is n... - [RDS instance snapshots should be encrypted at rest](def-000-e4p.md): Ensure all snapshots in Amazon RDS, Neptune, DocumentDB, and Aurora are **encrypted** to protect data confidentiality... - [Verify the UEFI Boot Loader grub.cfg Permissions](def-000-e59.md): File permissions for`/boot/efi/EFI/redhat/grub.cfg`should be set to 700. To properly set the permissions of`/boot/... - [>-](def-000-e6s.md): To set the runtime status of the`net.ipv4.icmp_ignore_bogus_error_responses`kernel parameter, run the following com... - [Verify Group Who Owns passwd File](def-000-e7w.md): To properly set the group owner of`/etc/passwd`, run the command: - [AWS EC2 security group events observed with a suspicious naming convention](def-000-e7x.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [A GKE Cluster's Kubelet should rotate client certificates automatically](def-000-e82.md): Client certificates should be rotated. This ensures there is no downtime due to expired certificates. - [Elasticsearch domains should have audit logs enabled](def-000-e99.md): This control confirms that audit logging is enabled for Elasticsearch domains. Audit logs allow extensive customizati... - [>-](def-000-e9x.md): It is recommended to enable 'infrastructure encryption' when creating Azure Database for PostgreSQL servers. This add... - [Brute force attack detected against user account](def-000-eaa.md): {% alert level="danger" %} - [>-](def-000-eax.md): {% alert level="danger" %} - [Windows PowerShell volume shadow copy deletion](def-000-ebd.md): {% alert level="danger" %} - [Disable vsftpd Service](def-000-ebq.md): The`vsftpd`service can be disabled with the following command: - [Ensure All Groups on the System Have Unique Group ID](def-000-ecp.md): Change the group name or delete groups, so each has a unique id. - [Azure Virtual Machine instance has administrative privileges over resources](def-000-edw.md): This rule ensures that none of your Virtual Machines have administrative roles with root management group scope attac... - [Privileged Azure Entra user is a guest account](def-000-ee1.md): Guest accounts are users external to your organization that have been invited into your Azure tenant. They open an ad... - [Snowflake external access occurred](def-000-eer.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [Verify Group Who Owns Backup shadow File](def-000-eev.md): To properly set the owner of`/etc/shadow-`, run the command: - [>-](def-000-ef7.md): Ubuntu 24.04 must offload rsyslog messages for networked systems in real time and offload standalone systems at least... - [ECS task definitions should enable in transit encryption for EFS](def-000-efs.md): Amazon ECS task definitions that mount Amazon Elastic File System (EFS) volumes must enable in transit encryption to ... - [GitHub SSH certificate authority deleted](def-000-eg5.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Potential rootkit compiled and then loaded](def-000-eg6.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1574-hijack-... - [Ivanti connect secure multiple blocked web requests detected](def-000-ehy.md): {% alert level="danger" %} - [Verify ownership of System Login Banner](def-000-eil.md): To properly set the owner of`/etc/issue`, run the command: - [Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces](def-000-eji.md): To set the runtime status of the`net.ipv4.conf.all.log_martians`kernel parameter, run the following command: - [Publicly Accessible EC2 instance has a critical vulnerability](def-000-elx.md): A publicly accessible EC2 instance has one or more critical severity vulnerabilities. - [Configure Kernel Parameter for Accepting Secure Redirects By Default](def-000-em7.md): To set the runtime status of the`net.ipv4.conf.default.secure_redirects`kernel parameter, run the following command: - [Azure AD MFA disabled](def-000-eo1.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [OSSEC Alert: Multiple authentication failures](def-000-ep8.md): {% alert level="danger" %} - [Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces](def-000-epd.md): To set the runtime status of the`net.ipv4.ip_forward`kernel parameter, run the following command: - [EKS Cluster should have public access limited](def-000-epz.md): When public access is enabled in an EKS cluster, it should be limited to a specific set of CIDRs. For security, publi... - [Disable Core Dumps for SUID programs](def-000-eqj.md): To set the runtime status of the`fs.suid_dumpable`kernel parameter, run the following command: - [Cognito user pool password policies should have strong configurations](def-000-er4.md): Password policies for Amazon Cognito user pools should enforce strong configurations to protect user credentials agai... - [Azure storage accounts should not allow cross tenant replication](def-000-etc.md): Cross-tenant replication in Azure enables replicating storage account data from a source in one Azure AD tenant to a ... - [Verify ownership of log files (ubuntu2404)](def-000-eu0.md): Any operating system providing too much information in error messages risks compromising the data and security of the... - [AWS IAM user has administrative privileges](def-000-eui.md): This rule ensures that none of your IAM users have highly privileged policies or administrative policies attached to ... - [Disable Mounting of jffs2](def-000-eus.md): To configure the system to prevent the`jffs2`kernel module from being loaded, add the following line to the file`/... - [Ensure PAM Enforces Password Requirements - Enforce for root User](def-000-ev0.md): The pam_pwquality module's`enforce_for_root`parameter controls requirements for enforcing password complexity for t... - [Cisco Secure Endpoint high number of malicious files from single host](def-000-ewq.md): {% alert level="danger" %} - [SSL connection on MySQL Database Server should be enabled](def-000-eys.md): Enable SSL connectivity on MySQL Servers. SSL connectivity helps to provide a new layer of security by connecting dat... - [Amazon SNS enumeration attempt by previously unseen user](def-000-eyt.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Sophos Central Cloud alert](def-000-f0u.md): {% alert level="danger" %} - [Ensure that /etc/at.allow exists](def-000-f0v.md): The file`/etc/at.allow`should exist and should be used instead of`/etc/at.deny`. - [Enable cron Service](def-000-f1n.md): The`crond`service is used to execute commands at preconfigured times. It is required by almost all systems to perfo... - [TruffleHog user agent observed in AWS](def-000-f2a.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1552-unsec... - [Install firewalld Package](def-000-f2u.md): The`firewalld`package can be installed with the following command: - [>-](def-000-f3x.md): This rule checks whether storage account encryption scopes are using customer-managed keys to encrypt data at rest. I... - [WAF rules should have CloudWatch metrics enabled](def-000-f43.md): This control verifies whether monitoring metrics have been enabled for a WAFv2 rule group within your cloud-based fir... - [>-](def-000-f4v.md): Enabling the EC2 setting 'Allowed AMIs' ensures that only approved and trusted Amazon Machine Images are used to laun... - [Set Existing Passwords Warning Age](def-000-f5b.md): To configure how many days prior to password expiration that a warning will be issued to users, run the command: - [Verify Group Who Owns /etc/security/opasswd.old File](def-000-f5g.md): To properly set the group owner of`/etc/security/opasswd.old`, run the command: - [Disable ypserv Service](def-000-f8b.md): The`ypserv`service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The`yp... - [Route returns sensitive PII without setting Cache-Control HTTP header](def-000-f8l.md): This publicly exposed API endpoint returns non-sensitive personally identifiable information (PII) without implementi... - [Uninstall nfs-kernel-server Package](def-000-f8r.md): The`nfs-kernel-server`package can be removed with the following command: - [Remove tftp Daemon](def-000-f99.md): Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer co... - [Verify User Account Creation on Host](def-000-f9k.md): | Impact | Remediation complexity | Severity | Recommended value | - [''Service Health'' activity log alert should be configured](def-000-f9z.md): Activity Log Alerts for Service Health events provide notifications about Azure service issues, planned maintenance, ... - [Install the cron service](def-000-fae.md): The Cron service should be installed. - [ElastiCache Redis clusters before version 6.0 should use Redis AUTH](def-000-fbu.md): ElastiCache for Redis clusters before version 6.0 should use Redis AUTH - [Verify Permissions on /etc/at.deny file](def-000-fca.md): If`/etc/at.deny`exists, it must have permissions`0640`or more restrictive. To properly set the permissions of`/e... - [Forcepoint Security Service Edge high volume of emails from a sender](def-000-fcx.md): {% alert level="danger" %} - [KMS key policy should not allow everyone to use it](def-000-fdu.md): KMS keys are assigned a resource-based policy that controls who can use and manage the key. - [Set GNOME3 Screensaver Lock Delay After Activation Period](def-000-feq.md): To activate the locking delay of the screensaver in the GNOME3 desktop when the screensaver is activated, add or set ... - [Twilio account token promoted](def-000-ffs.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Legacy authorization (ABAC) should be disabled](def-000-fho.md): Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Co... - [Ensure All Files Are Owned by a User](def-000-fih.md): If any files are not owned by a user, then the cause of their lack of ownership should be investigated. Following thi... - [Uninstall dnsmasq Package](def-000-fj3.md): dnsmasq is a lightweight tool that provides DNS caching, DNS forwarding and DHCP (Dynamic Host Configuration Protocol... - [>-](def-000-fkp.md): This control verifies that all Amazon Bedrock Agent aliases point to Agent versions with an Amazon Guardrail policy t... - [Tor client IP address identified within Azure environment](def-000-fky.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1573-enc... - [Windows important scheduled task deleted or disabled](def-000-fkz.md): {% alert level="danger" %} - [Verify that audit tools are owned by root](def-000-fly.md): The Ubuntu 20.04 operating system audit tools must have the proper ownership configured to protected against unauthor... - [Tor client IP address identified within AWS environment](def-000-fn6.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Attempt to modify a 1Password item by user](def-000-fnn.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [DynamoDB Accelerator (DAX) clusters should be encrypted at rest](def-000-fp2.md): This control verifies whether an Amazon DynamoDB Accelerator (DAX) cluster has encryption enabled for data at rest. - [AWS Organizations changes should be monitored](def-000-fp3.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Verify Permissions on /var/log/localmessages(.*) Files](def-000-fqf.md): To properly set the permissions of`/var/log/localmessages`, run the command: - [Windows malware protection engine crash](def-000-fqn.md): {% alert level="danger" %} - [Disable Host-Based Authentication](def-000-fqw.md): SSH's cryptographic host-based authentication is more secure than`.rhosts`authentication. However, it is not recomm... - [Uninstall vsftpd Package](def-000-frb.md): The`vsftpd`package can be removed with the following command: - [Jamf Protect threat events](def-000-fru.md): Classification:attack - [GitHub Dependabot configuration changed](def-000-fs2.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Snowflake stage set to anomalous external cloud location](def-000-ftu.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Ensure Users Re-Authenticate for Privilege Escalation - sudo](def-000-fuc.md): The sudo`NOPASSWD`and`!authenticate`option, when specified, allows a user to execute commands using sudo without ... - [>-](def-000-fuz.md): {% alert level="danger" %} - [Supply-Chain Firewall unverified package manager command](def-000-fw0.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1195-supply-c... - [Snowflake new data transfer to location](def-000-fxj.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [AWS ECS CreateCluster API calls in multiple regions](def-000-fy7.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [ElastiCache Redis clusters should be configured for automatic backup](def-000-fyu.md): This check assesses if an Amazon ElastiCache for Redis cluster has automatic backups scheduled. It will not pass if t... - [Ensure There Are No Accounts With Blank or Null Passwords](def-000-fyy.md): Check the "/etc/shadow" file for blank passwords with the following command: - [Support roles should be created to manage incidents with AWS Support](def-000-fz8.md): AWS provides a support center that can be used for incident notification and response, as well as technical support a... - [AWS Verified Access anomalous failed authentication attempts by host](def-000-g1e.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [SQL servers should use customer-managed keys to encrypt data at rest](def-000-g1q.md): This rule checks if SQL servers are using customer-managed keys to encrypt data at rest. This is important for ensuri... - [EC2 instances should not be publicly accessible](def-000-g1u.md): This validation examines whether EC2 instances are publicly accessible. Private IPv4 addresses can be used for commun... - [Redshift clusters should enable SSL/TLS for client connections](def-000-g1w.md): Enable the`require_ssl`parameter for your Amazon Redshift cluster. - [Classic Load Balancers should be configured to use Connection Draining](def-000-g2d.md): This control verifies connection draining is enabled for Classic Load Balancers. Enabling connection draining ensures... - [Ensure that All Entries in The Path of Root Are Directories](def-000-g42.md): For each element in root's path, run: - [Enable authselect](def-000-g4g.md): Configure user authentication setup to use the`authselect`tool. If authselect profile is selected, the rule will en... - [Amazon EC2 AMI exfiltration attempt by IAM user](def-000-g55.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Crowdstrike Alerts](def-000-g5w.md): Classification:attack - [Zoom user updated to privileged role](def-000-g6t.md): {% alert level="danger" %} - [Windows privilege escalation via local kerberos relay over LDAP](def-000-g6z.md): {% alert level="danger" %} - [>-](def-000-g71.md): {% alert level="danger" %} - [Classic Load Balancers should utilize cross-zone load balancing](def-000-g83.md): This check ensures cross-zone load balancing is activated for Classic Load Balancers. When cross-zone load balancing ... - [Neptune DB clusters should have deletion protection enabled](def-000-g95.md): This control verifies whether a Neptune DB cluster has deletion protection activated. - [Limit Password Reuse: password-auth](def-000-gay.md): Do not allow users to reuse recent passwords. This can be accomplished by using the`remember`option for the`pam_pw... - [Trellix Endpoint Security suspicious call was detected and blocked](def-000-gcu.md): {% alert level="danger" %} - [Ensure Local Login Warning Banner Is Configured Properly](def-000-gde.md): To configure the system local login warning banner edit the`/etc/issue`file. The contents of this file is displayed... - [Disable Mounting of cramfs](def-000-gdo.md): To configure the system to prevent the`cramfs`kernel module from being loaded, add the following line to the file`... - [Windows active directory replication from non machine account](def-000-gfb.md): {% alert level="danger" %} - [Windows PowerShell disable ETW trace](def-000-ggb.md): {% alert level="danger" %} - [Verify Owner on cron.daily](def-000-ghp.md): To properly set the owner of`/etc/cron.daily`, run the command: - [Keycloak impossible user travel detected](def-000-gi8.md): {% alert level="danger" %} - [EC2 paravirtual instance types should not be used](def-000-gio.md): This control checks the virtualization type of an EC2 instance to determine if it is set to paravirtual. The control ... - [PingOne impossible travel authentication attempts by OTP](def-000-giw.md): {% alert level="danger" %} - [Verify /boot/grub2/user.cfg Permissions](def-000-gix.md): File permissions for`/boot/grub2/user.cfg`should be set to 600. To properly set the permissions of`/boot/grub2/use... - [>-](def-000-gkg.md): Enabling`log_connections`helps PostgreSQL Database to log attempted connection to the server, as well as successful... - [Neptune DB cluster snapshots should not be public](def-000-glk.md): This control ensures that a Neptune manual DB cluster snapshot is not publicly accessible. - [Disable the Automounter](def-000-gln.md): The`autofs`daemon mounts and unmounts filesystems, such as user home directories shared via NFS, on demand. In addi... - [Azure should use the latest HTTP version available](def-000-glr.md): Ensure use of the latest **HTTP** version. Using the latest version of **HTTP** is recommended to leverage securityen... - [GitLab successive project or repository downloads](def-000-gmd.md): {% alert level="danger" %} - [Configure server restrictions for ntpd](def-000-gna.md): ntpd is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across... - [>-](def-000-gry.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Google Compute Engine firewall egress rule opened to the world](def-000-gsr.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-gus.md): Granting excessive security capabilities to a pod or container can lead to unintended lateral movement to other conta... - [Windows critical hive in suspicious location access bits cleared](def-000-gvr.md): {% alert level="danger" %} - [Verify Owner on cron.d](def-000-gy4.md): To properly set the owner of`/etc/cron.d`, run the command: - [>-](def-000-gyb.md): It is recommended to set`contained database authentication`database flag for SQL Server instances to`off`. - [Install AIDE](def-000-gyl.md): The`aide`package can be installed with the following command: - [Verify Group Who Owns gshadow File](def-000-gz7.md): To properly set the group owner of`/etc/gshadow`, run the command: - [Uninstall squid Package](def-000-gzr.md): The`squid`package can be removed with the following command: - [Windows PowerShell Invoke-Mimikatz script](def-000-gzt.md): {% alert level="danger" %} - [Ensure rsyslog Default File Permissions Configured](def-000-h0j.md): rsyslog will create logfiles that do not already exist on the system. This settings controls what permissions will be... - [>-](def-000-h1i.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [User has used a disposable email address](def-000-h1z.md): Detect when a user is using a disposable email address. - [Write operation on route use predictable IDs](def-000-h2c.md): The API allows users to modify resources with predictable identifiers (IDs). Attackers can leverage this by guessing ... - [OpenSearch domains should have the latest software update installed](def-000-h5a.md): This control checks whether an Amazon OpenSearch Service domain has the latest software update installed. - [Ensure User Bash History File Has Correct Permissions](def-000-h5x.md): Set the mode of the bash history file to`0600`with the following command: - [AWS CreateIndex by long term access key](def-000-h6a.md): {% alert level="danger" %} - [User activity detected from outside authorized countries](def-000-h71.md): Detect user activity from a country that isn't part of an allowlist. - [Ensure pam_faillock module is enabled](def-000-h7e.md): The`pam_faillock.so`module maintains a list of failed authentication attempts per user during a specified interval ... - [Windows device installation blocked](def-000-h7o.md): {% alert level="danger" %} - [>-](def-000-h8d.md): {% alert level="danger" %} - [An AKS Cluster's Kubelet configuration file should disable anonymous requests](def-000-h9f.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [OpenSearch domains should encrypt data sent between nodes](def-000-h9o.md): This check determines if node-to-node encryption is activated for OpenSearch domains. Using HTTPS (TLS) can help prev... - [S3 bucket policies should restrict access from other AWS accounts](def-000-hb1.md): This check verifies whether an Amazon S3 general-purpose bucket policy restricts principals in other AWS accounts fro... - [Ensure all users last password change date is in the past](def-000-hb6.md): All users should have a password change date in the past. - [Verify /boot/grub/grub.cfg Permissions](def-000-hb8.md): File permissions for`/boot/grub/grub.cfg`should be set to 600. To properly set the permissions of`/boot/grub/grub.... - [Group has admin level privileges at the subscription scope](def-000-hc0.md): This rule identifies when an Azure AD Group has administrative-level permissions at the subscription scope. - [Uninstall kea Package](def-000-hca.md): If the system does not need to act as a DHCP server, the kea package can be uninstalled. - [Use Only FIPS 140-2 Validated MACs](def-000-hd1.md): Limit the MACs to those hash algorithms which are FIPS-approved. The following line in`/etc/ssh/sshd_config`demonst... - [Ensure nftables Rules are Permanent](def-000-hdf.md): nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frame... - [>-](def-000-hdi.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Forcepoint Secure Web Gateway threat indicator detected](def-000-hdm.md): {% alert level="danger" %} - [GitHub organization was removed from enterprise](def-000-hdx.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1531-account-access-r... - [>-](def-000-heb.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Publicly accessible Lambda function has a critical vulnerability](def-000-hec.md): The policy evaluates AWS Lambda functions to determine if they are publicly accessible and have one or more critical-... - [Okta User Identity Verification failure](def-000-hf5.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Okta IDP creation followed by failed authentication attempts](def-000-hfa.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [Amazon Workspaces should enable volume encryption](def-000-hfj.md): Enable volume encryption for Amazon WorkSpaces to protect data at rest by encrypting both root and user volumes using... - [EC2 Auto Scaling groups should use Amazon EC2 launch templates](def-000-hfk.md): This check verifies if an Amazon EC2 Auto Scaling group is established using an EC2 launch template. The check does n... - [Disable SSH Support for .rhosts Files](def-000-hhm.md): SSH can emulate the behavior of the obsolete rsh command in allowing users to enable insecure access to their account... - [User activity from Tor](def-000-hio.md): Detect user activity from suspicious IPs, specifically the [Tor anonymisation network](https://en.wikipedia.org/wiki/... - [Private Endpoints should be used to access Storage Accounts](def-000-hj1.md): Private endpoints for your Azure Storage accounts allow clients and services to securely access data located over a n... - [Wiz Issues alerts](def-000-hkr.md): Classification:attack - [AWS IAM group can assume a role with administrative privileges](def-000-hlf.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Set SSH MaxSessions limit](def-000-hm6.md): The`MaxSessions`parameter specifies the maximum number of open sessions permitted from a given connection. To set M... - [Azure AI service high volume of chat requests](def-000-hmz.md): {% alert level="danger" %} - [>-](def-000-hn9.md): {% alert level="danger" %} - [Windows credential dumping via WER application error](def-000-hoe.md): {% alert level="danger" %} - [Publicly accessible EC2 instance should not have open administrative ports](def-000-hrv.md): This rule checks if an EC2 instance accessible from the public internet has open administrative ports, specifically p... - [>-](def-000-hrw.md): To set the runtime status of the`net.ipv4.conf.default.accept_redirects`kernel parameter, run the following command: - [OpenSearch domains should have fine-grained access control enabled](def-000-hsf.md): This control checks whether Amazon OpenSearch Service domains have fine-grained access control (FGAC) enabled. Fine-g... - [>-](def-000-hsi.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [MySQL instance should have the 'skip_show_database' flag set to 'on](def-000-ht8.md): It is recommended that for Cloud SQL Instances, you set the`skip_show_database`database flag to`ON`. - [Redshift cluster snapshots should not be shared with external accounts](def-000-hts.md): This rule evaluates whether Amazon Redshift cluster snapshots are shared with external AWS accounts that are not onbo... - [Windows PowerShell scripts installed as services](def-000-hum.md): {% alert level="danger" %} - [Azure Blob Storage versioning should be enabled](def-000-hvl.md): Enable versioning for Azure Blob Storage to maintain previous versions of blobs and protect against accidental modifi... - [Google Workspace administrator initiated a data transfer request](def-000-hw5.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [No more than one active SSH public key should be assigned to a single user](def-000-hwc.md): This control ensures that no more than one active SSH public key is assigned to a single IAM user. - [Windows OpenSSH server listening on socket](def-000-hyz.md): {% alert level="danger" %} - [Security group changes should be monitored](def-000-i0x.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Azure AI models listed directly through API](def-000-i47.md): {% alert level="danger" %} - [Uninstall cyrus-imapd Package](def-000-i52.md): The`cyrus-imapd`package can be removed with the following command: - [Windows self extraction directive file created](def-000-i7m.md): {% alert level="danger" %} - [VPCs should have interface endpoint for SSM Contacts](def-000-i7q.md): Virtual private clouds (VPCs) should have interface VPC endpoints configured for SSM Contacts to enable private acces... - [DNSFilter high volume of `ANY` requests from a source](def-000-i7u.md): {% alert level="danger" %} - [Publicly accessible EC2 instance uses IMDSv1](def-000-i9l.md): A publicly-accessible EC2 instance uses the Instance Metadata Service (IMDS) Version 1. - [Extrahop security risk detected](def-000-ia0.md): {% alert level="danger" %} - [Unusual account creations from an IP](def-000-ibd.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1585-establish-accounts](htt... - [Install pam-modules Package](def-000-ibe.md): The`libpam-modules`package can be installed with the following command: - [ElastiCache Redis clusters should have auto minor version upgrades enabled](def-000-icw.md): This evaluation validates that ElastiCache for Redis automatically implements minor version upgrades for cache cluste... - [Windows security essentials executable modified](def-000-id9.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1036-masqueradin... - [Verify Permissions on /var/log/syslog File](def-000-ieo.md): To properly set the permissions of`/var/log/syslog`, run the command: - [Azure Active Directory Admin should be configured for Azure SQL](def-000-ies.md): By default, Azure Active Directory Authentication for SQL Database/Server is not enabled. However, utilizing Azure Ac... - [Resource provisioned using kubectl in container](def-000-ifh.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1610-deploy-contai... - [Atlassian Confluence site export](def-000-ig1.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Snowflake user granted admin role](def-000-igf.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Security Group should restrict SSH access from the internet](def-000-igl.md): Restricting SSH access from the public internet is crucial for network security. SSH vulnerabilities can be exploited... - [Forcepoint Secure Web Gateway unusual spike found in web category urls](def-000-ihg.md): {% alert level="danger" %} - [>-](def-000-ihv.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1114-email-collec... - [Verify Group Who Owns /var/log/localmessages* File](def-000-ihx.md): To properly set the group owner of`/var/log/localmessages*`, run the command: - [>-](def-000-ijw.md): The`log_min_error_statement`flag defines the minimum message severity level that is considered an error statement. ... - [>-](def-000-ill.md): This control verifies that all Amazon Bedrock Agent aliases point to Agent versions with an Amazon Guardrail policy a... - [AWS IAM User created with AdministratorAccess policy attached](def-000-ilw.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [RDS cluster replicates to a publicly accessible RDS instance](def-000-imu.md): A private RDS cluster replicating to a publicly accessible RDS read replica instance increases the likelihood of unau... - [Atlassian Confluence global setting changed](def-000-imy.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-ing.md): A publicly accessible compute instance with a privileged service principal has password-based SSH authentication. The... - [Security Group should restrict RDP access from the internet](def-000-io3.md): Restricting RDP access from the public internet is crucial for network security. RDP vulnerabilities can be exploited... - [Slack IdP configuration changed](def-000-io7.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [GitLab user changes associated email](def-000-ipx.md): {% alert level="danger" %} - [>-](def-000-iqr.md): Unpatched vulnerabilities in publicly accessible applications can increase the likelihood of exposing weaknesses, cre... - [Limit Password Reuse: system-auth](def-000-is0.md): Do not allow users to reuse recent passwords. This can be accomplished by using the`remember`option for the`pam_pw... - [Log entries should have log sinks configured for exporting](def-000-isv.md): It is recommended to create a sink that will export copies of all log entries. This can help aggregate logs from mult... - [>-](def-000-it0.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Ensure All Accounts on the System Have Unique Names](def-000-ivn.md): Ensure accounts on the system have unique names. To ensure all accounts have unique names, run the following command: - [Security Group should restrict UDP access from the internet](def-000-ivx.md): Regular evaluation of network security groups is essential to identify and address any misconfigurations related to p... - [A remote time server for Chrony is configured](def-000-ixs.md): `Chrony`is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks ac... - [ECS task definitions should have a logging configuration](def-000-iy5.md): This assessment examines whether the most recent active Amazon ECS task definition includes a specified logging confi... - [Unfamiliar IAM user retrieved SSM parameter](def-000-iye.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Package "prelink" Must not be Installed](def-000-iyv.md): The`prelink`package can be removed with the following command: - [>-](def-000-izv.md): This control examines whether your IAM Role inline policies allow AWS KMS decryption actions on all KMS resources. Th... - [Route table changes should be monitored](def-000-j0s.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Salesforce login from unseen application](def-000-j1q.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [OpenSearch domains should have Error Logging enabled](def-000-j24.md): This check determines if the`ES_APPLICATION_LOGS`feature is enabled for Amazon OpenSearch Service domains, and is c... - [Salesforce large-sized chunk exfiltration through GET requests](def-000-j36.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1030-data-trans... - [Azure Bastion shareable links should not be permitted](def-000-j47.md): [Azure Bastion public links](https://learn.microsoft.com/en-us/azure/bastion/shareable-link) can allow remote access ... - [AWS IAM user can assume a role with administrative privileges](def-000-j5k.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [S3 general purpose buckets should have a lifecycle configuration](def-000-j5t.md): This check verifies if an Amazon S3 general-purpose bucket has at least one active Lifecycle configuration in place. ... - [>-](def-000-j5y.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Cisco Umbrella - access to personal network detected](def-000-j6f.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1071-app... - [SSL connection on PostgreSQL Database Server should be enabled](def-000-j7g.md): Enable SSL connectivity on PostgreSQL Servers. SSL connectivity helps to provide a new layer of security by connectin... - [RDS instances should be configured to use multiple Availability Zones](def-000-j7o.md): This validation verifies if an Amazon RDS instance is set up in an EC2-VPC. - [Redshift clusters should enforce encryption in transit](def-000-j7s.md): This control verifies whether Amazon Redshift cluster connections require encryption during transit. The parameter`r... - [EC2 launch templates should use Instance Metadata Service Version 2 (IMDSv2)](def-000-j89.md): This control checks whether an Amazon EC2 launch template has **all** versions configured with Instance Metadata Serv... - [Lambda functions should not be configured with a privileged execution role](def-000-j9v.md): This control ensures that none of your Lambda functions are attached to a highly-privileged execution role. Reducing ... - [Disable Network File System (nfs)](def-000-jcq.md): The Network File System (NFS) service allows remote hosts to mount and interact with shared filesystems on the local ... - [Verify Group Who Owns cron.d](def-000-jdc.md): To properly set the group owner of`/etc/cron.d`, run the command: - [Okta Identity Provider creation or modification](def-000-jdv.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [Unauthenticated route use expensive APIs](def-000-jdx.md): An exposed API allows unauthenticated users to make use of paid third-party services, which may not be intended. - [Verify /boot/grub/grub.cfg User Ownership](def-000-je8.md): The file`/boot/grub/grub.cfg`should be owned by the`root`user to prevent destruction or modification of the file.... - [Orca Security CDR alert detected](def-000-jg6.md): {% alert level="danger" %} - [Container breakout attempt using container management socket](def-000-jgj.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1613-container-and... - [Microsoft 365 SendAs permissions added](def-000-jgy.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [An EKS Cluster's Kubelet should only allow explicitly authorized requests](def-000-jhc.md): Kubelets can be configured to allow all authenticated requests (even anonymous ones) without needing explicit authori... - [Ensure /tmp Located On Separate Partition](def-000-jhj.md): The`/tmp`directory is a world-writable directory used for temporary file storage. Ensure it has its own partition o... - [GitHub repository activity from suspicious IP](def-000-jho.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [SSH watched country login notice from Zeek](def-000-jhq.md): Classification:attack - [>-](def-000-jhs.md): {% alert level="danger" %} - [Microsoft 365 Copilot Studio agent sign-in topic modified](def-000-jhy.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Verify nftables Service is Disabled](def-000-ji0.md): nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frame... - [Snowflake new client application sessions](def-000-jjl.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [Disable Bluetooth Service](def-000-jkk.md): The`bluetooth`service can be disabled with the following command: - [Verify Group Who Owns /var/log/syslog File](def-000-jkv.md): To properly set the group owner of`/var/log/syslog`, run the command: - [Suricata high number of bytes out detected](def-000-jlw.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010) - [Unusual ntdsutil usage](def-000-jmj.md): {% alert level="danger" %} - [Ensure Message Of The Day Is Configured Properly](def-000-jo9.md): To configure the system message of the day banner edit the`/etc/motd`file. Replace the default text with a message ... - [Missing Referrer-Policy Security HTTP header](def-000-jpd.md): This publicly exposed API endpoint was found responding with HTML or browser-rendered content and lacks the Referrer-... - [Verify pam_pwhistory module is activated](def-000-jpe.md): The`pam_pwhistory.so`module is part of the Pluggable Authentication Modules (PAM) framework designed to increase pa... - [>-](def-000-jr3.md): Security best practices recommend that the principle of 'Separation of Duties' is enforced while assigning service-ac... - [>-](def-000-jrr.md): If the kubelet refers to a configuration file with the`--config`argument, ensure that the file has permissions set ... - [Ensure Users Cannot Change GNOME3 Screensaver Settings](def-000-jsc.md): If not already configured, ensure that users cannot change GNOME3 screensaver lock settings by adding`/org/gnome/des... - [Windows PowerShell web access installation using PsScript](def-000-jsr.md): {% alert level="danger" %} - [EKS cluster should use a network policy between nodes](def-000-jt8.md): Network policies restrict pod-to-pod traffic and should be implemented in EKS clusters. - [CodeBuild source credentials should be stored and transmitted securely](def-000-jtg.md): This control verifies if AWS CodeBuild source credentials include personal access tokens or basic authentication cred... - [AWS IAM Roles Anywhere User Profile Creation](def-000-jtm.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](def-000-jud.md): Certificate resource records may use the domain name system security extensions (DNSSEC) algorithm numbers in this re... - [Disable DHCP Service](def-000-juh.md): The`dhcpd`service should be disabled on any system that does not need to act as a DHCP server. The`isc-dhcp-server... - [Windows protected storage service access](def-000-jw3.md): {% alert level="danger" %} - [Cisco Duo bypass code is used to authenticate user request](def-000-jxj.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Forcepoint Security Service Edge impossible travel detected in admin portal](def-000-jyr.md): {% alert level="danger" %} - [>-](def-000-jzg.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [>-](def-000-k0l.md): Vulnerability Assessment (VA) scan reports and alerts will be sent to email addresses configured at 'Send scan report... - [Service exposes publicly debugging endpoints](def-000-k0t.md): This API exposes a debug endpoint in a production environment. Frameworks sometimes expose debugging features that ar... - [>-](def-000-k1x.md): CloudFront distributions using Origin Access Identity (OAI) should be migrated to Origin Access Control (OAC) for enh... - [RDS event subscriptions should be configured to notify for critical events](def-000-k33.md): This control ensures RDS event subscriptions for both database clusters and instances. Database clusters should have ... - [Route uses expensive APIs without rate limiting](def-000-k35.md): An exposed API makes use of third-party services paid for per request and does not implement any rate-limiting protec... - [User signup endpoint without HTTPS](def-000-k3g.md): This API endpoint allows the registration of new users into an application over a non-encrypted channel. - [System Audit Logs Must Be Owned By Root](def-000-k41.md): All audit logs must be owned by root user. The path for audit log can be configured via`log_file`parameter in - [>-](def-000-k43.md): If the kubelet refers to a configuration file with the`--config`argument, ensure that the file has permissions set ... - [Microsoft Defender for SQL Server should be on for critical SQL Servers](def-000-k4e.md): Enabling 'Microsoft Defender for SQL' on critical SQL Servers is highly recommended. By default, this feature is set ... - [Verify Permissions on SSH Server Public *.pub Key Files](def-000-k4j.md): To properly set the permissions of`/etc/ssh/*.pub`, run the command: - [Disable SSH Root Login](def-000-k5c.md): The root user should never be allowed to login to a system directly over a network. To disable root login via SSH, ad... - [Use Only Strong Key Exchange algorithms](def-000-k5k.md): Limit the Key Exchange to strong algorithms. The following line in`/etc/ssh/sshd_config`demonstrates use of those: - [Network gateway changes should be monitored](def-000-k5x.md): Real-time monitoring of API calls can be achieved by directing AWS CloudTrail logs to AWS CloudWatch logs and establi... - [>-](def-000-k6h.md): Unpatched vulnerabilities can increase the likelihood of exposing weaknesses, creating an entry point for attackers t... - [>-](def-000-k6r.md): This rule ensures that none of your IAM roles have highly-privileged policies or administrative policies attached to ... - [Keycloak user disabled by temporary lockout](def-000-k6s.md): {% alert level="danger" %} - [Timeouts for streaming connections in a GKE worker node should be enabled](def-000-k83.md): Timeouts on streaming connections should be enabled. Setting idle timeouts ensures that the node is protected against... - [Azure Key Vault should use RBAC](def-000-k8k.md): This detection identifies Azure Key Vaults with`enable_rbac_authorization`not set to`true`. This identifies Key Va... - [Cognito identity pool should not have the classic authentication flow enabled](def-000-k8u.md): In Amazon Cognito, there are [two different flows](https://docs.aws.amazon.com/cognito/latest/developerguide/authenti... - [Verify Group Who Owns /var/log/(b|w)tmp(.*|-*) File](def-000-k95.md): To properly set the group owner of`/var/log/(b|w)tmp(.*|-*)`, run the command: - [Scheduled task created](def-000-k9f.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1053-sc... - [Cisco Secure Endpoint Alert](def-000-kan.md): {% alert level="danger" %} - [>-](def-000-kc6.md): The pam_faillock.so module must be loaded in preauth in /etc/pam.d/password-auth. - [>-](def-000-ke9.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Anomalous amount of failed sign-in attempts by 1Password user](def-000-kfa.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [AWS EC2 instance can assume a role with administrative privileges](def-000-kfe.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [>-](def-000-kft.md): Enabling the EC2 setting 'Block public access for EBS snapshots' ensures that EBS snapshots cannot accidentally be sh... - [WAF web ACLs should have at least one rule or rule group](def-000-kgz.md): This control verifies that an AWS WAFV2 web access control list (web ACL) includes at least one rule or rule group. T... - [>-](def-000-khx.md): This control ensures that the Classic Load Balancer leverages HTTPS/SSL certificates issued by AWS Certificate Manage... - [Windows MSSQL disable audit settings](def-000-ki8.md): {% alert level="danger" %} - [Azure custom administrator roles should be disabled](def-000-kib.md): Avoid the use of custom administrator roles, as they are error prone. Instead, use Azure's built-in least privilege '... - [>-](def-000-kic.md): This rule ensures EKS clusters and nodegroups follow security best practices for network access control. Only cluster... - [Tor client IP address identified in Slack](def-000-kk3.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1090-pro... - [Memfd object created](def-000-kn2.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1620-reflect... - [Impossible travel observed from business logic event](def-000-kn9.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-accounts](https://attac... - [Suricata baseline deviation from expected IP requests](def-000-kny.md): Classification:anomaly - [Ensure Sudo Logfile Exists - sudo logfile](def-000-kol.md): A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the de... - [Uninstall rpcbind Package](def-000-kpp.md): The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start... - [>-](def-000-kpy.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Route returns PCI regulated data without HTTPS](def-000-kq5.md): The API transmits PCI regulated data over a non encrypted channel. - [>-](def-000-kr2.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Ensure journald ForwardToSyslog is disabled](def-000-kr4.md): Data from journald should be kept in the confines of the service and not forwarded to other services. - [Containers should not execute compilers](def-000-krp.md): | Impact | Remediation complexity | Severity | Recommended value | - [Windows DiagTrackEoP default login username](def-000-krx.md): {% alert level="danger" %} - [Ensure PAM Enforces Password Requirements - Enforcing](def-000-ks8.md): Verify that the operating system uses "pwquality" to enforce the password complexity rules. Verify the pwquality modu... - [Okta user reported suspicious activity](def-000-ksw.md): Classification:attack - [Timeouts for streaming connections in an EKS worker node should be enabled](def-000-kt7.md): Timeouts on streaming connections should be enabled. Setting idle timeouts ensures that the node is protected against... - [Windows firewall configuration registry key modified](def-000-kte.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Okta Org2Org application user syncing](def-000-ktl.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](def-000-kua.md): This rule evaluates whether Amazon Machine Images (AMIs) are shared with external AWS accounts or organizations that ... - [Verify Owner on cron.weekly](def-000-kvk.md): To properly set the owner of`/etc/cron.weekly`, run the command: - [Route returns non-sensitive PII data without HTTPS](def-000-kxa.md): The API transmits non-sensitive personally identifiable information (PII) over a non-encrypted channel. - [Azure user has a large permissions gap](def-000-kyu.md): To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least leve... - [''root'' account access should be monitored](def-000-l0x.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Service accounts should only be bound to non-administrative roles](def-000-l0z.md): A service account is a special Google account that belongs to an application or a VM, instead of to an individual end... - [Elasticsearch domains should have at least three dedicated master nodes](def-000-l4f.md): This control verifies whether Elasticsearch domains are configured with at least three dedicated primary nodes and en... - [User Initialization Files Must Be Group-Owned By The Primary Group](def-000-l4y.md): Change the group owner of interactive users files to the group found in - [AWS IAM policy with administrative privileges is not attached to any principal](def-000-l6e.md): A privileged IAM policy exists but is not attached to any principal. - [Creation of new AWS Bedrock long term access key with no expiration date](def-000-l7a.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1552-unsecure... - [Set Password Warning Age](def-000-l7v.md): To specify how many days prior to password expiration that a warning will be issued to users, edit the file`/etc/log... - [Excessive sensitive activity from an IP (SDK instrumented)](def-000-l8r.md): Detect excessive activity performed from an IP. - [>-](def-000-l9d.md): A publicly accessible Google Compute instance has one or more critical severity vulnerabilities. - [Attempt to create Xlarge EC2 instances in multiple AWS regions](def-000-la6.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1535-unused-... - [Unauthenticated route use predictable IDs](def-000-la7.md): The API allows unauthenticated users to request resources with predictable identifiers (IDs). Attackers can leverage ... - [Incoming client certificates should be required to be 'On](def-000-lak.md): Client certificates allow for an app to request a certificate for incoming requests. Only clients that have a valid c... - [Slack enterprise workspace created or deleted](def-000-lcz.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1531-account-access-r... - [AWS EC2 instance has administrative privileges](def-000-ldp.md): This rule ensures that none of your EC2 instances have IAM roles with highly-privileged policies or administrative po... - [Subnets should be associated with a Network Security Group](def-000-ler.md): This rule checks whether subnets in Azure are associated with a Network Security Group. Ensuring that subnets are ass... - [Symantec VIP multiple numbers challenge failed events](def-000-lgu.md): {% alert level="danger" %} - [Cloudflare L7 DDOS detected](def-000-lhq.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1498-network-denial-o... - [Azure user has access to a large number of resources](def-000-lhw.md): To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least scop... - [Disable Mounting of hfs](def-000-li8.md): To configure the system to prevent the`hfs`kernel module from being loaded, add the following line to the file`/et... - [IAM role has trust policy containing external principal](def-000-lic.md): This control examines whether IAM roles have trust policies that allow access to principals in external AWS accounts.... - [AWS IAM group has administrative privileges](def-000-lil.md): Confirm there are no IAM Groups with administrative privileges for your AWS account. - [Cisco Secure Endpoint malicious activity detected in system scan](def-000-ljl.md): {% alert level="danger" %} - [Windows OpenSSH brute force attempt](def-000-ljo.md): {% alert level="danger" %} - [Verify Ownership of Files in /var/log/apt](def-000-lkl.md): To properly set the owner of`/var/log/apt/*`, run the command: - [SQL Server instances should have the `user options` database flag disabled](def-000-lm4.md): It is recommended that the`user options`database flag for SQL Server instance not be configured. - [>-](def-000-lq4.md): {% alert level="danger" %} - [Verify Group Who Owns SSH Server config file](def-000-lrr.md): To properly set the group owner of`/etc/ssh/sshd_config`, run the command: - [Windows password change on directory service restore account](def-000-ls7.md): {% alert level="danger" %} - [Verify Permissions on /var/log/secure File](def-000-lu5.md): To properly set the permissions of`/var/log/secure`, run the command: - [>-](def-000-lua.md): Configuring the EC2 setting 'IMDS Defaults' to require instance metadata service (IMDS) version 2 reduces the chance ... - [AWS IAM role has a trust relationship with a wildcard principal](def-000-lut.md): This rule ensures that none of your IAM roles have a trust policy which includes a [wildcard](https://docs.aws.amazon... - [>-](def-000-luu.md): It is recommended to set`external scripts enabled`database flag for SQL Server instance to`off`. - [Salesforce discovery of populated tables from unseen network and device](def-000-lvs.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1087-account-disco... - [Redshift clusters should not use the default database name](def-000-lx9.md): This control verifies if the database name of an Amazon Redshift cluster has been changed from its default setting of... - [Auditing on SQL Server should be enabled](def-000-lyy.md): Enabling auditing on SQL Servers in the Azure platform ensures that all databases on the server instance are audited,... - [>-](def-000-lzv.md): This control ensures existing Amazon RDS event subscriptions for database parameter groups have notifications enabled... - [All Interactive Users Home Directories Must Exist](def-000-m0e.md): Create home directories to all local interactive users that currently do not have a home directory assigned. Use the ... - [GitHub repository created with suspicious naming convention](def-000-m0x.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [CloudFormation stacks should have associated service roles](def-000-m1g.md): CloudFormation stacks should use service roles (IAM roles) instead of user credentials. Using a service role allows y... - [Aurora clusters should have backtracking enabled](def-000-m2a.md): This control verifies backtracking is enabled for an Amazon Aurora cluster. Backups are critical for rapid recovery f... - [Publicly accessible Google Compute instance uses a privileged service account](def-000-m2r.md): A publicly accessible VM instance has a Service Account with a privileged or administrative IAM policy. If an attacke... - [Private endpoint lacks assigned owner](def-000-m2w.md): This endpoint has no assigned team. This can lead to maintenance issues and increase the likelihood of undetected vul... - [Password reset token bruteforce](def-000-m3m.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [Microsoft 365 Inbound Connector added or modified](def-000-m3t.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Ensure AppArmor is installed](def-000-m45.md): AppArmor provide Mandatory Access Controls. - [Authenticated route returns sensitive data using predictable IDs](def-000-m49.md): The API allows authenticated users to access sensitive data by exploiting the use of predictable identifiers. Attacke... - [Improper collection of metadata on login requests](def-000-m4m.md): This authentication endpoint lacks metadata to effectively detect Account Takeover Attacks (ATO) attempts by App & AP... - [Set PAM''s Password Hashing Algorithm - password-auth](def-000-m53.md): The PAM system service can be configured to only store encrypted representations of passwords. In`/etc/pam.d/passwor... - [GCP Group Account has overly permissive access to resources in the project](def-000-m59.md): Editor or Owner roles are highly permissive roles that existed prior to the introduction of IAM. - [Neptune DB cluster snapshots should be encrypted at rest](def-000-m5w.md): This control verifies whether a Neptune DB cluster snapshot is encrypted while stored. - [''Regular'' or ''Stable'' release channels should be used for GKE clusters](def-000-m5z.md): Release channels should be used to automate version upgrades and reduce potential difficulties associated with versio... - [Verify User Who Owns /var/log/*.journal(~) Files](def-000-m6y.md): To properly set the owner of`/var/log/*.journal(~)`, run the command: - [>-](def-000-m8p.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1564-hide-ar... - [>-](def-000-m8q.md): It is recommended that Cloud Audit Logging is configured to track all admin activities and read or write access to us... - [Microsoft Defender for Cloud](def-000-m9m.md): Classification:attack - [Unauthorized API calls should be monitored](def-000-m9s.md): Real-time monitoring of API calls can be achieved by sending CloudTrail logs to CloudWatch Logs and establishing metr... - [>-](def-000-ma8.md): Storage account containers containing activity log exports should not be publicly accessible. Allowing public access ... - [Hash of known malware detected](def-000-mal.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [Set Interactive Session Timeout](def-000-mav.md): Setting the`TMOUT`option in`/etc/profile`ensures that all user sessions will terminate based on inactivity. The v... - [DocumentDB clusters should have deletion protection enabled](def-000-maz.md): This feature verifies if deletion protection is active on an Amazon DocumentDB cluster. The feature will not pass if ... - [CloudFront distributions should be configured with a default root object](def-000-mbs.md): This evaluation determines if an Amazon CloudFront distribution is set up to provide a designated object as the defau... - [CloudFront distribution contains S3 origin with external or nonexistent bucket](def-000-mcz.md): This control identifies AWS CloudFront distributions with S3 origins pointing to external or nonexistent buckets. A m... - [>-](def-000-md1.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Remove unused Secrets Manager secrets](def-000-mdt.md): This control checks if an AWS Secrets Manager secret has been accessed within the last 90 days. The control will fail... - [Anomalous number of Auth0 Attack Protection events](def-000-mdv.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Anomalous number of secrets retrieved from AWS Secrets Manager](def-000-mfm.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Verify /boot/efi/EFI/redhat/user.cfg Permissions](def-000-mg4.md): File permissions for`/boot/efi/EFI/redhat/user.cfg`should be set to 600. To properly set the permissions of`/boot/... - [The 'root' user account should use hardware-based MFA](def-000-mgd.md): The root user account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of ... - [Remove Rsh Trust Files](def-000-mhb.md): The files`/etc/hosts.equiv`and`~/.rhosts`(in each user's home directory) list remote hosts and users that are tru... - [Verify User Permission Modifications on Host](def-000-mhp.md): | Impact | Remediation complexity | Severity | Recommended value | - [Windows PowerShell PSAsyncShell asynchronous TCP reverse shell](def-000-mid.md): {% alert level="danger" %} - [Add noexec Option to /var/log](def-000-mjz.md): The`noexec`mount option can be used to prevent binaries from being executed out of`/var/log`. Add the`noexec`opt... - [Set configuration for IPv6 loopback traffic](def-000-mkc.md): Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback ne... - [Windows credential dumping tools service execution](def-000-mld.md): {% alert level="danger" %} - [Ensure AppArmor Utils is installed](def-000-mlz.md): AppArmor provide Mandatory Access Controls. - [System Audit Logs Must Have Mode 0750 or Less Permissive](def-000-mnj.md): If`log_group`in`/etc/audit/auditd.conf`is set to a group other than the`root`group account, change the mode of ... - [Verify Essential Linux Binary Modified in Container](def-000-mpk.md): | Impact | Remediation complexity | Severity | Recommended value | - [GitHub branch protection disabled on branch](def-000-mpx.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [AWS Config configuration changes should be monitored](def-000-mq4.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [Unused Network Access Control Lists should be removed](def-000-mqn.md): This check verifies if there are any unused network access control lists (ACLs). - [Site-to-Site VPN connection tunnels should be online](def-000-mrm.md): A VPN tunnel is an encrypted pathway that allows data to move securely between the customer network and AWS within an... - [GitHub secret scanning disabled or bypassed](def-000-msc.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Salesforce unusual CLI activity](def-000-mtq.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Verify ufw Active](def-000-mty.md): Verify the ufw is enabled on the system with the following command: - [Windows SMB create remote file admin share](def-000-mu2.md): {% alert level="danger" %} - [Authenticated route returns sensitive data](def-000-mu3.md): The API allows authenticated users to access sensitive data, which may not be intended. - [Add nodev Option to /var/tmp](def-000-mv8.md): The`nodev`mount option can be used to prevent device files from being created in`/var/tmp`. Legitimate character a... - [Google Cloud Compute Engine GPU virtual machine instance created](def-000-mwl.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Ensure ufw Firewall Rules Exist for All Open Ports](def-000-mx6.md): Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. - [Windows shadow copies deleted](def-000-my4.md): {% alert level="danger" %} - [Disable nginx Service](def-000-my9.md): The`nginx`service can be disabled with the following command: - [IAM role has trust policy containing cross-organization principal](def-000-myd.md): This control examines whether IAM roles have trust policies that allow access to principals from different AWS organi... - [Set Account Expiration Following Inactivity](def-000-myh.md): To specify the number of days after a password expires (which signifies inactivity) until an account is permanently d... - [Disable Avahi Server Software](def-000-myz.md): The`avahi-daemon`service can be disabled with the following command: - [EventBridge custom event buses should have a resource-based policy attached](def-000-mzp.md): This control verifies whether a resource-based policy is attached to an Amazon EventBridge custom event bus. The cont... - [CloudFront distributions should be configured for origin failover](def-000-n0m.md): This assessment verifies if an Amazon CloudFront distribution has been set up with an origin grouping that contains a... - [Configure Systemd Timesyncd Servers](def-000-n11.md): `systemd-timesyncd`is a daemon that has been added for synchronizing the system clock across the network. The`syste... - [Windows eventlog cleared](def-000-n1f.md): {% alert level="danger" %} - [Azure group has administrative privileges over resources](def-000-n2g.md): This rule identifies when a group has administrative level permissions at the root (most permissive) scope. - [GitLab deploy token created](def-000-n45.md): {% alert level="danger" %} - [Azure should use the latest Python version available](def-000-n4q.md): Newer versions of Python software are periodically released to address security vulnerabilities and introduce additio... - [Azure user has administrative privileges over resources](def-000-n5w.md): This rule identifies when a user has administrative level permissions at the root (most permissive) scope. - [An EKS Cluster's Kubelet should rotate client certificates automatically](def-000-n67.md): Client certificates should be rotated. This ensures there is no downtime due to expired certificates. - [Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate](def-000-n6l.md): The sudo`!authenticate`option, when specified, allows a user to execute commands using sudo without having to authe... - [RDS clusters should be configured to use a custom administrator name](def-000-n8j.md): This check determines if the admin username for an Amazon RDS database cluster has been altered from its default sett... - [Windows DHCP server error loaded CallOut DLL](def-000-n8u.md): {% alert level="danger" %} - [Modify the System Login Banner for Remote Connections](def-000-n9a.md): To configure the system login banner edit`/etc/issue.net`. Replace the default text with a message compliant with th... - [Kinesis streams should be encrypted at rest](def-000-n9o.md): This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fa... - [Verify User Who Owns /var/log/cloud-init.log File](def-000-na8.md): To properly set the owner of`/var/log/cloud-init.log`, run the command: - [Verify /boot/grub2/user.cfg Group Ownership](def-000-nb3.md): The file`/boot/grub2/user.cfg`should be group-owned by the`root`group to prevent reading or modification of the f... - [Neptune DB clusters should have automated backups enabled](def-000-nc5.md): This control verifies whether automated backups are enabled for a Neptune DB cluster. - [Administrative privileges assigned to a user, group or role](def-000-ncc.md): {% alert level="danger" %} - [>-](def-000-nck.md): This rule verifies whether the project has plain text environment variables that include the string`AWS_ACCESS_KEY_I... - [Verify Group Ownership on SSH Server Public *.pub Key Files](def-000-ndd.md): SSH server public keys, files that match the`/etc/ssh/*.pub`glob, must be group-owned by`root`group. - [Verify Ownership of Files in /var/log/gdm3](def-000-ne1.md): To properly set the owner of`/var/log/gdm3/*`, run the command: - [Install nftables Package](def-000-ne4.md): nftables provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine... - [>-](def-000-ne9.md): Customer-Supplied Encryption Keys (CSEK) are a feature in Google Cloud Storage and Google Compute Engine. If you supp... - [Forcepoint Security Service Edge file quarantined event](def-000-neu.md): {% alert level="danger" %} - [GitHub IP allow list](def-000-nf7.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [BigQuery Dataset should not be anonymously or publicly accessible](def-000-nfg.md): It is recommended that the IAM policy on BigQuery datasets does not allow anonymous or public access. - [Require use_authtok for pam_unix.so](def-000-nfl.md): When password changing enforce the module to set the new password to the one provided by a previously stacked passwor... - [>-](def-000-ngl.md): This control verifies whether SSL certificates are configured for Amazon API Gateway REST API stages. These certifica... - [Kubelet configuration file ownership should be assigned to root](def-000-ngy.md): Ensure that the file ownership of the kubelet's kubeconfig file is set to`root:root`. You should set its file owners... - [Palo Alto Cortex XDR malware alert detected on multiple hosts](def-000-nig.md): {% alert level="danger" %} - [Verify Group Ownership on SSH Server Private *_key Key Files](def-000-niz.md): SSH server private keys, files that match the`/etc/ssh/*_key`glob, must be group-owned by`ssh_keys`group. - [EC2 instance created using risky AMI search pattern](def-000-njb.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1195-supply-c... - [AWS IAM user has access to a large number of resources](def-000-njg.md): This rule identifies when an IAM user has a policy attached which permits access to a significant number of resources... - [Set Password Maximum Consecutive Repeating Characters](def-000-njm.md): The pam_pwquality module's`maxrepeat`parameter controls requirements for consecutive repeating characters. When set... - [AWS CreateIndex followed by ListResources via long term access key](def-000-nlb.md): {% alert level="danger" %} - [SageMaker notebook instances should not grant users root access](def-000-nlx.md): This control evaluates if root access is enabled for an Amazon SageMaker notebook instance. - [Set Default ip6tables Policy for Incoming Packets](def-000-nmm.md): To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, ... - [Set Default iptables Policy for Incoming Packets](def-000-nnn.md): To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, ... - [>-](def-000-nns.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [AWS IAM role can assume a role with administrative privileges cross-account](def-000-nor.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Diagnostic Setting should capture appropriate categories](def-000-nrg.md): Before proceeding with the recommendation, it is important to ensure that a Diagnostic Setting already exists. This a... - [Ensure users' .netrc Files are not group or world accessible](def-000-nsp.md): While the system administrator can establish secure permissions for users' .netrc files, the users can easily overrid... - [Slack anomaly event](def-000-ntd.md): Classification:attack - [Post compromise shell detected](def-000-nul.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1190-exploit-publi... - [AWS IAM group has access to a large number of resources](def-000-nv1.md): This rule identifies when an IAM group has a policy attached, which permits them access to a significant number of re... - [WAF Classic web ACLs should be migrated to WAFv2](def-000-nwm.md): All AWS WAF Classic resources should be migrated to WAFv2 as WAF Classic support ends on September 30, 2025. WAFv2 of... - [Install iptables Package](def-000-nxa.md): The`iptables`package can be installed with the following command: - [RDS clusters should have encryption at rest enabled](def-000-nxe.md): This check verifies RDS database clusters encrypt data at rest. Data at rest encompasses any information stored in pe... - [Known compromised IAM users should not be present in the account](def-000-ny3.md): Ensure that no known compromised IAM users are present in your AWS account. When AWS identifies compromised AWS IAM u... - [>-](def-000-o09.md): To set the runtime status of the`net.ipv6.conf.default.accept_redirects`kernel parameter, run the following command: - [Zendesk Automatic Redaction is disabled](def-000-o12.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows active directory object WriteDAC access](def-000-o2w.md): {% alert level="danger" %} - [Remove tnftp Package](def-000-o4h.md): tnftp an enhanced FTP client, is the user interface to the Internet standard File Transfer Protocol. The program allo... - [Domain added to Google Workspace allowlisted domains](def-000-o5b.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [>-](def-000-o5y.md): {% alert level="danger" %} - [>-](def-000-o7w.md): Enable Amazon Bedrock model invocation logging to monitor and audit model usage for security, compliance, and operati... - [Object-level logging should be enabled for S3 bucket read events](def-000-o7x.md): S3 object-level API read event operations, such as`GetObject`,`DeleteObject`, and`PutObject`, are classified as da... - [>-](def-000-o80.md): The`log_min_duration_statement`flag defines the minimum execution time (milliseconds) of a statement, where the tot... - [Checkpoint Quantum firewall ransomware infection detected](def-000-o81.md): {% alert level="danger" %} - [PingOne user locked after too many failed attempts](def-000-o8c.md): {% alert level="danger" %} - [Ensure All Files Are Owned by a Group](def-000-o8p.md): If any file is not group-owned by a valid defined group, the cause of the lack of group-ownership must be investigate... - [''Unattached disks'' should be encrypted with Customer Managed Key (CMK)](def-000-o8q.md): To enhance security and meet regulatory requirements, it is essential to ensure that unattached disks in a subscripti... - [Set Existing Passwords Minimum Age](def-000-o8v.md): Configure non-compliant accounts to enforce a 24 hours/1 day minimum password lifetime by running the following command: - [Enforce Password History with use_authtok](def-000-o92.md): The`use_authtok`option ensures the pam_pwhistory module uses the new password provided by a previously stacked PAM ... - [>-](def-000-o94.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltrati... - [Okta phone number assigned to multiple users](def-000-oac.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [S3 bucket policy should deny HTTP requests](def-000-oat.md): At the Amazon S3 bucket level, you can configure permissions through a bucket policy to make objects accessible only ... - [Windows PowerShell disable command history](def-000-oc4.md): {% alert level="danger" %} - [Commercial vulnerability scanner](def-000-ocf.md): Tactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-scanning](https://atta... - [iboss multiple soft blocked requests detected](def-000-ocp.md): {% alert level="danger" %} - [Route 53 DNS record pointing to external or nonexistent S3 bucket](def-000-ocr.md): This control identifies misconfigured Amazon Route 53 DNS records that point to external or nonexistent S3 buckets. S... - [iboss allowed malware activity detected](def-000-ocy.md): {% alert level="danger" %} - [Set Deny For Failed Password Attempts](def-000-ofm.md): The Ubuntu 20.04 operating system must lock an account after - at most - 5 consecutive invalid access attempts. - [Set Password Hashing Algorithm in /etc/libuser.conf](def-000-ofw.md): In`/etc/libuser.conf`, add or correct the following line in its`[defaults]`section to ensure the system will use t... - [Verify Permissions on SSH Server config file](def-000-ofz.md): To properly set the permissions of`/etc/ssh/sshd_config`, run the command: - [Snowflake UI login via password from proxy or vpn](def-000-ogf.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [>-](def-000-oh9.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [>-](def-000-ohn.md): This check verifies the presence of a service endpoint for Amazon EC2 within each VPC. It registers a failure if a VP... - [CloudFront distributions should use origin access control](def-000-ohu.md): This control verifies that every S3-based origin used in an Amazon CloudFront distribution has origin access control ... - [Google Security Command Center finding muted](def-000-ojd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Missing Strict Transport Security HTTP header](def-000-oji.md): This publicly exposed API endpoint does not implement the HTTP Strict-Transport-Security (HSTS) header. This header i... - [Delinea Privilege Manager unusual spike in application justification events](def-000-olr.md): {% alert level="danger" %} - [Ensure that /etc/cron.allow exists](def-000-on0.md): The file`/etc/cron.allow`should exist and should be used instead of`/etc/cron.deny`. - [Cisco Duo user marked authentication request as fraudulent](def-000-onq.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Windows hidden local user creation](def-000-oo6.md): {% alert level="danger" %} - [Ensure Logs Sent To Remote Host](def-000-ooh.md): To configure rsyslog to send logs to a remote log server, open`/etc/rsyslog.conf`and read and understand the last s... - [>-](def-000-oom.md): If the kubelet refers to a configuration file with the`--config`argument, you should set its file ownership to main... - [User has admin level privileges at the subscription scope](def-000-ope.md): This rule identifies when an Azure user has administrative-level permissions at the subscription scope. - [Set LogLevel to INFO](def-000-oqg.md): The INFO parameter specifices that record login and logout activity will be logged. - [Azure AD escalation from Global Administrator to User Access Administrator](def-000-or3.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [DMS replication instances should not be public](def-000-oru.md): This control evaluates the`PubliclyAccessible`field to confirm that AWS DMS replication instances are not publicly ... - [Jamf Protect alerts](def-000-ot4.md): Classification:attack - [Snowflake anomalous querying of data by user](def-000-otd.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Snowflake brute force attack on user](def-000-otf.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Snowflake abnormal usage of OAuth access token](def-000-oth.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1528-steal... - [Snowflake login from anomalous location](def-000-otj.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Snowflake UI login via password](def-000-oto.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Snowflake network policy modified](def-000-otp.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-ott.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [1Password vault export attempt by user](def-000-oui.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltrati... - [Missing Access-Control-Allow-Origin HTTP header](def-000-out.md): This publicly exposed API endpoint does not implement the Access-Control-Allow-Origin (ACAO) header, which may allow ... - [Possible brute force attempted against user](def-000-ouv.md): {% alert level="danger" %} - [Mimecast Alert: user responded to impersonation message](def-000-ovb.md): {% alert level="danger" %} - [>-](def-000-ovj.md): Storage Logging occurs server-side, recording details of both successful and failed requests in the storage account, ... - [Verify Permissions on /var/log/cloud-init.log(.*) Files](def-000-ovt.md): To properly set the permissions of`/var/log/cloud-init.log`, run the command: - [System Audit Logs Must Be Group Owned By Root](def-000-ovy.md): All audit logs must be group owned by root user. The path for audit log can be configured via`log_file`parameter in - [Sensitive namespace modified using kubectl](def-000-oxm.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [Slack data loss prevention rule modified](def-000-oxv.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Missing Content-Security-Policy HTTP header](def-000-ozg.md): This publicly exposed API endpoint was found responding with HTML or browser-rendered content and does not implement ... - [CloudTrail configuration changes should be monitored](def-000-p02.md): Real-time monitoring of API calls can be achieved by directing CloudTrail logs to CloudWatch logs and establishing co... - [GitHub user anomalously downloaded data as a ZIP file](def-000-p07.md): {% alert level="danger" %} - [>-](def-000-p0c.md): A publicly accessible host is affected by [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094). The vulner... - [SageMaker notebook instances should not have direct internet access](def-000-p1v.md): This control evaluates if direct internet access is disabled for a SageMaker notebook instance. - [LastPass vault content export attempt](def-000-p2e.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Google Cloud Logging Bucket deleted](def-000-p34.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [GitHub secret scanning alert generated](def-000-p3z.md): {% alert level="danger" %} - [GitHub SAML/OIDC has been disabled](def-000-p4l.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Ensure Log Files Are Owned By Appropriate Group](def-000-p4p.md): The group-owner of all log files written by`rsyslog`should be`root`. These log files are determined by the second ... - [GitHub personal access token (PAT) auto approve policy modified](def-000-p5v.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Azure Storage should have soft delete enabled](def-000-p6l.md): Azure Storage blobs may contain sensitive data such as ePHI, financial information, secrets, or personal data. Accide... - [GitHub private repository changed to public visibility](def-000-p6y.md): {% alert level="danger" %} - [PostgreSQL instances should have the 'log_hostname' database flag set to 'on](def-000-p76.md): PostgreSQL only logs the IP address of the connecting hosts. The`log_hostname`flag controls the logging of hostname... - [Azure AD possible MFA fatigue attack](def-000-p7y.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Unauthenticated route returns sensitive data using predictable IDs](def-000-p88.md): The API allows unauthenticated users to access sensitive data by exploiting the use of predictable identifiers (IDs).... - [GitHub unknown user cloned private repository](def-000-p8z.md): {% alert level="danger" %} - [Verify permissions on System Login Banner](def-000-p97.md): To properly set the permissions of`/etc/issue`, run the command: - [>-](def-000-p9l.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [GitHub enterprise or organization recovery codes activity](def-000-p9r.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [GitHub audit log streaming endpoint was modified](def-000-p9z.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [User activity detected from unauthorized countries](def-000-pal.md): Detect user activity from a country that's part of a denylist. - [Redshift Serverless snapshots should not be shared with external accounts](def-000-pbz.md): This rule evaluates whether Amazon Redshift Serverless snapshots are shared with external AWS accounts that are not o... - [Offensive Kubernetes tool executed](def-000-pcq.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1613-container-and... - [Unauthenticated route without rate limit](def-000-pdh.md): Unauthenticated users are allowed to consume this exposed endpoint, which does not implement any rate-limiting protec... - [AWS IAM activity from EC2 instance](def-000-pdi.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Invitation sent to account to join AWS organization](def-000-pew.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1535-unused-... - [EBS default encryption should be enabled](def-000-pf4.md): This rule evaluates whether encryption at the region level is enabled by default for Amazon Elastic Block Store (Amaz... - [CloudFront distributions should use custom SSL/TLS certificates](def-000-pfh.md): This check verifies whether CloudFront distributions are using the SSL/TLS certificate provided by CloudFront as the ... - [Twilio bulk export from unusual location](def-000-pgq.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Verify permissions of log files](def-000-pgr.md): Any operating system providing too much information in error messages risks compromising the data and security of the... - [>-](def-000-pgz.md): This control verifies if an Amazon EC2 Auto Scaling launch configuration has version 2 of the Instance Metadata Servi... - [Publicly accessible Lambda function uses a privileged IAM role](def-000-ph2.md): A misconfigured Lambda execution role contains risky privileges. A privileged IAM role attached to a Lambda function ... - [Anomalous number of OCI instances created in multiple availability domains](def-000-ph4.md): {% alert level="danger" %} - [Google Compute Engine instances created in multiple zones by user](def-000-phy.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [RDS instances should be configured to use Enhanced Monitoring](def-000-pjl.md): This control evaluates if Enhanced Monitoring is activated for an Amazon Relational Database Service (RDS) DB instanc... - [GitLab personal access token generated](def-000-pkl.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Audit data for Azure SQL Server should be retained for greater than 90 days](def-000-pkt.md): To ensure effective monitoring and detection of anomalies or breaches, it is recommended to configure SQL Server Audi... - [Ensure rsyslog is Installed](def-000-pmm.md): Rsyslog is installed by default. The`rsyslog`package can be installed with the following command: - [Ensure SSH MaxStartups is configured](def-000-pmt.md): The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. A... - [AWS VPC Flow Log deleted](def-000-pn2.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [A Microsoft Teams member was made owner of multiple teams](def-000-poi.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [Add nosuid Option to /var/tmp](def-000-pp8.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/var/tmp`. The SUID and SGID permis... - [GitHub MFA requirement disabled](def-000-pp9.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1556-modify-... - [Uninstall ypserv Package](def-000-pqk.md): The`ypserv`package can be removed with the following command: - [A GKE's Cluster's Kubelet should use TLS authentication](def-000-pql.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [Possible enumeration activity from anomalous number of access denied errors](def-000-prk.md): {% alert level="danger" %} - [ECS task definitions should have secure networking modes and user definitions](def-000-psk.md): This configuration check verifies Amazon Elastic Container Service (Amazon ECS) task definitions do not have unauthor... - [Scout Suite user agent observed](def-000-psn.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Attempt to exfiltrate a 1Password item by user](def-000-ptj.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Google Cloud SQL instance data exported to cloud storage](def-000-ptr.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Ivanti connect secure severe events detected](def-000-pu3.md): {% alert level="danger" %} - [>-](def-000-pup.md): This check verifies Classic Load Balancers are set to use either the defensive or strictest desync mitigation mode. H... - [Verify User Who Owns /var/log/(b|w)tmp(.*|-*) File](def-000-pvw.md): To properly set the owner of`/var/log/(b|w)tmp(.*|-*)`, run the command: - [GitHub audit log streaming endpoint was deleted](def-000-pwz.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-pxo.md): Enable`log_checkpoints`on PostgreSQL Servers. Enabling`log_checkpoints`helps the PostgreSQL Database to log each ... - [Ensure Only One Firewall Service is Active](def-000-pyk.md): The system must have exactly one active firewall service running to avoid conflicts and ensure consistent packet filt... - [Verify Group Who Owns /etc/security/opasswd File](def-000-pz7.md): To properly set the group owner of`/etc/security/opasswd`, run the command: - [>-](def-000-q1n.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Enable systemd-journal-upload Service](def-000-q1w.md): Ubuntu 24.04 must offload rsyslog messages for networked systems in real time and offload standalone systems at least... - [Verify Groupownership of Files in /var/log/gdm3](def-000-q22.md): To properly set the group owner of`/var/log/gdm3/*`, run the command: - [GitHub user blocked from accessing organization repositories](def-000-q3r.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Secrets should not be passed as container environment variables](def-000-q4w.md): This assessment verifies whether the environment parameter in container definitions includes key values such as AWS_A... - [DMS replication tasks for the target database should have logging enabled](def-000-q5n.md): This control verifies whether logging is enabled with at least the default severity level (`LOGGER_SEVERITY_DEFAULT`)... - [>-](def-000-q5r.md): The value of the`log_statement`flag determines the SQL statements that are logged. Valid values are: - [ECR private repositories should have tag immutability enabled](def-000-q6z.md): This control verifies whether tag immutability is enabled on a private ECR repository. It passes when tag immutabilit... - [AWS IAM AmazonSESFullAccess policy was applied to a user](def-000-q7d.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Configure AIDE to Verify the Audit Tools](def-000-q7i.md): The operating system file integrity tool must be configured to protect the integrity of the audit tools. - [''OS and Data'' disks should be encrypted with Customer Managed Key (CMK)](def-000-q8r.md): To enhance data security, it is important to ensure that both OS disks (boot volumes) and data disks (non-boot volume... - [Cisco Secure Endpoint malicious file detected on multiple hosts](def-000-q94.md): {% alert level="danger" %} - [Windows potential powershell reverseshell connection](def-000-q9d.md): {% alert level="danger" %} - [AWS IAM role has a large permissions gap](def-000-qaw.md): To mitigate the impact of credential exposure or compromise, IAM policies should be scoped down to the least level of... - [>-](def-000-qb9.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Route returns non-sensitive PII data without rate limit](def-000-qbb.md): The API returns non-sensitive personally identifiable information (PII) and does not implement any rate-limiting prot... - [>-](def-000-qbq.md): It is recommended to set the`remote access`database flag for Cloud SQL SQL Server instances to`off`. - [Build and Test AIDE Database](def-000-qbv.md): Run the following command to generate a new database: - [>-](def-000-qbz.md): To set the runtime status of the`net.ipv6.conf.all.accept_source_route`kernel parameter, run the following command: - [VPC Lambda functions should operate in multiple Availability Zones](def-000-qc6.md): This control verifies whether an AWS Lambda function that connects to a Virtual Private Cloud (VPC) is deployed acros... - [Microsoft 365 Copilot interaction flagged as indirect attack](def-000-qd7.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Indications of malicious key pair creation by long term access key](def-000-qdw.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [RC scripts modified](def-000-qe5.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1037-boot-or-log... - [Vulnerability Assessment should be enabled for SQL server](def-000-qef.md): The Vulnerability Assessment service is a valuable tool that analyzes SQL databases to identify security issues and d... - [Verify pam_pwquality module is activated](def-000-qix.md): The`pam_pwquality.so`module ensures password quality by evaluating user-created passwords against a system dictiona... - [IAM roles should not allow untrusted GitLab runners to assume them](def-000-qk5.md): When using GitLab CI/CD to assume an IAM role, it is recommended to use [identity federation](https://docs.gitlab.com... - [''Create Policy Assignment'' activity log alert should be configured](def-000-qnx.md): To improve detection of unsolicited changes and gain insight into modifications made in "Azure policy - assignments,"... - [Azure Container registries should use private link](def-000-qoc.md): This rule checks if Azure Container Registries are using Private Link connections. Using Private Link connections enh... - [Compute instances should have confidential computing enabled](def-000-qpe.md): Google Cloud encrypts both stored and in-transit data, but customer data needs to be decrypted while it is processed.... - [Indications of malicious trust anchor creation](def-000-qpr.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [ECS containers should be limited to read-only access to root filesystems](def-000-qq2.md): This evaluation examines whether Amazon ECS containers are restricted to read-only access to mounted root filesystems... - [Windows DNS query to Tor Onion address](def-000-qrn.md): {% alert level="danger" %} - [Process memory dumped using ProcDump](def-000-qrv.md): {% alert level="danger" %} - [Redshift clusters should have automatic snapshots enabled](def-000-qs4.md): This control verifies if automated snapshots are enabled for an Amazon Redshift cluster. - [Trend Micro Vision One XDR alert](def-000-qsj.md): {% alert level="danger" %} - [Twilio account geographic permissions updated](def-000-qu2.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Verify Permissions on /etc/cron.allow file](def-000-qy1.md): If`/etc/cron.allow`exists, it must have permissions`0640`or more restrictive. To properly set the permissions of ... - [Verify Group Who Owns /var/log/auth.log File](def-000-qyr.md): To properly set the group owner of`/var/log/auth.log`, run the command: - [FSx Lustre file systems should copy tags to backups](def-000-qza.md): This control verifies whether an Amazon FSx for Lustre file system is set up to copy tags to its backups. - [Atlassian user added to administrative group](def-000-r2f.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [GitLab project visibility changed](def-000-r2s.md): {% alert level="danger" %} - [Public network access should be disabled for Azure Storage Accounts](def-000-r36.md): Disable public network access for Azure Storage Accounts to improve security. - [Configure Systemd Timer Execution of AIDE](def-000-r4a.md): At a minimum, AIDE should be configured to run a weekly scan. To implement a systemd service and a timer unit to run ... - [Verify User Who Owns /etc/at.allow file](def-000-r4g.md): If`/etc/at.allow`exists, it must be owned by`root`. To properly set the owner of`/etc/at.allow`, run the command: - [Configure System Cryptography Policy](def-000-r54.md): To configure the system cryptography policy to use ciphers only from the`DEFAULT:NO-SHA1`policy, run the following ... - [Verify Systemd Service Modified on Host](def-000-r6b.md): | Impact | Remediation complexity | Severity | Recommended value | - [Disable XDMCP in GDM](def-000-r7f.md): XDMCP is an unencrypted protocol, and therefore, presents a security risk, see e.g. [XDMCP Gnome docs](https://help.g... - [Amazon ECR should be scanning all images for vulnerabilities](def-000-r89.md): {% alert level="danger" %} - [PingOne impossible travel authentication attempt](def-000-r8g.md): {% alert level="danger" %} - [Check Point Harmony Email & Collaboration impossible travel detected](def-000-r9l.md): {% alert level="danger" %} - [Install systemd-journal-remote Package](def-000-ra1.md): Journald (via systemd-journal-remote ) supports the ability to send log events it gathers to a remote log host or to ... - [>-](def-000-raw.md): Editor or Owner roles are highly permissive roles that existed prior to the introduction of IAM. - [Cloudtrail SecretsManager secret retrieved from AWS CloudShell environment](def-000-rcr.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Access to Azure services for PostgreSQL Database Server should be disabled](def-000-rdc.md): Disable access from Azure services to PostgreSQL Database Server. If access from Azure services is enabled, the serve... - [Verify that All World-Writable Directories Have Sticky Bits Set](def-000-re3.md): When the so-called 'sticky bit' is set on a directory, only the owner of a given file may remove that file from the d... - [Azure AD Privileged Identity Management member assigned](def-000-rev.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [AWS IAM user has administrative privileges and is inactive](def-000-rf2.md): If an IAM user is highly privileged or has administrative privileges and is inactive, this may indicate the role is n... - [EC2 Client VPN endpoints should have client connection logging enabled](def-000-rfc.md): This control verifies if client connection logging is enabled for an AWS Client VPN endpoint. AWS Client VPN endpoint... - [''Delete Network Security Group'' activity log alert should be configured](def-000-rhj.md): To enhance the detection of suspicious activity and gain insights into network access changes, it is recommended to c... - [Windows PowerShell Veeam backup servers credential dumping script execution](def-000-rhl.md): {% alert level="danger" %} - [>-](def-000-riw.md): {% alert level="danger" %} - [Azure AD sign in from AADinternals default user agent](def-000-rjy.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [Unusual password reset rate activity](def-000-rke.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [Verify User Who Owns /var/log/secure File](def-000-rkg.md): To properly set the owner of`/var/log/secure`, run the command: - [Verify Permissions on cron.hourly](def-000-rkt.md): To properly set the permissions of`/etc/cron.hourly`, run the command: - [CloudFront distributions should encrypt traffic to custom origins](def-000-rno.md): This check verifies if Amazon CloudFront distributions are securing traffic to custom origins. Failure for this contr... - [IAM groups should not have inline policies attached](def-000-rnw.md): IAM policies are rules that define the level of access granted to AWS resources. These policies can either be managed... - [Cluster VPC flow logs and intranode visibility should be enabled](def-000-ro8.md): VPC Flow Logs and intranode visibility should be enabled. This allows monitoring and analysis of network traffic with... - [GitHub OAuth application access restrictions disabled](def-000-rou.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](def-000-rp8.md): This check verifies if Auto Scaling groups linked to a Classic Load Balancer are using health checks from Elastic Loa... - [Verify Root Account Password Modifications on Host](def-000-rph.md): | Impact | Remediation complexity | Severity | Recommended value | - [Unauthenticated route returns PCI regulated data](def-000-rps.md): The API allows unauthenticated users to access PCI regulated data, which may not be intended. - [>-](def-000-rq5.md): Disable shared key access for Azure Storage Accounts. - [Disable apache2 Service](def-000-rqm.md): The`apache2`service can be disabled with the following command: - [GitHub PAT impossible travel event correlated with new user agent observed](def-000-rr9.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [NTDS file referenced in command line](def-000-rrr.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1003-os-cr... - [>-](def-000-rsg.md): This control verifies whether Amazon ECS Fargate services are configured to automatically utilize the latest Fargate ... - [Read operation on route use predictable IDs](def-000-rtc.md): The API allows users to retrieve resources by using predictable identifiers (IDs). Attackers can leverage this by gue... - [Suspicious named pipe created](def-000-rte.md): Classification:attackTactic:[TA0008-lateral-movement](https://attack.mitre.org/tactics/TA0008)Technique:[T1021-remote... - [CloudTrail logs S3 bucket should not be public accessible](def-000-rtu.md): The bucket policy or access control list (ACL) applied to the CloudTrail logs S3 bucket should prevent public access ... - [Malicious authentication attempt detected by Okta ThreatInsight](def-000-rtx.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [RDS instances should be configured to use a custom administrator name](def-000-rvk.md): This check determines if the admin username for an Amazon RDS database instance has been altered from its default set... - [A GKE Cluster's Kubelet should have the eventRecordQPS entry set](def-000-rwh.md): Security relevant information should be captured. The`eventRecordQPS`setting in the Kubelet configuration controls ... - [Ensure /dev/shm is configured](def-000-ry5.md): The`/dev/shm`is a traditional shared memory concept. One program will create a memory portion, which other processe... - [Ensure SELinux is Not Disabled](def-000-ryj.md): The SELinux state should be set to`enforcing`or`permissive`at system boot time. In the file`/etc/selinux/config`... - [Containers should not execute mount system calls](def-000-rzh.md): | Impact | Remediation complexity | Severity | Recommended value | - [Cluster should have Private Endpoint enabled and public access disabled](def-000-rzw.md): A cluster should have private endpoint enabled and public access disabled. These settings will ensure the cluster is ... - [>-](def-000-s02.md): The App Engine default service account is associated with your Google Cloud project and executes tasks on behalf of y... - [AWS Organizations root sessions feature should be enabled](def-000-s0m.md): Enabling the AWS Organizations Root Sessions feature increases security by centralizing control and minimizing the at... - [Okta temporary password granted and MFA reset](def-000-s0z.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [>-](def-000-s27.md): The Vulnerability Assessment service examines databases for potential security issues and deviations from optimal pra... - [Elasticsearch domains should have error logging to CloudWatch Logs enabled](def-000-s2d.md): This control confirms whether Elasticsearch domains are configured to forward error logs to CloudWatch Logs. - [Azure function has admin level privileges at the subscription scope](def-000-s2l.md): This rule identifies when an Azure Function has administrative level permissions at the subscription scope. - [Cloud storage buckets should have uniform bucket-level access enabled](def-000-s43.md): Uniform bucket-level access is enabled on Cloud Storage buckets. - [Disable rpcbind Service](def-000-s44.md): The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start... - [>-](def-000-s4m.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Mimecast Alert: malicious URL clicked by user](def-000-s5o.md): {% alert level="danger" %} - [>-](def-000-s65.md): It is recommended to check the`user connections`option for a GCP SQL Server instance to ensure that it is not artif... - [Enable the NTP Service](def-000-s73.md): The`ntp`service can be enabled with the following command: - [Add noexec Option to /var/log/audit](def-000-s7k.md): The`noexec`mount option can be used to prevent binaries from being executed out of`/var/log/audit`. Add the`noexe... - [>-](def-000-s8j.md): {% alert level="danger" %} - [Jumpcloud password manager local export](def-000-s99.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1567-exfiltrati... - [Disable systemd-journal-remote Socket](def-000-s9r.md): Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not ... - [Set UFW Loopback Traffic](def-000-sbg.md): Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback ne... - [Enable systemd-journald Service](def-000-sbs.md): The`systemd-journald`service is an essential component of systemd. The`systemd-journald`service can be enabled wi... - [Supply-Chain Firewall blocked package manager command](def-000-sc0.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1195-supply-c... - [Okta phishing detection with FastPass origin check](def-000-sc1.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing... - [An AKS Cluster's Kubelet should rotate server certificates automatically](def-000-scc.md): Server certificates should be rotated. This ensures there is no downtime due to expired certificates. - [AWS IAM AdministratorAccess policy was applied to a user](def-000-sd5.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [>-](def-000-sdh.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [AWS Lambda function resource-based policy modified by IAM user](def-000-ser.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Ensure ufw Default Deny Firewall Policy](def-000-sg0.md): A default deny policy on connections ensures that any unconfigured network usage will be rejected. Note: Any port or ... - [Cisco Meraki organization appliance security IDS events](def-000-sgp.md): Classification:attack - [Disable xinetd Service](def-000-sh4.md): The`xinetd`service can be disabled with the following command: - [Azure Blob Storage soft delete should be enabled](def-000-shp.md): Enable soft delete for Azure Blob Storage to recover deleted blobs within a retention period (1-365 days). - [Uninstall tftpd-hpa Package](def-000-sir.md): The`tftpd-hpa`package can be removed with the following command: - [Add nosuid Option to /dev/shm](def-000-siy.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/dev/shm`. The SUID and SGID permis... - [>-](def-000-sjl.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Keeper records export detected](def-000-skg.md): {% alert level="danger" %} - [Azure managed identity has dangerous key vault role](def-000-skj.md): This rule detects Azure AD managed identities with dangerous key vault roles. It specifically detects the assignment ... - [TLS Version should be set to 'TLSV1.2' for MySQL flexible Database Server](def-000-skw.md): Transport Layer Security (TLS) connectivity enhances security by encrypting the communication between database server... - [S3 Block Public Access feature should be enabled at the account level](def-000-skz.md): Amazon S3 provides the 'Block public access' (BPA) account feature to help restrict unintended public access to S3 da... - [Verify permissions on System Login Banner for Remote Connections](def-000-sma.md): To properly set the permissions of`/etc/issue.net`, run the command: - [Endpoint accepts JWTs without expiry](def-000-sod.md): This publicly exposed API endpoint accepts JWTs that do not include an expiration time (`exp`) claim. The expiration ... - [Limit Password Reuse](def-000-sol.md): Do not allow users to reuse recent passwords. This can be accomplished by using the`remember`option for the`pam_pw... - [Excessive account deletion from an IP](def-000-sp5.md): Tactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1531-account-access-removal](https://attac... - [Verify Sudoers Policy File Modifications](def-000-spm.md): | Impact | Remediation complexity | Severity | Recommended value | - [Lock Accounts After Failed Password Attempts](def-000-sqf.md): This rule configures the system to lock out accounts after a number of incorrect login attempts using`pam_faillock.s... - [Atlassian Confluence space export](def-000-sqs.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [EC2 instances managed by SSM should have a compliant patch status](def-000-sr2.md): This control verifies the status of Systems Manager patch compliance, ensuring that patch installations on EC2 instan... - [Set GNOME3 Screensaver Inactivity Timeout](def-000-srp.md): The idle time-out value for inactivity in the GNOME3 desktop is configured via the`idle-delay`setting must be set u... - [Uninstall rsync Package](def-000-ssc.md): The rsyncd service can be used to synchronize files between systems over network links. The`rsync`package can be re... - [Trend Micro Vision One Endpoint Security alert: Virus or malware detected](def-000-ssj.md): {% alert level="danger" %} - [Private endpoint connections on Azure SQL Database should be enabled](def-000-stp.md): This rule checks if private endpoint connections are enabled on Azure SQL Database. Private endpoint connections help... - [Amazon SES enumeration attempt by previously unseen user](def-000-su2.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Aurora MySQL clusters should publish audit logs to CloudWatch Logs](def-000-sup.md): This check verifies the Aurora MySQL DB cluster is configured to send audit logs to CloudWatch Logs. This check does ... - [IAM customer managed policies should not allow wildcard actions for services](def-000-sur.md): IAM customer managed policies that allow wildcard actions for services (for example,`"Action": "*"`) can lead to uni... - [Authentication route without HTTPS](def-000-sv3.md): This rule identifies when an exposed authentication route works over a non-encrypted channel. - [Netskope detected JA3 hash from multiple client IPs](def-000-svo.md): {% alert level="danger" %} - [Remove iptables-persistent Package](def-000-svz.md): The`iptables-persistent`package can be removed with the following command: - [Windows VolumeShadowCopy symlink creation via mklink](def-000-sw0.md): {% alert level="danger" %} - [Verify Group Ownership of System Login Banner for Remote Connections](def-000-sw7.md): To properly set the group owner of`/etc/issue.net`, run the command: - [Configure SSH to use System Crypto Policy](def-000-swf.md): Crypto Policies provide a centralized control over crypto algorithms usage of many packages. SSH is supported by cryp... - [Okta session hijacking](def-000-sxs.md): {% alert level="danger" %} - [Remove the GDM Package Group](def-000-sxt.md): By removing the`gdm3`package, the system no longer has GNOME installed installed. If X Windows is not installed the... - [A GKE Cluster's Kubelet should be allowed to manage iptables](def-000-sxw.md): It is recommended that kubelets be allowed to manage changes to`iptables`. This ensures that the`iptables`configur... - [Verify Owner on crontab](def-000-sxy.md): To properly set the owner of`/etc/crontab`, run the command: - [Enable Randomized Layout of Virtual Address Space](def-000-sy5.md): To set the runtime status of the`kernel.randomize_va_space`kernel parameter, run the following command: - [Ensure the Default C Shell Umask is Set Correctly](def-000-syj.md): To ensure the default umask for users of the C shell is set properly, add or correct the`umask`setting in`/etc/csh... - [1Password activity observed from Tor client IP](def-000-syp.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [AWS IAM Identity Center SSO configuration updated](def-000-t3z.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [AWS access key creation by previously unseen identity](def-000-t49.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Neptune DB clusters should be encrypted at rest](def-000-t5f.md): This check verifies if a Neptune DB cluster has encryption enabled for data at rest. - [Endpoint vulnerable to JWT algorithm confusion](def-000-t6u.md): This publicly exposed API endpoint may be vulnerable to JWT algorithm confusion attacks. The endpoint accepts JWTs si... - [Minimum TLS version for storage accounts should be set to Version 1.2](def-000-t74.md): By default, Azure Storage sets the minimum TLS version to TLS 1.0, which is a legacy version with known vulnerabiliti... - [Evidence hidden by deleting system log file](def-000-t7v.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1070-indicat... - [LastPass user impossible travel detected](def-000-t89.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [>-](def-000-t8i.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [>-](def-000-t92.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [GitHub personal access token used to add collaborator](def-000-t9l.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [SES should use Email Address Identities](def-000-ta5.md): Amazon SES must use Email Address Identities for verification of identities allowed to send email, to prevent unautho... - [An AKS Cluster's Kubelet's read-only port should be disabled](def-000-tak.md): The read-only port should be disabled to prevent unauthenticated users from potentially retrieving sensitive informat... - [Trend Micro Vision One Endpoint Security alert: Content violation detected](def-000-tbl.md): {% alert level="danger" %} - [The kubeconfig file should have permissions set to 644 or more restrictive](def-000-tc0.md): If kubelet is configured by a kubeconfig file, ensure that the kubeconfig file has permissions of`644`or more restr... - [Route returns non-sensitive PII without setting Cache-Control HTTP header](def-000-tdm.md): This publicly exposed API endpoint returns non-sensitive personally identifiable information (PII) without implementi... - [Forcepoint Secure Web Gateway abnormal number of blocked urls accessed by user](def-000-thd.md): {% alert level="danger" %} - [Verify User Who Owns Backup gshadow File](def-000-thy.md): To properly set the owner of`/etc/gshadow-`, run the command: - [Asana content export initiated by user](def-000-tie.md): {% alert level="danger" %} - [>-](def-000-tjk.md): {% alert level="danger" %} - [Trend Micro Email Security alert: High volume of emails to recipient](def-000-tl4.md): {% alert level="danger" %} - [Azure Function has administrative privileges over resources](def-000-tle.md): This rule ensures that none of your Azure functions have administrative roles with root management group scope attach... - [>-](def-000-tml.md): A publicly accessible EC2 instance has one or more critical severity vulnerabilities. - [Azure managed identity has administrative privileges over resources](def-000-tmo.md): This rule identifies when a managed identity has administrative level permissions at the root (most permissive) scope. - [Add nosuid Option to /var/log](def-000-tnb.md): The`nosuid`mount option can be used to prevent execution of setuid programs in`/var/log`. The SUID and SGID permis... - [Neptune DB clusters should be configured to copy tags to snapshots](def-000-tnm.md): This control verifies whether a Neptune DB cluster is set to automatically copy all tags to its snapshots when they a... - [Windows remote access tool ScreenConnect file transfer](def-000-tph.md): {% alert level="danger" %} - [GitLab user's multi-factor authentication disabled](def-000-tpx.md): {% alert level="danger" %} - [A GKE Cluster's Kubelet should only allow explicitly authorized requests](def-000-tq0.md): Kubelets can be configured to allow all authenticated requests (even anonymous ones) without needing explicit authori... - [Microsoft 365 Full Access delegate permissions added](def-000-tq6.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Instances should have IP forwarding disabled](def-000-tqp.md): Compute Engine instance cannot forward a packet unless the source IP address of the packet matches the IP address of ... - [Cloud DNS DNSSEC should use a secure algorithm other than RSASHA1](def-000-tup.md): Certificate resource records may use the domain name system security extensions (DNSSEC) algorithm numbers in this re... - [Multiple failed login attempts](def-000-tvg.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Keeper high risk password detected for user](def-000-twy.md): {% alert level="danger" %} - [The API server pod specification file ownership should be assigned to root](def-000-txc.md): The API server pod specification file ownership should be set to`root:root`. The API server pod specification file c... - [Windows COM RPC debugging registry key modified](def-000-tyf.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Anomalous number of Google Cloud Compute GPU virtual machines created](def-000-tz6.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [RDS clusters should use KMS encryption](def-000-u03.md): Amazon RDS clusters should use KMS encryption with AWS managed keys to ensure data is encrypted at rest using industr... - [Projects should only use non-default VPC networks](def-000-u0p.md): To prevent use of the`default`network, a project should not have a`default`network. - [Auth0 tenant invitation sent to user](def-000-u21.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Cluster should be created with Private Nodes](def-000-u28.md): A cluster should have private nodes enabled. These settings ensure that the nodes are properly isolated from public a... - [Compute instances should be launched with Shielded VM enabled](def-000-u2l.md): To defend against advanced threats and ensure that the boot loader and firmware on your VMs are signed and untampered... - [Ensure the Default Umask is Set Correctly in login.defs](def-000-u2v.md): To ensure the default umask controlled by`/etc/login.defs`is set properly, add or correct the`UMASK`setting in`/... - [RDS instances should have automatic backups enabled](def-000-u37.md): This control checks that RDS instances have automated backups enabled and maintains a backup for at least 7 days. Rea... - [Potential brute force attack detected](def-000-u3z.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [ECR private repositories should not grant public image uploads](def-000-u48.md): Identify when Amazon Elastic Container Repositories container images can be created or overwritten by anyone. - [>-](def-000-u4l.md): {% alert level="danger" %} - [Trend Micro Email Security alert: Phishing email detected](def-000-u5h.md): {% alert level="danger" %} - [Publicly accessible EC2 instances should not have highly-privileged IAM roles](def-000-u5t.md): This rule verifies that publicly accessible EC2 instances are not attached to a highly-privileged, risky [instance ro... - [Forcepoint Security Service Edge multiple files quarantined for a single user](def-000-u68.md): {% alert level="danger" %} - [ElastiCache clusters should not use the default subnet group](def-000-u69.md): This assessment verifies ElastiCache clusters are configured with a custom subnet group. The assessment will not pass... - [Windows MSSQL XPCmdshell suspicious execution](def-000-u7c.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [DocumentDB clusters should publish audit logs to CloudWatch Logs](def-000-u7d.md): This control verifies if an Amazon DocumentDB cluster is configured to send audit logs to Amazon CloudWatch Logs. The... - [>-](def-000-u7q.md): {% alert level="danger" %} - [Email with spam category opened by user](def-000-u8a.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing... - [Windows WMI backdoor exchange transport agent](def-000-u8k.md): {% alert level="danger" %} - [Ensure network interfaces are assigned to appropriate zone](def-000-u8v.md): Firewall zones define the trust level of network connections or interfaces. Note: Changing firewall settings while co... - [Verify User Who Owns /var/log/messages File](def-000-u96.md): To properly set the owner of`/var/log/messages`, run the command: - [Verify Group Who Owns cron.daily](def-000-u9v.md): To properly set the group owner of`/etc/cron.daily`, run the command: - [Neptune cluster replicates to a publicly accessible Neptune instance](def-000-ua9.md): A private Neptune cluster replicating to a publicly accessible Neptune read replica instance increases the likelihood... - [API Gateway execution logging should be enabled for WebSocket APIs](def-000-uad.md): This control evaluates whether execution logging is enabled for all stages of an Amazon API Gateway WebSocket API. Th... - [EKS Cluster should have private endpoint enabled](def-000-ub6.md): The EKS cluster should have`Private Endpoint`enabled. This ensures that outside access to the Kubernetes API is dis... - [Verify ownership of System Login Banner for Remote Connections](def-000-ubk.md): To properly set the owner of`/etc/issue.net`, run the command: - [Unauthenticated route returns sensitive PII](def-000-ubv.md): The API allows unauthenticated users to access sensitive personally identifiable information (PII), which may not be ... - [Enable SSH Warning Banner](def-000-ubz.md): To enable the warning banner and ensure it is consistent across the system, add or correct the following line in`/et... - [>-](def-000-ucb.md): Unpatched vulnerabilities in publicly accessible applications can increase the likelihood of exposing weaknesses, cre... - [Publicly Accessible Azure VM instance has a critical vulnerability](def-000-uco.md): A publicly accessible Azure VM instance has one or more critical severity vulnerabilities. - [Wiz Defend Threats alert](def-000-ucp.md): Classification:attack - [Atlassian Confluence public link turned on](def-000-udg.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [SQL database instances should only use private IP addresses](def-000-udm.md): Datadog recommends configuring the second generation SQL instance to use private IPs instead of public IPs. - [All AppArmor Profiles are in enforce or complain mode](def-000-udq.md): AppArmor profiles define what resources applications are able to access. To set all profiles to either`enforce`or`... - [Windows replay attack detected](def-000-ue8.md): {% alert level="danger" %} - [Cryptocurrency miner attempted to boost CPU performance](def-000-uf6.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Microsoft 365 mailbox audit logging bypass](def-000-uf9.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Do Not Allow SSH Environment Options](def-000-ug0.md): Ensure that users are not able to override environment variables of the SSH daemon. - [>-](def-000-ugf.md): {% alert level="danger" %} - [>-](def-000-ugk.md): To set the runtime status of the`net.ipv4.conf.default.log_martians`kernel parameter, run the following command: - [Verify Permissions on /var/log/waagent.log(.*) Files](def-000-ui7.md): To properly set the permissions of`/var/log/waagent.log`, run the command: - [Disable SSH Access via Empty Passwords](def-000-uig.md): Disallow SSH login with empty passwords. The default SSH configuration disables logins with empty passwords. The appr... - [S3 bucket ACLs should be restricted from public view](def-000-uiq.md): Modify your bucket ACL to remove public`READ_ACP`access. - [Azure should be configured with a security contact email](def-000-uk6.md): Microsoft Defender for Cloud notifies subscription owners via email about high-severity alerts. An additional securit... - [Verify firewalld Enabled](def-000-um6.md): The`firewalld`service can be enabled with the following command: - [Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces](def-000-un6.md): To set the runtime status of the`net.ipv4.conf.all.rp_filter`kernel parameter, run the following command: - [Endpoint accepts JWTs without audience](def-000-uo0.md): This publicly exposed API endpoint accepts JWTs that do not include an audience (`aud`) claim. The audience claim ide... - [Microsoft graph security alerts](def-000-uo2.md): {% alert level="danger" %} - [OSSEC Alert: Attack detected](def-000-uo8.md): {% alert level="danger" %} - [>-](def-000-upc.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Verify User Who Owns Backup shadow File](def-000-upd.md): To properly set the group owner of`/etc/shadow-`, run the command: - [Backup recovery points should be encrypted at rest](def-000-ur3.md): This control ensures that AWS Backup recovery points are encrypted at rest, passing only if encryption is enabled. - [Ensure the Root Bash Umask is Set Correctly](def-000-ur4.md): To ensure the root user's umask of the Bash shell is set properly, add or correct the`umask`setting in`/root/.bash... - [>-](def-000-uuk.md): It is recommended that you set the`cross db ownership chaining`database flag for SQL Server instance to`off`. - [Ensure gpgcheck Enabled for All yum Package Repositories](def-000-uul.md): To ensure signature checking is not disabled for any repos, remove any lines from files in`/etc/yum.repos.d`of the ... - [Slack enterprise organization created or deleted](def-000-uum.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1531-account-access-r... - [An EKS Cluster's Kubelet should rotate server certificates automatically](def-000-uwb.md): Server certificates should be rotated. This ensures there is no downtime due to expired certificates. - [Ensure PAM Enforces Password Requirements - Minimum Special Characters](def-000-uwl.md): The pam_pwquality module's`ocredit=`parameter controls requirements for usage of special (or "other") characters in... - [Microsoft 365 Copilot Studio Application Insights logging modified](def-000-uxh.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Crypto miner environment variables observed](def-000-uxt.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [AWS consoler detected](def-000-uy3.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [OSSEC Alert: Multiple authentication failures followed by a success](def-000-uzx.md): {% alert level="danger" %} - [Trellix Endpoint Security blocked web control violation detected](def-000-v1v.md): {% alert level="danger" %} - [Verify Group Who Owns Crontab](def-000-v2g.md): To properly set the group owner of`/etc/crontab`, run the command: - [Windows register new logon process by Rubeus](def-000-v3q.md): {% alert level="danger" %} - [Unfamiliar IAM user retrieved secret from AWS Secrets Manager](def-000-v4g.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [Windows DHCP server loaded CallOut DLL](def-000-v57.md): {% alert level="danger" %} - [EFS access points should enforce a root directory](def-000-v6o.md): This control verifies whether Amazon EFS access points are set up to enforce a specific root directory. The control f... - [GitHub Personal Access Token created by suspicious IP](def-000-v6r.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Azure managed identity has admin level privileges at the subscription scope](def-000-v6u.md): This rule identifies when an Azure Managed Identity has administrative-level permissions at the subscription scope. - [Application Load Balancers should have deletion protection enabled](def-000-v6y.md): This control verifies deletion protection is enabled for Application, Gateway, and Network Load Balancers. To safegua... - [Atlassian user invited to organization as an organization administrator](def-000-v79.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Verify Permissions on cron.weekly](def-000-v7c.md): To properly set the permissions of`/etc/cron.weekly`, run the command: - [Public-facing application load balancers should drop HTTP headers](def-000-v86.md): This control checks that public facing AWS Application Load Balancers (ALBs) are set to discard invalid HTTP headers.... - [Google Workspace user assigned administrative role](def-000-v89.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty](def-000-v8u.md): The sudo`use_pty`tag, when specified, will only execute sudo commands from users logged in to a real tty. This shou... - [Set SSH Client Alive Interval](def-000-v8y.md): SSH allows administrators to set a network responsiveness timeout interval. After this interval has passed, the unres... - [IAM users should have assigned permissions](def-000-vae.md): IAM Users without permissions can lead to potential security risks and misconfigurations. Users without assigned poli... - [>-](def-000-vaw.md): {% alert level="danger" %} - [''Delete Security Solution'' activity log alert should be configured](def-000-vb1.md): To enhance the detection of suspicious activity and gain insights into changes made to active security solutions, it ... - [Keycloak multiple login error events from the same IP address](def-000-vbc.md): {% alert level="danger" %} - [Use Only Strong MACs](def-000-vbi.md): Limit the MACs to strong hash algorithms. The following line in`/etc/ssh/sshd_config`demonstrates use of those MACs: - [>-](def-000-vc2.md): Disallowing public access for a storage account overrides the public access settings for individual containers in tha... - [Publicly Accessible RDS instance uses a common master database username](def-000-vcf.md): A publicly accessible database that uses a common master database username increases the likelihood of brute force at... - [Local file inclusion exploited](def-000-vck.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [S3 general purpose buckets should have static website hosting disabled](def-000-vde.md): AWS S3 bucket website hosting should not be enabled because it increases the chance of accidentally exposing sensitiv... - [Azure AI API keys listed from previously unseen application](def-000-vdl.md): {% alert level="danger" %} - [ECS cluster logging should be enabled and encrypted](def-000-vdq.md): ECS clusters should have encrypted logging enabled for execute command sessions to protect sensitive data in transit ... - [AWS S3 Object encryption with SSE-C](def-000-vfj.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1486-data-encrypted-f... - [Ensure that Root's Path Does Not Include Relative Paths or Null Directories](def-000-vfr.md): Ensure that none of the directories in root's path is equal to a single`.`character, or that it contains any instan... - [Keycloak user disabled by permanent lockout](def-000-vgr.md): {% alert level="danger" %} - [Route processes payments without HTTPS](def-000-vgt.md): This API endpoint was found processing payments over a non encrypted channel. - [Set Password Hashing Algorithm in /etc/login.defs](def-000-vh1.md): In`/etc/login.defs`, add or update the following line to ensure the system will use SHA512 as the hashing algorithm: - [Uninstall setroubleshoot Package](def-000-vhs.md): The SETroubleshoot service notifies desktop users of SELinux denials. The service provides information around configu... - [Verify Permissions of Files in /var/log/gdm](def-000-vjw.md): To properly set the permissions of`/var/log/gdm/*`, run the command: - [>-](def-000-vk0.md): {% alert level="danger" %} - [An EKS Cluster's Kubelet configuration file should disable anonymous requests](def-000-vkj.md): Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow ... - [Windows active directory user backdoors](def-000-vn6.md): {% alert level="danger" %} - [API Gateway routes should specify an authorization type](def-000-vna.md): This control verifies whether Amazon API Gateway routes are configured with an authorization mechanism. The control f... - [Add nodev Option to /home](def-000-vne.md): The`nodev`mount option can be used to prevent device files from being created in`/home`. Legitimate character and ... - [>-](def-000-vni.md): If the kubelet refers to a configuration file with the`--config`argument, ensure that the file has permissions set ... - [Elasticsearch domains should encrypt data transmitted between nodes](def-000-vnl.md): This control verifies if node-to-node encryption is enabled for an Elasticsearch domain. The control will not pass if... - [EC2 instance should not have a highly-privileged IAM role attached to it](def-000-vos.md): This rule ensures that none of your EC2 instances is attached to a highly-privileged [instance role](https://docs.aws... - [Verify Group Who Owns /var/log/*.journal(~) File](def-000-vp9.md): To properly set the group owner of`/var/log/*.journal(~)`, run the command: - [Okta Desktop Single Sign On (DSSO) from unexpected profile source](def-000-vpw.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [GitLab password reset from suspicious IP](def-000-vq0.md): {% alert level="danger" %} - [API Gateway REST API cache data should be encrypted at rest](def-000-vq1.md): This control evaluates whether execution logging is enabled for all stages of an Amazon API Gateway REST API. The con... - [Check Point Harmony Email & Collaboration malicious URL clicked by user](def-000-vqh.md): {% alert level="danger" %} - [Okta OPA server account password changed out of band](def-000-vqw.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [>-](def-000-vrb.md): Enabling`log_disconnections`helps PostgreSQL Database to log the end of a session, including duration, which in tur... - [Uninstall CUPS Package](def-000-vrd.md): The`cups`package can be removed with the following command: - [SQL database instances should enforce SSL for all incoming connections](def-000-vsz.md): This control ensures that SSL encryption is enabled for SQL database connections, which include PostgreSQL, MySQL (ge... - [Route returns PCI regulated data without setting Cache-Control HTTP header](def-000-vtn.md): This publicly exposed API endpoint returns PCI regulated data without implementing the Cache-Control header. This hea... - [Windows PowerShell Disable-WindowsOptionalFeature command](def-000-vuj.md): {% alert level="danger" %} - [Trend Micro Vision One XDR impossible travel detected for identity activity](def-000-vva.md): {% alert level="danger" %} - [Missing Content Type HTTP header](def-000-vvh.md): This publicly exposed API endpoint does not implement the`Content-Type`and`X-Content-Type-Options`HTTP headers. T... - [Limit the maximum number of sequential characters in passwords](def-000-vvt.md): The`pwquality maxsequence`setting defines the maximum allowable length for consecutive character sequences in a new... - [>-](def-000-vw9.md): It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network firewall rule... - [Palo Alto Networks Firewall - crypto mining activity observed](def-000-vwv.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [>-](def-000-vx1.md): Enabling`connection_throttling`helps the PostgreSQL Database to set the verbosity of logged messages. This in turn ... - [MFA should be enabled for Cognito user pools](def-000-vxv.md): Multi-factor authentication (MFA) should be enabled for Amazon Cognito user pools. MFA provides an additional layer o... - [Disable core dump backtraces](def-000-vya.md): The`ProcessSizeMax`option in`[Coredump]`section of`/etc/systemd/coredump.conf`specifies the maximum size in byt... - [Ensure Remote Login Warning Banner Is Configured Properly](def-000-vyo.md): To configure the system remote login warning banner edit the`/etc/issue.net`file. The contents of this file is disp... - [Uninstall talk Package](def-000-vz7.md): The`talk`package contains the client program for the Internet talk protocol, which allows the user to chat with oth... - [Windows WinPwn execution patterns](def-000-vzv.md): {% alert level="danger" %} - [>-](def-000-w0f.md): To enhance the monitoring of network access changes and reduce the time it takes to identify suspicious activity, it ... - [Ensure All Groups on the System Have Unique Group Names](def-000-w0n.md): Change the group name or delete groups, so each has a unique name. - [Verify Permissions on /etc/security/opasswd.old File](def-000-w2y.md): To properly set the permissions of`/etc/security/opasswd.old`, run the command: - [Prevent Login to Accounts With Empty Password (ubuntu2404)](def-000-w38.md): If an account is configured for password authentication but does not have an assigned password, it may be possible to... - [Default to Microsoft Entra authorization in the Azure portal should be enabled](def-000-w60.md): Enable`Default to Microsoft Entra authorization`in the Azure portal for Storage Accounts to improve security by usi... - [Ensure nftables Default Deny Firewall Policy](def-000-w65.md): Base chain policy is the default verdict that will be applied to packets reaching the end of the chain. There are two... - [Clusters should use binary authorization](def-000-w7u.md): Enable Binary Authorization on the cluster. This ensures that only signed images are allowed inside the cluster, incr... - [EFS data should be encrypted at rest](def-000-w88.md): This control evaluates whether Amazon EFS is set up to encrypt file data at rest through AWS KMS. - [PsExec execution detected](def-000-w8e.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1569-system-servic... - [Windows BITS transfer job download from direct IP](def-000-w8o.md): {% alert level="danger" %} - [Azure group has dangerous key vault role](def-000-w96.md): This rule detects Azure AD groups with dangerous key vault roles. It specifically detects the assignment of Key Vault... - [PostgreSQL instance should have the 'log_disconnections' database flag enabled](def-000-w9z.md): Enabling the`log_disconnections`setting logs the end of each session, including the session duration. - [GitHub critical resource enumeration activity via API](def-000-wb9.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Oracle Cloud user requested to create or reset password from malicious IP](def-000-wcq.md): {% alert level="danger" %} - [Verify Group Who Owns /var/log/lastlog File](def-000-wcs.md): To properly set the group owner of`/var/log/lastlog`, run the command: - [Set existing passwords a period of inactivity before they been locked](def-000-wcz.md): Configure user accounts that have been inactive for over a given period of time to be automatically disabled by runni... - [RDS clusters should be configured to use multiple Availability Zones](def-000-wdn.md): This control ensures high availability is enabled for your RDS clusters. The control will fail if an RDS cluster is n... - [Tailscale device approval configuration disabled](def-000-we4.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Ensure journald is configured to compress large log files](def-000-wgd.md): The journald system can compress large log files to avoid fill the system disk. - [Windows service installed by suspicious client](def-000-wjt.md): {% alert level="danger" %} - [Configure SELinux Policy](def-000-wkz.md): The SELinux`targeted`policy is appropriate for general-purpose desktops and servers, as well as systems in many oth... - [Remove the X Windows Package Group](def-000-wlx.md): By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not ins... - [Ensure All Accounts on the System Have Unique User IDs](def-000-wmq.md): Change user IDs (UIDs), or delete accounts, so each has a unique name. - [Datadog Malicious PR Protection](def-000-wnp.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [AWS IAM AdministratorAccess policy was applied to a group](def-000-wnq.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Ensure Mail Transfer Agent is not Listening on any non-loopback Address](def-000-wnr.md): Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messa... - [>-](def-000-wnt.md): {% alert level="danger" %} - [Disable Core Dumps for All Users](def-000-wpp.md): To disable core dumps for all users, add the following line to`/etc/security/limits.conf`, or to a file within the`... - [Ensure Base Chains Exist for Nftables](def-000-wr3.md): Tables in nftables hold chains. Each table only has one address family and only applies to packets of this family. Ta... - [>-](def-000-wsd.md): Turning on the email alert feature ensures the subscription owner or chosen security contacts receive important secur... - [Mimecast Alert: phishing email detected](def-000-wt2.md): {% alert level="danger" %} - [Okta user's MFA factors reset followed by access to the administrative console](def-000-wte.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [>-](def-000-wuf.md): This control verifies whether the default stateless action for full packets in a Network Firewall policy is set to`a... - [Enforce Usage of pam_wheel with Group Parameter for su Authentication](def-000-wvo.md): To ensure that only users who are members of the group set in the`group`option of`pam_wheel.so`module can run com... - [Athena workgroups should have logging enabled](def-000-wwp.md): Amazon Athena workgroups should have logging enabled to track and monitor query activities. Logging provides audit re... - [Windows moriya rootkit](def-000-www.md): {% alert level="danger" %} - [AWS SES email sending enabled in current AWS region](def-000-wwz.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Keeper brute force attempt](def-000-wyw.md): {% alert level="danger" %} - [Verify Ownership on SSH Server Public *.pub Key Files](def-000-x04.md): SSH server public keys, files that match the`/etc/ssh/*.pub`glob, must be owned by`root`user. - [DocumentDB clusters should be encrypted at rest](def-000-x0z.md): This evaluation determines if an Amazon DocumentDB cluster has encryption enabled at rest. The evaluation will fail i... - [AWS IAM activity by S3 browser utility](def-000-x1d.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Set nftables Configuration for Loopback Traffic](def-000-x1o.md): Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback ne... - [>-](def-000-x2c.md): This control checks whether your IAM role inline policies for write access to Bedrock Knowledge Base (KB) sources inc... - [Verify that audit tools Have Mode 0755 or less](def-000-x2k.md): The Ubuntu 20.04 operating system audit tools must have the proper permissions configured to protected against unauth... - [>-](def-000-x5f.md): Enabling the EC2 setting 'Block public access for AMIs' ensures that AMIs cannot accidentally be shared publicly. Thi... - [PingFederate Admin Alert: impossible travel by user](def-000-x64.md): {% alert level="danger" %} - [EFS file systems should have encryption at rest enabled](def-000-x67.md): This check ensures that Amazon Elastic File System (EFS) file systems have encryption at rest enabled. Enabling encry... - [AWS SES discovery attempt by long term access key](def-000-x6y.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Salesforce anomalous amount of queried tables](def-000-x75.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [>-](def-000-x7x.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Retention policies should be configured using bucket lock on log buckets](def-000-x8l.md): Enabling retention policies on log buckets protects logs stored in cloud storage buckets from being overwritten or ac... - [>-](def-000-xai.md): The Compute Engine default service account is associated with your Google Cloud project and attached by default to Co... - [Verify Group Ownership of System Login Banner](def-000-xav.md): To properly set the group owner of`/etc/issue`, run the command: - [>-](def-000-xb7.md): This control checks whether your IAM group inline policies for write access to Bedrock Knowledge Base (KB) sources in... - [GitHub repository transfer](def-000-xc3.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [1Password service account token activity observed](def-000-xcb.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [>-](def-000-xen.md): This control checks whether your customer-managed IAM policies for write access to Bedrock Knowledge Base (KB) source... - [Verify Group Who Owns /etc/shells File](def-000-xf4.md): To properly set the group owner of`/etc/shells`, run the command: - [Verify /boot/grub2/user.cfg User Ownership](def-000-xgb.md): The file`/boot/grub2/user.cfg`should be owned by the`root`user to prevent reading or modification of the file. To... - [Zendesk IP restriction settings is disabled](def-000-xgm.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows ANONYMOUS LOGON local account created](def-000-xhs.md): {% alert level="danger" %} - [>-](def-000-xj7.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Install ufw Package](def-000-xkq.md): The`ufw`package can be installed with the following command: - [Disable Accepting ICMP Redirects for All IPv6 Interfaces](def-000-xmd.md): To set the runtime status of the`net.ipv6.conf.all.accept_redirects`kernel parameter, run the following command: - [Trellix Endpoint Security unrestricted port blocking rule violation detected](def-000-xn4.md): {% alert level="danger" %} - [>-](def-000-xny.md): Unpatched vulnerabilities can increase the likelihood of exposing system weaknesses creating an entry point for attac... - [Audit Configuration Files Must Be Owned By Group root](def-000-xqs.md): All audit configuration files must be owned by group root. - [Wiz Defend Detections alert](def-000-xr6.md): Classification:attack - [DMS endpoints should require SSL/TLS](def-000-xr7.md): This control verifies if an AWS DMS endpoint is configured to use an SSL connection. The`ssl_mode`of the endpoint m... - [Google Compute Engine service account used outside of Google Cloud](def-000-xsj.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [SSH login by password guesser from Zeek](def-000-xu9.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Verify Group Who Owns group File](def-000-xud.md): To properly set the group owner of`/etc/group`, run the command: - [>-](def-000-xur.md): {% alert level="danger" %} - [Admin endpoint without authentication](def-000-xv1.md): An administrative endpoint is exposed without authentication, allowing unauthorized users to access sensitive functio... - [Microsoft 365 eDiscovery content search started](def-000-xvd.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Anomalous failed SSH authentication attempts by a single IP address](def-000-xw3.md): Classification:anomalyTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brut... - [>-](def-000-xwu.md): To configure the number of retry prompts that are permitted per-session: Edit the`pam_pwquality.so`statement in`/e... - [Ensure shadow Group is Empty](def-000-xwv.md): The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users shoul... - [Windows boot registry key modified](def-000-xwx.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Bring your own file system (BYOF) tool executed](def-000-xx1.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [A GKE Cluster's Kubelet should rotate server certificates automatically](def-000-xxd.md): Server certificates should be rotated. This ensures there is no downtime due to expired certificates. - [Zendesk API token is created](def-000-xxo.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Verify Non-Interactive Accounts Are Locked](def-000-xxw.md): Accounts meant for non-interactive purposes should be locked to prevent unauthorized access. Accounts with non-standa... - [Suspicous ntdsutil usage](def-000-xxx.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1003-os-cr... - [Set SSH Daemon LogLevel to VERBOSE](def-000-y1u.md): The`VERBOSE`parameter configures the SSH daemon to record login and logout activity. To specify the log level in SS... - [Verify Only Group Root Has GID 0](def-000-y1v.md): If any group other than root has a GID of 0, this misconfiguration should be investigated and the groups other than r... - [Verify Permissions on /var/log/lastlog(.*) Files](def-000-y21.md): To properly set the permissions of`/var/log/lastlog`, run the command: - [Verify Permissions on group File](def-000-y39.md): To properly set the permissions of`/etc/group`, run the command: - [Verify Permissions on cron.d](def-000-y4l.md): To properly set the permissions of`/etc/cron.d`, run the command: - [Ensure root account access is controlled](def-000-y4m.md): There are a number of methods to access the root account directly. Without a password set any user would be able to g... - [Verify Group Who Owns Backup passwd File](def-000-y5n.md): To properly set the group owner of`/etc/passwd-`, run the command: - [All keys in RBAC Azure Key Vault should have an expiration time set](def-000-y5o.md): Ensure that all keys in Role Based Access Control (RBAC) Azure Key Vaults have an expiration date set. The **exp** (e... - [Unusual AWS identity requesting limit increase](def-000-y78.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Cloud Storage Bucket should not be anonymously or publicly accessible](def-000-y7k.md): It is recommended that IAM policies on Cloud Storage buckets do not allow anonymous or public access. - [An AKS Cluster's Kubelet should have the eventRecordQPS entry set](def-000-y8h.md): Security relevant information should be captured. The`eventRecordQPS`setting in the Kubelet configuration controls ... - [Okta temporary AWS credentials granted using open source tooling](def-000-yab.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [AWS SES add verified identity followed by the deletion of the identity](def-000-yax.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1070-indicat... - [Ensure SELinux Not Disabled in /etc/default/grub](def-000-ybk.md): SELinux can be disabled at boot time by an argument in`/etc/default/grub`. Remove any instances of`selinux=0`from ... - [Unauthenticated route with SQL injection vulnerability](def-000-ycc.md): Unauthenticated users have access to an API that's performing [SQL queries using user controlled parameters](https://... - [AKS Kubelet configuration file ownership should be assigned to root](def-000-yd0.md): Ensure that the file ownership of the kubelet's kubeconfig file is set to`root:root`. You should set its file owners... - [ECS containers should run as non-privileged](def-000-ydi.md): This assessment examines whether the privileged setting in the container definition of Amazon ECS Task Definitions is... - [OpenSearch domains should have Audit Logging enabled](def-000-yed.md): This check determines if`audit`logging is enabled for Amazon OpenSearch Service domains, and is configured to send ... - [DocumentDB cluster snapshots should not be shared with external accounts](def-000-yeh.md): This rule evaluates whether Amazon DocumentDB cluster snapshots are shared with external AWS accounts that are not on... - [Salesforce previously unseen network for application OAuth token login](def-000-yf3.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Anomalous number of AWS Lambda functions deleted](def-000-yfb.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [GitHub large amount of classic personal access token use via suspicious VPN](def-000-yhv.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Okta admin console activity from new device](def-000-yiq.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Disable Mounting of udf](def-000-yiz.md): To configure the system to prevent the`udf`kernel module from being loaded, add the following line to the file`/et... - [Impossible travel scenario observed in Wiz authentication](def-000-yj3.md): {% alert level="danger" %} - [Ensure journald is configured to send logs to rsyslog](def-000-yji.md): Data from journald may be stored in volatile memory or persisted locally. Utilities exist to accept remote export of ... - [Credential Stuffing attack](def-000-yk4.md): Tactic:[TA0042-resource_development](https://attack.mitre.org/tactics/TA0042)Technique:[T1586-compromise-accounts](ht... - [Slack two factor authentication requirement changed](def-000-yl4.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1556-modify-auth... - [Amazon Bedrock activity InvokeModel multiple regions](def-000-ynk.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [A log metric filter and alert should exist for VPC network route changes](def-000-yp6.md): It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes. - [Trend Micro Vision One Endpoint Security alert: Suspicious file detected](def-000-yq9.md): {% alert level="danger" %} - [User agent associated with penetration testing tool observed](def-000-ys8.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [IAM groups should have at least one user attached](def-000-ysz.md): IAM groups help manage user permissions by bundling policies that can be applied to multiple users simultaneously. If... - [Set Lockout Time for Failed Password Attempts](def-000-yv0.md): This rule configures the system to lock out accounts during a specified time period after a number of incorrect login... - [Uninstall the nis package](def-000-yvz.md): The support for Yellowpages should not be installed unless it is required. - [RDS cluster snapshots should be encrypted at rest](def-000-ywp.md): This control ensures snapshots are encrypted. It checks RDS, Neptune, DocDB, and Aurora snapshots. Snapshot encryptio... - [EC2 subnets should not automatically assign public IP addresses](def-000-yx8.md): This check verifies if the configuration of public IP assignment in Amazon Virtual Private Cloud (VPC) subnets has th... - [SQL database instances should have automated backups enabled](def-000-yxc.md): This check ensures that Cloud SQL database instances are configured with automated backups. It is recommended that al... - [Windows shimcache flush](def-000-yyo.md): {% alert level="danger" %} - [Bitsadmin used to download or execute a file](def-000-yyy.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [WMI used to remotely execute content](def-000-yyz.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1047-windows-manag... - [Process memory dumped using procdump](def-000-yzz.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1003-os-cr... - [Auth0 breached password detection disabled](def-000-z01.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Container with elevated privileges assigned to a privileged Kubernetes node](def-000-z13.md): Granting excessive security capabilities to a pod or container can lead to unintended lateral movement to other conta... - [Verify User Who Owns /var/log/syslog File](def-000-z1m.md): To properly set the owner of`/var/log/syslog`, run the command: - [Container-Optimized OS (cos_containerd) should be used for GKE node images](def-000-z1p.md): Container-Optimized OS images should be used in your cluster. These image types are hardened and increase the securit... - [Okta OAuth mismatched URI](def-000-z23.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1528-steal... - [Instances should use a non-default service account](def-000-z3h.md): To follow the principle of least privileges and to prevent potential privilege escalation, assign instances to a serv... - [Disable Modprobe Loading of USB Storage Driver](def-000-z3o.md): To prevent USB storage devices from being used, configure the kernel module loading system to prevent automatic loadi... - [Bedrock custom models should not train from publicly accessible s3 buckets](def-000-z56.md): This control verifies that Amazon Bedrock custom models are **not** trained using data from publicly accessible Amazo... - [Disable Dovecot Service](def-000-z5a.md): The`dovecot`service can be disabled with the following command: - [Keycloak multiple identity provider login errors detected on realm](def-000-z5h.md): {% alert level="danger" %} - [>-](def-000-z6k.md): This check verifies if a secret managed by AWS Secrets Manager has been rotated according to its defined schedule. Th... - [Kubernetes service account token created in container](def-000-z6p.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [Ensure that All Root's Path Directories Are Owned by Root](def-000-z7d.md): For each element in root's path, run: - [Possible AWS backup resource enumeration by long term access key](def-000-z7e.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1580-cloud-infrast... - [Windows password protected ZIP file opened with suspicious filenames](def-000-z7t.md): {% alert level="danger" %} - [RDS clusters should have Auto Minor Version Upgrade enabled](def-000-z7z.md): This check ensures that automatic minor version upgrades are enabled for an Amazon RDS database cluster. Enabling aut... - [IAM password policy should require user passwords to expire within 90 days](def-000-z8a.md): IAM password policies enforce rules for user passwords in AWS. One of these rules is defining the password expiration... - [Ensure GKE node pools do not use default service accounts](def-000-za6.md): The service account running the nodes in a cluster should have the principle of least privilege applied. Without a mi... - [Microsoft 365 Default or Anonymous user permissions added to mailbox folder](def-000-zat.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [ECS task definitions should not share the host's process namespace](def-000-zbk.md): This assessment verifies whether Amazon ECS task definitions are set up to share a host's process namespace with its ... - [Ensure SSH LoginGraceTime is configured](def-000-zcl.md): The`LoginGraceTime`parameter to the SSH server specifies the time allowed for successful authentication to the SSH ... - [Require Authentication for Single User Mode](def-000-zd1.md): Single-user mode is intended as a system recovery method, providing a single user root access to the system by provid... - [Azure managed identity has a large permissions gap](def-000-zdh.md): To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least leve... - [Ensure journald is configured to write log files to persistent disk](def-000-zei.md): The journald system may store log files in volatile memory or locally on disk. If the logs are only stored in volatil... - [Audit Configuration Files Must Be Owned By Root](def-000-zfc.md): All audit configuration files must be owned by root user. To properly set the owner of`/etc/audit/`, run the command: - [EC2 setting 'EBS encryption by default' should be enabled](def-000-zgq.md): Enabling the EC2 setting 'EBS encryption by default' ensures that all new block storage volumes and snapshots are aut... - [Microsoft 365 Exchange junk email settings modified by a suspicious VPN](def-000-zhz.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1564-hide-ar... - [AWS Verified Access anomalous failed authentication attempts by IP](def-000-ziw.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [Okta policy rule modified to downgrade MFA](def-000-zjx.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Verify User Who Owns Backup passwd File](def-000-zk0.md): To properly set the owner of`/etc/passwd-`, run the command: - [Disable storing core dump](def-000-zl2.md): The`Storage`option in`[Coredump]`sectionof`/etc/systemd/coredump.conf`can be set to`none`to disable storing c... - [Uninstall bind Package](def-000-zlf.md): The`named`service is provided by the`bind`package. The`bind`package can be removed with the following command: - [Container accessed using kubectl in another container](def-000-zm9.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [GCP User Account has overly permissive access to resources in the project](def-000-zoz.md): Editor or Owner roles are highly permissive roles that existed prior to the introduction of IAM. - [Azure Bastion host should exist](def-000-zp9.md): Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal... - [Verify Group Who Owns shadow File](def-000-zph.md): To properly set the group owner of`/etc/shadow`, run the command: - [AKS cluster should use a network policy between nodes](def-000-zpk.md): Network policies restrict pod-to-pod traffic and should be implemented in AKS clusters. - [Verify Permissions on crontab](def-000-zps.md): To properly set the permissions of`/etc/crontab`, run the command: - [Uninstall net-snmp Package](def-000-zpz.md): The`snmp`package provides the snmpd service. The`snmp`package can be removed with the following command: - [Verify Permissions on Backup passwd File](def-000-zqe.md): To properly set the permissions of`/etc/passwd-`, run the command: - [>-](def-000-zql.md): To set the runtime status of the`net.ipv4.conf.default.rp_filter`kernel parameter, run the following command: - [Ensure PAM Enforces Password Requirements - Minimum Different Characters](def-000-zqt.md): The pam_pwquality module's`difok`parameter sets the number of characters in a password that must not be present in ... - [Install pam_pwquality Package](def-000-zrr.md): The`libpam-pwquality`package can be installed with the following command: - [AKS Cluster should have public access limited](def-000-zrw.md): When public access is enabled in an AKS cluster, it should be limited to a specific set of CIDRs. For security, publi... - [Secrets Manager secrets should be rotated within 90 days](def-000-zrx.md): This control verifies whether an AWS Secrets Manager secret is rotated at least once within 90 days. The control will... - [Verify Owner on cron.monthly](def-000-zsa.md): To properly set the owner of`/etc/cron.monthly`, run the command: - [>-](def-000-zsu.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Verify Root Has A Primary GID 0](def-000-zsz.md): The`root`user should have a primary group of 0. - [Cisco Umbrella - allowed request to unsafe URL category](def-000-zt4.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1071-app... - [API Gateway access logging should be enabled for V2 API stages](def-000-zud.md): This control evaluates whether access logging is enabled for a specific stage of an Amazon API Gateway V2 API. - [Windows MSSQL SPProcoption set](def-000-zul.md): {% alert level="danger" %} - [>-](def-000-zup.md): Identify when an EC2 instance is publicly accessible on port 631 and is vulnerable to the four vulnerabilities allowi... - [Excessive payment failures from IP](def-000-zwj.md): Tactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacking](https://attack.mi... - [Process memory dumped using the minidump function of comsvcs.dll](def-000-zww.md): {% alert level="danger" %} - [Anomalous number of instances with high GPU created](def-000-zxh.md): {% alert level="danger" %} - [Install sudo Package](def-000-zy1.md): The`sudo`package can be installed with the following command: - [Verify User Who Owns /var/log/lastlog File](def-000-zya.md): To properly set the owner of`/var/log/lastlog`, run the command: - [>-](def-000-zyi.md): This control examines whether the default versions of IAM customer-managed policies permit principals to use AWS KMS ... - [Certutil used to transmit or decode a file](def-000-zyz.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [AWS IAM user can assume a role with administrative privileges cross-account](def-000-zz5.md): In AWS environments, some IAM permissions can lead to privilege escalation, where an identity can gain access to anot... - [Windows system environment variables modified](def-000-zza.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Windows known DLLs registry key modified](def-000-zzb.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Windows registry hives file paths key modified](def-000-zzc.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Winlogon registry key modified](def-000-zzd.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Windows shell folders registry key modified](def-000-zze.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1112-modify-... - [Set Password Minimum Age](def-000-zzj.md): To specify password minimum age for new accounts, edit the file`/etc/login.defs`and add or correct the following line: - [Instances should use instance-specific SSH keys instead of project-wide keys](def-000-zzm.md): Datadog recommends using instance-specific SSH key(s) instead of common or shared project-wide SSH key(s) to access i... - [Process memory dumped using the minidump functions of comsvcs.dll](def-000-zzz.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1003-os-cr... - [Multiple Jumpcloud push notifications denied](def-001-859.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [OneLogin brute force attack on user](def-001-88l.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Jumpcloud brute force attack on user](def-001-88v.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [>-](def-001-hec.md): A misconfigured Lambda execution role contains risky privileges. This Lambda function is also publicly accessible and... - [Login activity observed from Tor client IP](def-001-syp.md): {% alert level="danger" %} - [Okta application enumeration by user](def-002-801.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Multiple Cisco Duo push notifications denied](def-002-85v.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Cisco Duo application enumeration by user](def-002-87v.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [Cisco Duo brute force attack on user](def-002-88v.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Slack Brute force attack on user](def-002-otv.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Slack user logout due to suspicious activity](def-002-oxv.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Publicly accessible RDS database stores sensitive data](def-002-rds.md): A publicly accessible database containing sensitive data increases the likelihood of brute force attacks successfully... - [Publicly accessible S3 bucket stores sensitive data](def-002-s3d.md): A publicly accessible S3 bucket contains sensitive data. This could lead to data exfiltration or data leakage. Sensit... - [>-](def-002-s3s.md): A publicly accessible EC2 instance has a role that allows access to an S3 bucket containing sensitive data. This coul... - [Brute force attempt from suspicious IP by user email](def-003-6ty.md): {% alert level="danger" %} - [Slack malicious content detected in uploaded file](def-003-oxv.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1204-user-executio... - [Activity observed from malicious IP](def-003-syp.md): {% alert level="danger" %} - [Slack CLI login from suspicious IP address](def-004-oxv.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Activity observed to a malicious domain](def-005-syp.md): {% alert level="danger" %} - [Slack data export download](def-006-oxv.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Windows CobaltStrike service installations](def-007-b8k.md): {% alert level="danger" %} - [OneLogin API Token Created](def-008-4ba.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [SQL Databases should only allow ingress traffic from specific IP addresses](def-009-3d1.md): By default, the "Allow access to Azure Services" setting for SQL Databases is set to "NO", ensuring that no ingress i... - [Azure Bastion shareable link created](def-009-aa7.md): {% alert level="danger" %} - [Slack private channel converted to public](def-009-oxv.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [>-](def-00j-05d.md): By default, the TDE protector managed by Microsoft is enabled for a SQL server, but with customer-managed key support... - [The Kubernetes API server should only allow explicitly authorized requests](def-00k-2n6.md): The API server should not be configured to allow all requests. This mode should not be used on any production cluster. - [The etcd pod specification file should be owned by root](def-00k-3ig.md): The`/etc/kubernetes/manifests/etcd.yaml`file ownership should be set to`root:root`. The file controls various para... - [The kubelet.conf file should have permissions of 600 or more restrictive](def-00k-3nh.md): The kubelet.conf file should have permissions of`600`or more restrictive. The`kubelet.conf`file is the kubeconfig... - [Streaming connections should have timeouts enabled](def-00k-3qm.md): Timeouts on streaming connections should not be disabled. Setting idle timeouts ensures that you are protected agains... - [Kubelet should require HTTPS connections](def-00k-48p.md): Setup TLS connection on the Kubelets. - [The Kubernetes API server request timeout should not exceed 60 seconds](def-00k-4dk.md): The global request timeout for API server requests should not exceed 60 seconds. Setting the timeout limit above 60 s... - [The Kubernetes admission controller 'NodeRestriction' should be enabled](def-00k-4nb.md): The Node and Pod objects that a kubelet could modify should be limited. Using the [`NodeRestriction`](https://kuberne... - [>-](def-00k-4s3.md): A service account public key file should be explicitiy set for service accounts on the API server. By default, if no ... - [API server audit logs should be retained for at least 30 days](def-00k-5ep.md): The audit log's max age should be at least 30 days. Retaining logs for at least 30 days ensures that you can go back ... - [A Kubernetes audit policy should exist](def-00k-5j9.md): Kubernetes should audit the details of requests made to the API server. - [The API Server should require HTTPS connections](def-00k-5rj.md): TLS should be set up on the Kubernetes API server. API server communication contains sensitive parameters that should... - [Etcd pod specification file should have permissions of 600 or more restrictive](def-00k-5yf.md): The`/etc/kubernetes/manifests/etcd.yaml`file should have permissions of 600 or more restrictive. The file controls ... - [>-](def-00k-6k8.md): Automatically generated self-signed certificates for TLS connections between peers should not be used. Etcd is a high... - [The etcd data directory should have permissions of 700 or more restrictive](def-00k-7jy.md): The etcd data directory should have permissions of`700`or more restrictive. Etcd is a highly-available key-value st... - [The `admin.conf` file should have permissions of 600 or more restrictive](def-00k-7td.md): The`admin.conf`should have file permissions of`600`or more restrictive. The`admin.conf`file is the kubeconfig f... - [>-](def-00k-85e.md): A kubelet's certificate should be verified before establishing a connection. The connections from the API server to t... - [The controller manager pod specification file should be owned by root](def-00k-88z.md): The controller manager pod specification file ownership should be set to`root:root`. The controller manager pod spec... - [>-](def-00k-8n8.md): Ten or more log files should be retained on the API server. Kubernetes automatically rotates the log files. Retaining... - [Kubernetes API server profiling should be disabled](def-00k-8wy.md): Kubernetes API server profiling should be disabled if not required. Profiling allows for the identification of specif... - [The kubelet.conf file should be owned by root](def-00k-93s.md): The`kubelet.conf`file ownership should be set to`root:root`. The`kubelet.conf`file is the kubeconfig file for th... - [The controller manager should have a service account private key file set](def-00k-9y8.md): A service account private key file should be set for service accounts on the controller manager. To ensure that keys ... - [API server should have the anonymous-auth argument set to false](def-00k-a92.md): Anonymous requests to the kubelet server should be disabled. When enabled, requests that are not rejected by other co... - [>-](def-00k-akk.md): If kube-proxy is running, ensure that the file permissions of the kubeconfig file is set to`600`. The kube-proxy's k... - [The scheduler pod specification file ownership should be assigned to root](def-00k-anc.md): The scheduler pod specification file ownership should be set to`root:root`. The scheduler pod specification file con... - [Etcd should have client authentication enabled](def-00k-b6r.md): Client authentication should be enabled on the etcd service. You should enable the client authentication via valid ce... - [>-](def-00k-b7g.md): Service accounts should be validated before validating the token. If`--service-account-lookup`is not enabled, the A... - [The kubelet read-only port should be disabled](def-00k-b9s.md): The read-only port should be disabled. The Kubelet process provides a read-only API in addition to the main Kubelet A... - [The Kubernetes admission controller 'AlwaysAdmit' should be disabled](def-00k-ba7.md): The cluster should not allow all requests. The`AlwaysAdmit`admission controller plugin allows all requests and does... - [Etcd should have peer authentication configured](def-00k-bjy.md): Etcd should be configured for peer authentication. Etcd is a highly-available key value store used by Kubernetes depl... - [>-](def-00k-cje.md): Kubelet nodes should only read objects associated to them. The Node authorization mode only allows kubelets to read`... - [>-](def-00k-d87.md): The`controller-manager.conf`file should have permissions of`600`or more restrictive. The`controller-manager.conf... - [Pods should use `root-ca-file` to pass serving certificates to the API server](def-00k-dnt.md): Pods should be allowed to verify the API server's serving certificate before establishing connections. Processes runn... - [The kubelet configuration file should be owned by root](def-00k-duz.md): Ensure that if the kubelet refers to a configuration file with the`--config`argument, that file is owned by`root:r... - [The Kubernetes API server should use TLS certificate client authentication](def-00k-ehd.md): TLS connections should be enabled on the API server. The API server communication contains sensitive parameters that ... - [The kubelet client certificate rotation should be enabled](def-00k-eye.md): Kubelet client certificate rotation should be enabled. The`--rotate-certificates`setting tells the kubelet to rotat... - [Etcd key-value store should be encrypted at rest](def-00k-f9p.md): The etcd key-value store should be encrypted at rest. Etcd is a highly available key-value store used by Kubernetes d... - [Kubelets should be allowed to manage changes to the iptables](def-00k-fa2.md): Kubelet should be allowed to manage iptables. Kubelets can automatically manage the required changes to iptables base... - [The `controller-manager.conf` file should be owned by root](def-00k-g2y.md): The`controller-manager.conf`file ownership should be set to`root:root`. The`controller-manager.conf`file is the ... - [The kubelet server certificate rotation should be enabled](def-00k-g3c.md): Kubelet server certificate rotation should be enabled.`RotateKubeletServerCertificate`causes the kubelet to both re... - [>-](def-00k-g9s.md): Ensure that Kubernetes PKI certificate files have permissions of`600`or more restrictive. Kubernetes makes use of a... - [>-](def-00k-gbk.md): The API server pod specification file should have permissions of 600 or more restrictive. The API server pod specific... - [>-](def-00k-gm5.md): The scheduler pod specification file shoould have permissions of 600 or more restrictive. The scheduler pod specifica... - [The Controller Manager API service should be bound to localhost](def-00k-gnc.md): The Controller Manager service should not be bound to a non-loopback address. The Controller Manager API service whic... - [RBAC should be enabled for the Kubernetes API server](def-00k-gqk.md): Role Based Access Control (RBAC) should be enabled. RBAC allows fine-grained control over the operations that differe... - [Etcd should be configured with TLS encryption](def-00k-h6k.md): TLS encryption for the etcd service should be configured. - [Kubelet should use TLS certificate client authentication](def-00k-ifx.md): Kubelet authentication should use certificates. The connections from the API server to the kubelet are used for fetch... - [>-](def-00k-j67.md): The scheduler service should not be bound to non-loopback addresses. The Scheduler API service which runs on port 102... - [Certificate-based kubelet authentication should be required](def-00k-j6m.md): Certificate based kubelet authentication should be enabled. The API server, by default, does not authenticate itself ... - [Each controller should use individual service account credentials](def-00k-kyz.md): Each controller should use individual service account credentials. The controller manager creates a service account p... - [The kubelet service file should have permissions of 600 or more restrictive](def-00k-mfh.md): The kubelet service file should have permissions of`600`or more restrictive. The kubelet service file controls vari... - [Etcd should only allow the use of valid client certificates](def-00k-mp2.md): Self-signed certificates for TLS should not be used. Etcd is a highly-available key value store used by Kubernetes de... - [>-](def-00k-nnp.md): Ensure that if the kubelet refers to a configuration file with the`--config`argument, that file has permissions of ... - [The Kubernetes admission controller 'NamespaceLifecycle' should be enabled](def-00k-nvd.md): Reject creating objects in a namespace that is undergoing termination. Using the [`NamespaceLifecycle`](https://kuber... - [The client certificate authorities file should be owned by root](def-00k-ny3.md): The certificate authorities file ownership should be set to`root:root`. The certificate authorities file controls th... - [>-](def-00k-p6j.md): Token-based authentication should not be used. Token-based authentication uses static tokens to authenticate requests... - [Scheduler profiling should be disabled](def-00k-pb8.md): Profiling should be disabled. Profiling allows for the identification of specific performance bottlenecks, and genera... - [The scheduler configuration file should only be alterable by owners](def-00k-pvn.md): Ensure that the`scheduler.conf`file has permissions of`600`or more restrictive. This is the kubeconfig file for t... - [The scheduler configuration file ownership should be assigned to root](def-00k-qda.md): The`scheduler.conf`file ownership should be set to`root:root`. This is the kubeconfig file for the scheduler. You ... - [Kubelet should only allow explicitly authorized requests](def-00k-rha.md): Explicit authorization should be enabled. Kubelets, by default, allow all authenticated requests (even anonymous ones... - [The Kubernetes API server secure port should be enabled](def-00k-rpz.md): The secure port should not be disabled. The secure port is used to serve https with authentication and authorization.... - [Kube-proxy configuration file ownership should be assigned to root](def-00k-rvn.md): If kube-proxy is running, ensure that the file ownership of its kubeconfig file is set to`root:root`. The kube-proxy... - [>-](def-00k-s2z.md): Etcd should be configured to make use of TLS encryption for client connections. Etcd is a highly-available key value ... - [The Controller Manager profiling should be disabled](def-00k-sku.md): Controller manager profiling should be disabled if not required. Profiling allows for the identification of specific ... - [>-](def-00k-t3u.md): On the API server, the log file should be at least 100 MB in size prior to log rotation. Retaining old log files ensu... - [API server audit logs should be enabled](def-00k-t4e.md): Auditing should be enabled on the Kubernetes API Server. Auditing the Kubernetes API Server provides a security-relev... - [The kubelet service file should be owned by root](def-00k-tcd.md): The kubelet service file ownership should be set to`root:root`. The kubelet service file controls various parameters... - [Etcd should use TLS encryption for peer connections](def-00k-uih.md): Etcd should be configured to make use of TLS encryption for peer connections. Etcd is a highly-available key value st... - [>-](def-00k-ur6.md): Etcd should be configured to make use of TLS encryption for client connections. Etcd is a highly-available key value ... - [The `admin.conf` file should be owned by root](def-00k-uta.md): Ensure that the`admin.conf`file ownership is set to`root:root`. This file contains the admin credentials for the c... - [>-](def-00k-vae.md): The certificate authorities file should have permissions of 600 or more restrictive. The certificate authorities file... - [>-](def-00k-w4j.md): Kubelet server certificate rotation should be enabled on the controller manager. This causes the kubelet to request a... - [The etcd data directory should be owned by the etcd user and group](def-00k-x2e.md): The etcd data directory ownership should be set to`etcd:etcd`. Etcd is a highly-available key-value store used by Ku... - [>-](def-00k-xvx.md): The controller manager pod specification file should have permissions of 600 or more restrictive. The controller mana... - [Service accounts management should be automated](def-00k-zx9.md): When you create a pod, if you do not specify a service account, it is automatically assigned the default service acco... - [The Kubernetes PKI directories should be owned by root](def-00k-zzf.md): Ensure that the Kubernetes PKI directories and subsequent certificate files are owned by`root:root`. Kubernetes make... - [DefaultHttpClient with default constructor is not secure](default-http-client-def-cons.md): {% callout %} - [Default label should be last in a switch](default-label-not-last-in-switch.md): {% callout %} - [Avoid default parameters before normal parameters](default-param-last.md): {% callout %} - [Enforce overriding default config](default-session-config.md): {% callout %} - [Default Azure storage account network access is too permissive](default-azure-storage-account-network-access-is-too-permissive.md): {% callout %} - [Default KMS key usage](default-kms-key-usage.md): {% callout %} - [OOTB Rules](default-rules.md): Datadog provides out-of-the-box (OOTB) [detection rules](https://docs.datadoghq.com/security/detection_rules/) to fla... - [Default security groups with unrestricted traffic](default-security-groups-with-unrestricted-traffic.md): {% callout %} - [Default service account in use](default-service-account-in-use.md): {% callout %} - [Default VPC exists](default-vpc-exists.md): {% callout %} - [Do not defer Lock](defer-lock.md): {% callout %} - [How do I delete my account?](delete-account.md): You can delete your Cloudcraft account from inside the Cloudcraft application or by contacting their support team. - [Deployment Gates](deployment-gates.md): Manage Deployment Gates using this API to reduce the likelihood and impact of incidents caused by deployments. See th... - [Deployment Gates](deployment-gates-2.md): {% callout %} - [Deployment without podAntiAffinity](deployment-has-no-pod-anti-affinity.md): {% callout %} - [Deploying Agentless Scanning](deployment-methods.md): {% callout %} - [Deployment Tracking](deployment-tracking.md): The`version`tag is reserved within Unified Service Tagging. It's applied to infrastructure metrics (host, container... - [Deployment without PodDisruptionBudget](deployment-without-pod-disruption-budget.md): {% callout %} - [CD Visibility in Datadog](deployments.md): {% callout %} - [Describe an Incident](describe.md): No matter where you [declare an incident](https://docs.datadoghq.com/incident_response/incident_management/declare), ... - [avoid unsafe function to (de)serialize data](deserialize-untrusted-data.md): {% callout %} - [Avoid calls to 'buffer' with 'noAssert' flag set](detect-buffer-noassert.md): {% callout %} - [Avoid instances of 'child_process' and non-literal 'exec()](detect-child-process.md): {% callout %} - [Avoid `eval` with expressions](detect-eval-with-expression.md): {% callout %} - [Avoid Buffer(argument) with non-literal values](detect-new-buffer.md): {% callout %} - [Avoid variables in 'fs' calls filename argument](detect-non-literal-fs-filename.md): {% callout %} - [Detects non-literal values in regular expressions](detect-non-literal-regexp.md): {% callout %} - [Avoid require with non-literal values](detect-non-literal-require.md): {% callout %} - [Detect and Monitor](detect-and-monitor.md): Monitor your Datadog telemetry and use out-of-the-box detection rules or create custom rules to detect threats. When ... - [Detection Rules](detection-rules.md): Available for: - [Developer Tool Integrations](dev-tool-int.md): {% callout %} - [Developers](developers.md): The Developers section contains reference materials for developing on Datadog. You may want to develop on Datadog if ... - [Getting Started with Infrastructure DevSecOps](devsecops.md): This guide introduces the Infrastructure Monitoring DevSecOps bundles, with links to setup instructions to help you i... - [Impossible Travel Auth0 login](dex-13e-z6w.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [AWS GuardDuty threat intel set deleted](dhz-27i-ani.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Check language of DiagnosticAnalyzer](diagnostic-analyzer-language.md): {% callout %} - [How many diagrams can I have on my account?](diagram-limitation.md): There is no limit to the number of diagrams you can have in your account — even in the **Free** tier. - [Diagram Multiple Cloud Accounts](diagram-multiple-cloud-accounts.md): Cloudcraft is a tool designed to help visualize and plan cloud architecture in a seamless and efficient manner. This ... - [Jumpcloud policy modified](dil-xy4-9ag.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1484-domain-or-t... - [Direct Connect Connection Component](direct-connect-connection.md): Use the Direct Connect Connection component to visualize connections between your internal network and an AWS Direct ... - [Directory service Microsoft AD password set to plaintext or default ref](directory-service-microsoft-ad-password-set-to-plaintext-or-default-ref.md): {% callout %} - [Directory service simple AD password exposed](directory-service-simple-ad-password-exposed.md): {% callout %} - [Can you disable 2FA on my account?](disable-2fa.md): Yes, we can. If you no longer have access to your device or recovery code, [send an email to our support team](mailto... - [How do I disable Google Sign in?](disable-google-sign-in.md): To unlink your Google account from your Cloudcraft account, contact [the support team](https://app.cloudcraft.co/supp... - [Request validation should not be disabled](disable-request-validation.md): {% callout %} - [Do not use text() as it leads to SQL injection](disable-sqlalchemy-text.md): {% callout %} - [Avoid unnecessary disjunctive assignments in constructor](disjunctive-assign-in-const.md): {% callout %} - [Disk encryption disabled](disk-encryption-disabled.md): {% callout %} - [Classes with Dispose() should implement IDisposable](disposable-interface.md): {% callout %} - [Dispose objects at most once](dispose-objects-once.md): {% callout %} - [Distribution Widget](distribution.md): The Distribution visualization shows data aggregated across one or several tags, such as *hosts*. Unlike the [heatmap... - [Kubernetes distributions](distributions.md): This section aims to document specifics and to provide good base configuration for all major Kubernetes distributions... - [Logs for API server audits should be retained for 30 days](djt-49a-5ep.md): Classification:complianceFramework:cis-kubernetesControl:1.2.23 - [AWS CloudWatch rule disabled or deleted](dkk-6z8-rmg.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [DMS endpoint MongoDB settings password exposed](dms-endpoint-mongo-db-settings-password-exposed.md): {% callout %} - [DMS endpoints without SSL](dms-endpoint-no-ssl-configured.md): {% callout %} - [DMS endpoint password exposed](dms-endpoint-password-exposed.md): {% callout %} - [Always use -y with dnf install](dnf-use-y.md): {% callout %} - [Beta - Nifcloud DNS has verified record](dns-has-verified-record.md): {% callout %} - [DNSSEC using RSASHA1](dnssec-using-rsasha1.md): {% callout %} - [Binding to 0.0.0.0 opens up the application to all traffic](do-not-bind-all-interfaces.md): {% callout %} - [No value is equal to NaN](do-not-compare-nan.md): {% callout %} - [Ensures that a ThreadStatic field is not initialized](do-not-initialize-threadstatic.md): {% callout %} - [Do not rethrow exception](do-not-rethrow.md): {% callout %} - [DocumentDB cluster encrypted with AWS managed key](docdb-cluster-encrypted-with-aws-managed-key.md): {% callout %} - [DocDB cluster master password in plaintext](docdb-cluster-master-password-in-plaintext.md): {% callout %} - [DocumentDB cluster not encrypted](docdb-cluster-not-encrypted.md): {% callout %} - [DocumentDB cluster without KMS](docdb-cluster-without-kms.md): {% callout %} - [DocDB logging is disabled](docdb-logging-disabled.md): {% callout %} - [Docker Deprecation in Kubernetes](docker-deprecation.md): Kubernetes is deprecating Docker as a runtime starting after version 1.20, and some cloud providers have deprecated D... - [Single Step APM Instrumentation on Docker](docker.md): In a Docker Linux container, use Single Step Instrumentation (SSI) for APM to install the Datadog Agent and [instrume... - [Docker daemon socket is exposed to containers](docker-daemon-socket-is-exposed-to-containers.md): {% callout %} - [Building your Go application for App and API Protection](dockerfile.md): {% callout %} - [DocumentDB Component](documentdb.md): Use the DocumentDB component to represent DocumentDB clusters from your Amazon Web Services architecture. - [Dogshell](dogshell.md): You can use the Datadog API on the command line using a wrapper called Dogshell. - [DogStatsD](dogstatsd.md): The easiest way to get your custom application metrics into Datadog is to send them to DogStatsD, a metrics aggregati... - [DogStatsD Mapper](dogstatsd-mapper.md): With Agent v7.17+, the DogStatsD Mapper feature allows you to convert parts of a metric name submitted to DogStatsD t... - [Service Checks Submission: DogStatsD](dogstatsd-service-checks-submission.md): While StatsD accepts only metrics, DogStatsD accepts all three of the major Datadog data types: metrics, events, and ... - [Dogwrap](dogwrap.md): The Dogwrap command line tool allows you to call commands and generate events from their results. In order to use Dog... - [Domain Allowlist](domain-allowlist.md): Configure your Datadog Email Domain Allowlist directly through the Datadog API. The Email Domain Allowlist controls t... - [Domain Allowlist](domain-allowlist-2.md): {% callout %} - [Domain Allowlist API](domain-allowlist-api.md): {% callout %} - [DORA Metrics](dora-metrics.md): Search, send, or delete events for DORA Metrics to measure and improve your software delivery performance. See the [D... - [DORA Metrics](dora-metrics-2.md): {% callout %} - [Tracing .NET Core Applications](dotnet-core.md): The .NET Tracer supports instrumentation on .NET Core 3.1, .NET 5, .NET 6, .NET 7, .NET 8, .NET 9, and .NET 10. - [Tracing .NET Framework Applications](dotnet-framework.md): The .NET Tracer supports instrumentation on .NET Framework >= 4.6.1. - [.NET OpenTracing Instrumentation](dotnet.md): {% alert level="info" %} - [Using the .NET diagnostic tool for troubleshooting](dotnet-diagnostic-tool.md): If your application does not produce traces as expected after installing the .NET tracer, run the diagnostic tool`dd... - [Use double colons only to reference constants](double-colon-method-calls.md): {% callout %} - [Enforce spacing around double colons](double-colon-spacing.md): {% callout %} - [Downtimes](downtimes.md): [Downtiming](https://docs.datadoghq.com/monitors/notify/downtimes) gives you greater control over monitor notificatio... - [Google Cloud GCE instance startup script added or modified](dry-uqc-aui.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [SQS queue should not be accessible over the public internet](dsk-1y0-pv3.md): Update Amazon Simple Queue Service (SQS) queue permissions. - [Dual Shipping](dual-shipping.md): {% alert level="warning" %} - [Verify that duplicate imports are necessary](duplicate-imports.md): {% callout %} - [Duplicate hosts with Kubernetes on AWS (EC2 or EKS)](duplicate-hosts.md): If you are running the Datadog Agent in a Kubernetes environment on AWS (fully self-managed on EC2, or using EKS) you... - [Don't put time units in Duration variables](duration-variable-names.md): {% callout %} - [Credentials file modified](dvz-4x3-3ws.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1003-os-cr... - [Check type of interface with DynamicInterfaceCastable](dynamic-interface-castable.md): {% callout %} - [Dynamic Instrumentation](dynamic-instrumentation.md): {% callout %} - [DynamoDB Component](dynamodb.md): Use the DynamoDB component to represent and visualize NoSQL, serverless, managed databases in your Amazon Web Service... - [DynamoDB table not encrypted](dynamodb-table-not-encrypted.md): {% callout %} - [DynamoDB table point-in-time recovery disabled](dynamodb-table-point-in-time-recovery-disabled.md): {% callout %} - [Dynamodb VPC endpoint without route table association](dynamodb-vpc-endpoint-without-route-table-association.md): {% callout %} - [DynamoDB with AWS-owned CMK](dynamodb-with-aws-owned-cmk.md): {% callout %} - [DynamoDB with non-recommended table billing mode](dynamodb-with-table-billing-mode-not-recommended.md): {% callout %} - [Anomalous amount of Salesforce records deleted](e07-736-rty.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [>-](e4p-3af-0w3.md): Create an activity log alert for the Delete Policy Assignment event. - [SSH authorized keys modified](e59-lrj-bki.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1098-account... - [SNS Topic should have access restrictions set for subscription](e6r-fkw-pih.md): Update your Amazon Simple Notification Service (SNS) topic [resource-based policy](https://docs.aws.amazon.com/IAM/la... - [Google Cloud logging sink modified](e74-752-b34.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [User ran a command on Azure Compute](e7n-akg-cid.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1651-cloud-adminis... - [>-](eaf-ywf-nnp.md): Classification:complianceFramework:cis-kubernetesControl:4.1.9 - [Logging and Audits should be configured for Load Balancers](eag-4ke-cj4.md): Set up logging for your AWS Elastic Load Balancers (ELBs) to identify security issues. - [PodSecurityPolicy should be enabled to reject non-compliant pod creations](ebm-wei-9zr.md): Classification:complianceFramework:cis-kubernetesControl:1.2.16 - [Threat Detection for Linux Without eBPF Support](ebpf-free-agent.md): This guide describes how to set up the Workload Protection eBPF-less solution for eBPF disabled environments, such as... - [EBS Component](ebs.md): Use the EBS component to represent EBS volumes from your Amazon Web Services architecture. - [EBS default encryption disabled](ebs-default-encryption-disabled.md): {% callout %} - [EBS volume encryption disabled](ebs-volume-encryption-disabled.md): {% callout %} - [EBS volume not attached to instances](ebs-volume-not-attached-to-instances.md): {% callout %} - [EBS volume snapshot not encrypted](ebs-volume-snapshot-not-encrypted.md): {% callout %} - [EBS volume without KmsKeyId](ebs-volume-without-kms-key-id.md): {% callout %} - [EC2 Component](ec2.md): Use the EC2 component to represent elastic compute instances from your Amazon Web Services architecture. - [EC2 instance has no IAM role](ec2-instance-has-no-iam-role.md): {% callout %} - [EC2 instance has public IP](ec2-instance-has-public-ip.md): {% callout %} - [EC2 instance monitoring disabled](ec2-instance-monitoring-disabled.md): {% callout %} - [EC2 instance subnet has public IP mapping on launch](ec2-instance-subnet-has-public-ip-mapping-on-launch.md): {% callout %} - [EC2 instance using API keys](ec2-instance-using-api-keys.md): {% callout %} - [EC2 instance using default security group](ec2-instance-using-default-security-group.md): {% callout %} - [EC2 instance using default VPC](ec2-instance-using-default-vpc.md): {% callout %} - [EC2 network ACL duplicate rule](ec2-network-acl-duplicate-rule.md): {% callout %} - [EC2 Network ACL Deny rule not blocking all traffic](ec2-network-acl-ineffective-denied-traffic.md): {% callout %} - [EC2 network ACL overlapping ports](ec2-network-acl-overlapping-ports.md): {% callout %} - [EC2 not EBS optimized](ec2-not-ebs-optimized.md): {% callout %} - [EC2 permissive network ACL protocols](ec2-permissive-network-acl-protocols.md): {% callout %} - [EC2 public instance exposed through subnet](ec2-public-instance-exposed-through-subnet.md): {% callout %} - [EC2 sensitive port is publicly exposed](ec2-sensitive-port-is-publicly-exposed.md): {% callout %} - [Inbound PostgreSQL access should be restricted](ec3-a74-f89.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [ECR Repository Component](ecr-repository.md): Use the ECR Repository component to visualize container repositories from your Amazon Web Services architecture. - [ECR image tag not immutable](ecr-image-tag-not-immutable.md): {% callout %} - [ECR repository is publicly accessible](ecr-repository-is-publicly-accessible.md): {% callout %} - [ECR repository not encrypted with CMK](ecr-repository-not-encrypted.md): {% callout %} - [ECR repository without policy](ecr-repository-without-policy.md): {% callout %} - [ECS Cluster Component](ecs-cluster.md): Use the ECS Cluster component to visualize Amazon ECS clusters from your Amazon Web Services architecture. - [ECS Service Component](ecs-service.md): Use the ECS Service component to visualize Amazon ECS services from your Amazon Web Services architecture. - [ECS Task Component](ecs-task.md): Use the ECS Task component to visualize Amazon ECS tasks from your Amazon Web Services architecture. - [ECS cluster with Container Insights disabled](ecs-cluster-container-insights-disabled.md): {% callout %} - [ECS cluster not encrypted at rest](ecs-cluster-not-encrypted-at-rest.md): {% callout %} - [ECS data disk KMS key ID undefined](ecs-data-disk-kms-key-id-undefined.md): {% callout %} - [Setting up Cloud Security on ECS EC2](ecs-ec2.md): Use the following instructions to enable Misconfigurations and Vulnerability Management. - [ECS no load balancer attached](ecs-no-load-balancer-attached.md): {% callout %} - [ECS service admin role is present](ecs-service-admin-role-is-present.md): {% callout %} - [ECS service without running tasks](ecs-service-without-running-tasks.md): {% callout %} - [ECS task definition health check missing](ecs-task-definition-healthcheck-missing.md): {% callout %} - [ECS task definition invalid CPU or memory](ecs-task-definition-invalid-cpu-or-memory.md): {% callout %} - [ECS task definition network mode not recommended](ecs-task-definition-network-mode-not-recommended.md): {% callout %} - [ECS task definition volume not encrypted](ecs-task-definition-volume-not-encrypted.md): {% callout %} - [Credential added to Azure AD application](edj-z5a-yvu.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Etcd key-value store should be encrypted at rest](edx-dra-f9p.md): Classification:complianceFramework:cis-kubernetesControl:1.2.33 - [AWS EBS default encryption disabled](ee2-dc1-3c1.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Inbound MySQL access should be restricted](ee4-c22-1b4.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [Access keys granting 'root' should be removed](ee4-ngx-bwr.md): The root account is the most privileged user in an AWS account, and AWS Access Keys provide programmatic access to th... - [EFS Component](efs.md): Use the EFS block component to represent elastic file systems from your Amazon Web Services architecture. - [EFS not encrypted](efs-not-encrypted.md): {% callout %} - [EFS volume with disabled transit encryption](efs-volume-with-disabled-transit-encryption.md): {% callout %} - [EFS with vulnerable policy](efs-with-vulnerable-policy.md): {% callout %} - [EFS without KMS](efs-without-kms.md): {% callout %} - [EFS without tags](efs-without-tags.md): {% callout %} - [DNS lookup for IP lookup service](eix-qdn-n68.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1016-system-networ... - [EKS Cluster Component](eks-cluster.md): {% alert level="info" %} - [EKS Pod Component](eks-pod.md): {% alert level="info" %} - [EKS Workload Component](eks-workload.md): {% alert level="info" %} - [EKS cluster encryption disabled](eks-cluster-encryption-disabled.md): {% callout %} - [EKS cluster has public access](eks-cluster-has-public-access.md): {% callout %} - [EKS cluster has public access CIDRs](eks-cluster-has-public-access-cidrs.md): {% callout %} - [EKS cluster logging is not enabled](eks-cluster-log-disabled.md): {% callout %} - [EKS node group remote access](eks-node-group-remote-access.md): {% callout %} - [EKS node group remote access disabled](eks-node-group-remote-access-disabled.md): {% callout %} - [ElastiCache Component](elasticache.md): Use the ElastiCache component to represent in-memory cache or data stores from your Amazon Web Services architecture. - [ElastiCache nodes not created across multi-AZ](elasticache-nodes-not-created-across-multi-az.md): {% callout %} - [ElastiCache Redis cluster without backup](elasticache-redis-cluster-without-backup.md): {% callout %} - [ElastiCache replication group not encrypted at rest](elasticache-replication-group-not-encrypted-at-rest.md): {% callout %} - [ElastiCache replication group not encrypted at transit](elasticache-replication-group-not-encrypted-at-transit.md): {% callout %} - [ElastiCache using default port](elasticache-using-default-port.md): {% callout %} - [ElastiCache with disabled at-rest encryption](elasticache-with-disabled-at-rest-encryption.md): {% callout %} - [ElastiCache with disabled transit encryption](elasticache-with-disabled-transit-encryption.md): {% callout %} - [ElastiCache without VPC](elasticache-without-vpc.md): {% callout %} - [Elasticsearch Component](elasticsearch.md): Use the Elasticsearch component to represent Elasticsearch clusters from your Amazon Web Services architecture. - [Elasticsearch encryption with KMS disabled](elasticsearch-domain-encryption-with-kms-disabled.md): {% callout %} - [Elasticsearch domain not encrypted node to node](elasticsearch-domain-not-encrypted-node-to-node.md): {% callout %} - [Elasticsearch domain with vulnerable policy](elasticsearch-domain-with-vulnerable-policy.md): {% callout %} - [Elasticsearch encryption with KMS disabled](elasticsearch-encryption-with-kms-is-disabled.md): {% callout %} - [Elasticsearch logs disabled](elasticsearch-logs-disabled.md): {% callout %} - [Fine-grained access control disabled for OpenSearch/Elasticsearch](elasticsearch-no-finegrain-access-control.md): {% callout %} - [Elasticsearch not encrypted at rest](elasticsearch-not-encrypted-at-rest.md): {% callout %} - [Elasticsearch uses default security group](elasticsearch-using-default-security-group.md): {% callout %} - [Elasticsearch with HTTPS disabled](elasticsearch-with-https-disabled.md): {% callout %} - [Elasticsearch without IAM authentication](elasticsearch-without-iam-authentication.md): {% callout %} - [Elasticsearch without slow logs](elasticsearch-without-slow-logs.md): {% callout %} - [ELB access log disabled](elb-access-log-disabled.md): {% callout %} - [ELB access log disabled](elb-access-logging-disabled.md): {% callout %} - [Beta - Nifcloud ELB has common private network](elb-has-common-private.md): {% callout %} - [Beta - Nifcloud ELB listener use HTTP protocol](elb-listener-use-http.md): {% callout %} - [ELB sensitive port is exposed to entire network](elb-sensitive-port-is-exposed-to-entire-network.md): {% callout %} - [Beta - Nifcloud ELB use HTTP protocol](elb-use-http.md): {% callout %} - [ELB using insecure protocols](elb-using-insecure-protocols.md): {% callout %} - [ELB using weak ciphers](elb-using-weak-ciphers.md): {% callout %} - [ELBv2 ALB access log disabled](elb-v2-alb-access-log-disabled.md): {% callout %} - [ELB with security group without inbound rules](elb-with-security-group-without-inbound-rules.md): {% callout %} - [ELB with security group without outbound rules](elb-with-security-group-without-outbound-rules.md): {% callout %} - [ELB without secure protocol](elb-without-secure-protocol.md): {% callout %} - [Custom Instrumentation for Elixir](elixir.md): Datadog supports custom instrumentation for Elixir applications when you use the [OpenTelemetry SDK](https://opentele... - [Azure disk export URI created](em5-2ya-8se.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1074-data-staged]... - [Events with email](email.md): {% callout %} - [Email alerts disabled](email-alerts-disabled.md): {% callout %} - [Embeddable Graphs with Template Variables](embeddable-graphs-with-template-variables.md): Embeddable graphs created with the API accept template variables. Below is an example utilizing Python to query`avg:... - [Embeddable Graphs](embeddable-graphs.md): Manage embeddable graphs through the API. See [Embeddable Graphs with Template Variables](https://docs.datadoghq.com/... - [Embedded Apps](embedded-apps.md): {% callout %} - [Embedding Cloudcraft Diagrams with the Confluence App](embedding-cloudcraft-diagrams-confluence.md): In this article, we'll walk you through the process of seamlessly integrating your current Cloudcraft diagrams into a... - [Empty roles for ECS cluster task definitions](empty-roles-for-ecs-cluster-task-definitions.md): {% callout %} - [Enable Data Observability: Jobs Monitoring for Spark on Amazon EMR](emr.md): [Data Observability: Jobs Monitoring](https://docs.datadoghq.com/data_jobs) gives visibility into the performance and... - [EMR cluster without security configuration](emr-cluster-without-security-configuration.md): {% callout %} - [EMR security configuration encryption disabled](emr-security-configuration-encryptions-enabled.md): {% callout %} - [EMR without VPC](emr-wihout-vpc.md): {% callout %} - [EMR without VPC](emr-without-vpc.md): {% callout %} - [Enable SSO with Azure AD](enable-sso-with-azure-ad.md): Enabling Single Sign-On (SSO) with Azure AD as your identity provider allows you to simplify authentication and login... - [Enable SSO with a Generic Identity Provider](enable-sso-with-generic-idp.md): Enabling Single Sign-On (SSO) in Cloudcraft allows you to simplify authentication and login access to Cloudcraft. - [Enable SSO with Okta](enable-sso-with-okta.md): Enabling Single Sign-On (SSO) with Okta as your identity provider allows you to simplify authentication and login acc... - [Enable SSO](enable-sso.md): Enabling Single Sign-On (SSO) for your account allows you to simplify authentication and login access to Cloudcraft. - [Enabling Agentless Scanning](enable.md): {% callout %} - [Enable APM](enable-apm.md): [Datadog Application Performance Monitoring (APM)](https://docs.datadoghq.com/tracing) provides deep visibility into ... - [Enable Infrastructure Monitoring](enable-infra.md): [Infrastructure monitoring](https://docs.datadoghq.com/infrastructure) includes core Datadog features that visualize,... - [Enabling Dynamic Instrumentation](enabling.md): {% callout %} - [Encryption on managed disk disabled](encryption-on-managed-disk-disabled.md): {% callout %} - [Encryption provider config is not defined](encryption-provider-config-is-not-defined.md): {% callout %} - [Encryption provider not properly configured](encryption-provider-not-properly-configured.md): {% callout %} - [End User Device Monitoring](end-user-device-monitoring.md): {% callout %} - [Endpoint Checks with Autodiscovery](endpointschecks.md): The cluster check feature provides the ability to [Autodiscover](https://docs.datadoghq.com/containers/kubernetes/int... - [Enforce secure TLS version](enforce-secure-tls.md): {% callout %} - [Avoid using deprecated HTTP clients](ensure-modern-httpclient.md): {% callout %} - [Ensure no sensitive information is being logged](ensure-secure-logging.md): {% callout %} - [Ensure network sockets use SSL/TLS encryption](ensure-secure-socket.md): {% callout %} - [Enforce correct TSelf parameter usage](ensure-self-type-parameter.md): {% callout %} - [Cryptographic key generation must use strong key sizes](ensure-strong-keysizes.md): {% callout %} - [Ensure administrative boundaries between resources](ensure-administrative-boundaries-between-resources.md): {% callout %} - [Enterprise Configuration](enterprise-configuration.md): The Datadog Mobile App is fully compatible with [AppConfig](https://www.appconfig.org/) and the Mobile Device Managem... - [Risk Insights](entities-and-risk-scoring.md): [Cloud SIEM's Risk Insights](https://app.datadoghq.com/security/siem/risk-insights) consolidates multiple data source... - [Entity Risk Scores](entity-risk-scores.md): Retrieves security risk scores for entities in your organization. - [Microsoft Entra ID SAML IdP](entra.md): Follow the [Microsoft Entra single sign-on (SSO) integration with Datadog](https://learn.microsoft.com/en-us/entra/id... - [Kotlin enum entries must follow naming conventions](enum-entry-naming.md): {% callout %} - [Enums should be a single line or one entry per line.](enum-wrapping.md): {% callout %} - [Prefer using hash syntax for enums](enums.md): {% callout %} - [Do not refer to an environment variable within the same ENV](env-no-refer-envvar.md): {% callout %} - [Agent Environment Variables](environment-variables.md): {% alert level="danger" %} - [Testing Local and Staging Environments](environments.md): In the context of [testing within a CI/CD pipeline, also known as shift-left testing](https://www.datadoghq.com/blog/... - [Envoy Gateway Compatibility Requirements](envoy-gateway.md): {% callout %} - [Instrumenting Envoy](envoy.md): Datadog APM is included in Envoy v1.9.0 and newer. - [Do not use eql? for strings](eql-string.md): {% callout %} - [check equal is used on consistent basic types](equal-basic-types.md): {% callout %} - [Do not use append for assignment](equivalent-append.md): {% callout %} - [>-](er3-o3f-31e.md): Create an Activity Log Alert for the Create or Update Network Security Group event. - [Errors should be named errFoo or ErrFoo](err-prefixed-with-err.md): {% callout %} - [Why do I get a 429 Too Many Requests error when using the API?](error-429-too-many-requests.md): The [Cloudcraft API](https://developers.cloudcraft.co/) returns an`HTTP 429 Too Many Requests`response when you tri... - [Avoid leaking data to a logger](error-leakage.md): {% callout %} - [Error Tracking](error-tracking.md): View and manage issues within Error Tracking. See the [Error Tracking page](https://docs.datadoghq.com/error_tracking... - [Error Grouping](error-grouping.md): Error Tracking intelligently groups similar errors into issues. This grouping is based on the following error propert... - [Error Tracking](error-tracking-2.md): {% image - [Use fmt.Errorf instead of errors.New with fmt.Sprintf](errors-new-errorf.md): {% callout %} - [Escalation Policies](escalation-policies.md): {% callout %} - [etcd client certificate authentication set to false](etcd-client-certificate-authentication-set-to-false.md): {% callout %} - [etcd client certificate file not defined](etcd-client-certificate-file-not-defined.md): {% callout %} - [etcd peer client certificate authentication set to false](etcd-peer-client-certificate-authentication-set-to-false.md): {% callout %} - [etcd peer TLS certificate files not properly set](etcd-peer-tls-certificate-files-not-properly-set.md): {% callout %} - [etcd TLS certificate files not properly set](etcd-tls-certificate-files-not-properly-set.md): {% callout %} - [etcd TLS certificate not properly configured](etcd-tls-certificate-not-properly-configured.md): {% callout %} - [Check origin of events](event-check-origin.md): {% callout %} - [Event rate limit admission control plugin not set](event-rate-limit-admission-control-plugin-not-set.md): {% callout %} - [EventBridge Bus Component](eventbridge-bus.md): Use the EventBridge Bus component to represent serverless event buses from your Amazon Web Services architecture. - [Event Management](events.md): {% image - [RBAC should be enabled for the API server](exa-yvv-gqk.md): Classification:complianceFramework:cis-kubernetesControl:1.2.9 - [Setting Up Database Monitoring for Oracle Exadata](exadata.md): Database Monitoring provides deep visibility into your Oracle databases by exposing query samples to profile your dif... - [Separate the exception class and the message](exception-class-message-separate.md): {% callout %} - [When inheriting exception, implement all constructors](exception-constructors.md): {% callout %} - [ensure exception inherit a base exception](exception-inherit.md): {% callout %} - [Exceptions must be thrown](exception-must-be-thrown.md): {% callout %} - [Exception Replay in Error Tracking](exception-replay.md): {% callout %} - [Exceptions should be made public](exceptions-public.md): {% callout %} - [Exclusion](exclusion.md): | Function | Description | Example ... - [Configure IaC Security Exclusions](exclusions.md): {% callout %} - [Amazon Machine Image (AMI) should not be publicly shared](exe-9ow-gwv.md): Identify publicly accessible Amazon Machine Images (AMIs). - [Use &&= to check if a variable may exist](existence-check-shorthand.md): {% callout %} - [Methods should explicitly declare their visibility](explicit-method-visibility.md): {% callout %} - [Exploit Prevention](exploit-prevention.md): {% callout %} - [Explore Deployment Gates](explore.md): {% callout %} - [Error Tracking Explorer](explorer.md): {% image - [Expo Crash Reporting and Error Tracking](expo.md): Enable Expo Crash Reporting and Error Tracking to get comprehensive crash reports and error trends for your Expo mobi... - [Export Pipeline Executions](export.md): {% callout %} - [Export Misconfigurations](export-misconfigurations.md): To export the list of misconfigurations from the [Misconfigurations explorer](https://app.datadoghq.com/security/comp... - [Prevent export of sensitive data](exportable-keychain.md): {% callout %} - [Do not expose sensitive ports](expose-admin-ports.md): {% callout %} - [Expose a valid UNIX port number](expose-valid-port.md): {% callout %} - [Dynamic Instrumentation Expression Language](expression-language.md): {% callout %} - [JavaScript Expressions](expressions.md): {% callout %} - [Can you extend my Cloudcraft Pro trial?](extend-cloudcraft-trial.md): Yes, in most cases, we can! [Get in touch with our support team](https://app.cloudcraft.co/support) and they can arra... - [Avoid unnecessary object extend](extends-object.md): {% callout %} - [Enforce extension function spacing](extension-function-spacing.md): {% callout %} - [Avoid using unsanitized user input with sendFile](external-filename-upload.md): {% callout %} - [Avoid rendering resource based on unsanitized user input](external-resource.md): {% callout %} - [Do not call extract on untrusted user data](extract-untrusted-data.md): {% callout %} - [Windows user added to Domain Admin group](f31-2il-7kq.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Google Cloud Pub/Sub topic deleted](f68-e1e-db8.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [AWS VPC created or modified](f6b-3b4-aef.md): Classification:complianceTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruc... - [An AWS account attempted to leave the AWS Organization](f70-oqy-yer.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Azure Policy Assignment Created](f72-zu8-tjj.md): Classification:complianceTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account... - [AWS EBS Snapshot Made Public](f7b-f88-363.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1530-data-from-cl... - [Deployment Execution Facets](facets.md): {% callout %} - [FAQ](faq.md): - [What AWS components are supported?](https://docs.datadoghq.com/cloudcraft/faq/supported-aws-components) - [Setup App and API Protection on AWS Fargate](fargate.md): {% callout %} - [Fastly Integration](fastly-integration.md): Manage your Datadog Fastly integration accounts and services directly through the Datadog API. See the [Fastly integr... - [Automatic Faulty Cloud & SaaS API Detection](faulty-cloud-saas-api-detection.md): {% callout %} - [Automatic Faulty Deployment Detection](faulty-deployment-detection.md): Automatic Faulty Deployment Detection finds faulty code deployments within minutes, reducing mean time to detection (... - [Etcd should use TLS encryption for peer connections](faw-pq4-uih.md): Classification:complianceFramework:cis-kubernetesControl:2.4 - [Application Load Balancers should have Access logging enabled](fby-542-vkr.md): Enable Access Logging for your Amazon Application Load Balancers (ALBs). - [SNS topic should not be accessible over the public internet](fcc-nsq-vkn.md): Update your Amazon Simple Notification Service (SNS) topic permissions. - [Inbound HTTPS access should be restricted](fd1-858-74f.md): Reduce the probability of a breach by checking [EC2 security groups](https://docs.aws.amazon.com/vpc/latest/userguide... - [AWS Route Table created or modified](fd3-1aa-d7d.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Feature Flags MCP Server](feature-flag-mcp-server.md): {% callout %} - [Feature Flags](feature-flags.md): {% callout %} - [Supported Features](features.md): {% callout %} - [Use helper functions to read files](file-read.md): {% callout %} - [File share Component](file-share.md): You can use the File Share component to represent and visualize file storage services from your Azure environment. - [do not let all users write permissions](file-write-others.md): {% callout %} - [Use helper functions to write files](file-write.md): {% callout %} - [Do not give write access to others](files-permissions.md): {% callout %} - [Enforce final newline](final-newline.md): {% callout %} - [Avoid useless final type in interface method](final-param-in-abstract-method.md): {% callout %} - [Avoid exceptions in finalizers](finalizer-no-exception.md): {% callout %} - [do not use break or continue in finally block](finally-no-break-continue-return.md): {% callout %} - [Use find_each to iterate over a collection of AR objects](find-each.md): {% callout %} - [Find a Cloud Account or Team ID using our API](find-id-using-api.md): Currently, the Cloudcraft UI doesn't expose the ID of your AWS or Azure accounts or teams. However, you can still fin... - [Security Findings Schema Reference](findings-schema.md): Security findings in Datadog represent vulnerabilities, misconfigurations, and security risks identified across your ... - [Explore Misconfigurations](findings.md): The Cloud Security Misconfigurations [Findings page](https://app.datadoghq.com/security/compliance?time=now) allows y... - [Datadog FIPS Compliance](fips-compliance.md): {% callout %} - [Google Compute firewall ingress allows unrestricted FTP access](firewall-ingress-allows-unrestricted-ftp-access.md): {% callout %} - [Google Compute firewall ingress allows unrestricted MySQL access](firewall-ingress-allows-unrestricted-mysql-access.md): {% callout %} - [Firewall rule allows too many hosts to access Redis Cache](firewall-rule-allows-too-many-hosts-to-access-redis-cache.md): {% callout %} - [Prefer using `first` and `last` to improve readability](first-and-last.md): {% callout %} - [First instruction should be ARG or FROM](first-instruction.md): {% callout %} - [Use first rather than filter and first](first-predicate.md): {% callout %} - [Fix "unable to verify AWS account" problem](fix-unable-to-verify-aws-account-problem.md): If you're getting an "unable to verify AWS account" error when trying to add your AWS account to Cloudcraft, it may b... - [Fleet Automation](fleet-automation.md): Manage automated deployments across your fleet of hosts. - [Fleet Automation](fleet-automation-2.md): {% callout %} - [Use fdiv on two integers float division](float-division.md): {% callout %} - [Prevents using `==` and `!=` operators on floats and doubles](float-equality.md): {% callout %} - [Flutter Crash Reporting and Error Tracking](flutter.md): Enable Crash Reporting and Error Tracking to get comprehensive crash reports and error trends with Real User Monitoring. - [RDS instance snapshots should not be publicly shared](fo0-6re-l0f.md): Secure your Amazon Relational Database Service (RDS) database snapshots by ensuring they are not publicly accessible. - [Incident Follow-ups](follow-ups.md): Incident follow-ups are tasks performed after an incident is resolved. During an incident investigation, your team mi... - [Check for loop is moving in the right direction](for-direction.md): {% callout %} - [Simplify for loops for while loops](for-loop-should-be-while-loop.md): {% callout %} - [Prevent empty default case for select without condition](for-select-default-empty.md): {% callout %} - [Optionals should not be force-unwrapped](forced-unwrapped.md): {% callout %} - [Too many control variables in for loop](forloop-variable-count.md): {% callout %} - [Check parameter names for wording issues](formal-parameters.md): {% callout %} - [Forms](forms.md): {% callout %} - [Forwarding Audit Events to Custom Destinations](forwarding-audit-events.md): {% callout %} - [>-](fpc-nw5-gm5.md): Classification:complianceFramework:cis-kubernetesControl:1.1.5 - [Possible privilege escalation via AWS login profile manipulation](fps-y8k-odm.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Manage Your Security Compliance Posture](frameworks-and-benchmarks.md): Cloud Security Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configu... - [Free Text Widget](free-text.md): Free text is a widget that allows you to add headings to your [screenboard](https://docs.datadoghq.com/dashboards/#sc... - [Frontend Error Tracking](frontend.md): {% image - [FSx Component](fsx.md): Use the FSx component to represent FSx file systems from your Amazon Web Services architecture. - [The Docker socket file should be owned by root and Docker group](ftc-kn6-yz8.md): Classification:complianceFramework:cis-dockerControl:3.15 - [RDS databases should not be publicly accessible](fu0-rtv-2rb.md): It is important to ensure that RDS database instances provisioned in your AWS account restrict unauthorized access to... - [Fully open ingress](fully-open-ingress.md): {% callout %} - [Function names must match the name of the assignation.](func-name-matching.md): {% callout %} - [Enforce named function expressions](func-names.md): {% callout %} - [a function must be defined only once](function-already-exists.md): {% callout %} - [Function App Component](function-app.md): You can use the Function App component to represent and visualize a group of Azure Functions from your Azure environm... - [Use inclusive language in function declarations](function-declaration.md): {% callout %} - [Avoid non-inclusive terms in function and parameter names](function-definition.md): {% callout %} - [Enforce spacing after the fun keyword](function-keyword-spacing.md): {% callout %} - [Avoid very short function names](function-name-min-length.md): {% callout %} - [Function name should be in camelCase](function-name.md): {% callout %} - [Function names should comply with a naming convention](function-names.md): {% callout %} - [Function name should use camelCase or PascalCase](function-naming.md): {% callout %} - [Enforce function return type spacing](function-return-type-spacing.md): {% callout %} - [Enforce function type spacing](function-type-modifier-spacing.md): {% callout %} - [Do not assign to function arguments](function-variable-argument-name.md): {% callout %} - [Function App authentication disabled](function-app-authentication-disabled.md): {% callout %} - [Function App client certificates not required](function-app-client-certificates-unrequired.md): {% callout %} - [Function App FTPS enforce disabled](function-app-ftps-enforce-disabled.md): {% callout %} - [Function App HTTP2 disabled](function-app-http2-disabled.md): {% callout %} - [Function App managed identity disabled](function-app-managed-identity-disabled.md): {% callout %} - [Function App not using latest TLS encryption version](function-app-not-using-latest-tls-encryption-version.md): {% callout %} - [Functions](functions.md): Functions can modify how the results of a metric query are returned for visualizations. Most functions are applied af... - [Funnel Widget](funnel.md): Funnel analysis helps you track conversion rates across key workflows to identify and address any bottlenecks in end-... - [Anomalous number of assumed roles from user](fwu-obr-c9n.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Certificate managed by ACM should be renewed within 7 days](fz6-l0k-bbu.md): Renew your SSL/TLS certificate managed by AWS Certificate Manager (ACM) as there are seven day left to renew. - [EBS volume snapshot should not be publicly shared](g1t-jj4-k8k.md): Secure Amazon Elastic Block Store (EBS) snapshots. - [Azure user viewed CosmosDB access keys](g3k-7d3-mcx.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1580-cloud-infrast... - [Kubelet default kernel parameter values should be protected from overriding.](g4y-d5m-gaj.md): Classification:complianceFramework:cis-kubernetesControl:4.2.6 - [Credential stuffing attack on Jumpcloud](g6h-rq4-3y9.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Compiler wrote suspicious file](g78-dht-5cj.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1027-obfusca... - [GameLift fleet EC2 inbound permissions with port range](gamelift-fleet-ec2-inbound-permissions-with-port-range.md): {% callout %} - [Enabling AAP for Gateway API in Kubernetes](gateway-api.md): {% callout %} - [Compromised AWS EC2 Instance](gay-o0u-6in.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [GCP Integration](gcp-integration.md): Configure your Datadog-Google Cloud Platform (GCP) integration directly through the Datadog API. Read more about the ... - [Connect to Datadog over Google Cloud Private Service Connect](gcp-private-service-connect.md): {% callout %} - [App and API Protection GCP Service Extensions Compatibility Requirements](gcp-service-extensions.md): {% callout %} - [Accessapproval Access Approval Settings](gcpaccessapproval-access-approval-settingsdataset.md): This table represents the accessapproval_access_approval_settings resource from Google Cloud Platform. - [Vertex AI Batch Prediction Job](gcpaiplatform-batch-prediction-jobdataset.md): Vertex AI Batch Prediction Job is a Google Cloud resource that runs machine learning model predictions on large datas... - [Vertex AI Cached Content](gcpaiplatform-cached-contentdataset.md): Vertex AI Cached Content is a Google Cloud resource that stores and manages cached data generated by Vertex AI models... - [Vertex AI Custom Job](gcpaiplatform-custom-jobdataset.md): Vertex AI Custom Job is a managed Google Cloud resource that allows users to run custom machine learning training or ... - [Vertex AI Data Labeling Job](gcpaiplatform-data-labeling-jobdataset.md): A Vertex AI Data Labeling Job in Google Cloud is a managed service that helps create high-quality labeled datasets fo... - [Vertex AI Dataset](gcpaiplatform-datasetdataset.md): Vertex AI Dataset is a managed resource in Google Cloud used to store and organize data for machine learning workflow... - [Vertex AI Endpoint](gcpaiplatform-endpointdataset.md): Vertex AI Endpoint in Google Cloud is a managed resource that provides a secure and scalable way to deploy and serve ... - [Vertex AI Feature Group](gcpaiplatform-feature-groupdataset.md): Vertex AI Feature Group is a managed service in Google Cloud that organizes and stores machine learning features for ... - [Vertex AI Feature Online Store](gcpaiplatform-feature-online-storedataset.md): Vertex AI Feature Online Store is a managed service in Google Cloud that provides low-latency access to machine learn... - [Vertex AI Feature Store](gcpaiplatform-featurestoredataset.md): Vertex AI Feature Store is a managed service on Google Cloud that helps you store, manage, and serve machine learning... - [Vertex AI Hyperparameter Tuning Job](gcpaiplatform-hyperparameter-tuning-jobdataset.md): Vertex AI Hyperparameter Tuning Job automatically searches for the best hyperparameter values for a machine learning ... - [Vertex AI Index](gcpaiplatform-indexdataset.md): Vertex AI Index in Google Cloud is a managed resource that stores and organizes vector embeddings for efficient simil... - [Vertex AI Index Endpoint](gcpaiplatform-index-endpointdataset.md): Vertex AI Index Endpoint is a managed service in Google Cloud that hosts vector indexes for similarity search and ret... - [Vertex AI Metadata Store](gcpaiplatform-metadata-storedataset.md): Vertex AI Metadata Store is a managed service in Google Cloud that tracks and organizes metadata for machine learning... - [Vertex AI Model](gcpaiplatform-modeldataset.md): Vertex AI Model is a managed machine learning resource in Google Cloud that stores and serves trained models. It supp... - [Model Deployment Monitoring Job](gcpaiplatform-model-deployment-monitoring-jobdataset.md): A Model Deployment Monitoring Job in GCP is a managed process that continuously tracks the performance of deployed ma... - [Vertex AI Notebook Execution Job](gcpaiplatform-notebook-execution-jobdataset.md): Vertex AI Notebook Execution Job is a managed service in Google Cloud that automates the execution of Jupyter noteboo... - [Vertex AI Workbench Runtime](gcpaiplatform-notebook-runtimedataset.md): Vertex AI Workbench Runtime is a managed environment in Google Cloud for running Jupyter-based notebooks and machine ... - [Vertex AI Workbench Runtime Template](gcpaiplatform-notebook-runtime-templatedataset.md): Vertex AI Workbench Runtime Template is a configuration resource in Google Cloud that defines the environment setup f... - [Vertex AI PipelineJob](gcpaiplatform-pipeline-jobdataset.md): Vertex AI PipelineJob in Google Cloud is a managed resource that defines and executes machine learning workflows. It ... - [Specialist Pool](gcpaiplatform-specialist-pooldataset.md): Specialist Pool in Google Cloud is a managed group of specialized virtual machine instances designed for specific wor... - [Vertex AI Tensorboard](gcpaiplatform-tensorboarddataset.md): Vertex AI Tensorboard is a managed visualization and tracking service for machine learning experiments on Google Clou... - [Vertex AI Training Pipeline](gcpaiplatform-training-pipelinedataset.md): Vertex AI Training Pipeline is a managed service in Google Cloud that automates the process of training machine learn... - [Vertex AI Tuning Job](gcpaiplatform-tuning-jobdataset.md): Vertex AI Tuning Job is a managed Google Cloud service that automates hyperparameter tuning for machine learning mode... - [AlloyDB Backup](gcpalloydb-backupdataset.md): AlloyDB Backup in Google Cloud is a managed backup resource for AlloyDB databases. It allows you to create consistent... - [AlloyDB Cluster](gcpalloydb-clusterdataset.md): AlloyDB Cluster in Google Cloud is a fully managed, high-performance database service compatible with PostgreSQL. It ... - [AlloyDB Instance](gcpalloydb-instancedataset.md): AlloyDB Instance is a fully managed PostgreSQL-compatible database service on Google Cloud. It is designed for high p... - [API Gateway API](gcpapigateway-apidataset.md): API Gateway API in Google Cloud is a managed service that allows you to create, secure, and monitor APIs for your bac... - [API Gateway API Config](gcpapigateway-api-configdataset.md): API Gateway API Config in Google Cloud defines the configuration for an API deployed through API Gateway. It specifie... - [API Gateway Gateway](gcpapigateway-gatewaydataset.md): API Gateway Gateway in Google Cloud is a fully managed service that allows you to create, secure, and monitor APIs at... - [Apigee Instance](gcpapigee-instancedataset.md): Apigee Instance is a managed runtime environment in Google Cloud used to host and manage API proxies. It provides the... - [Apigee Organization](gcpapigee-organizationdataset.md): Apigee Organization in Google Cloud is the top-level container for managing Apigee API management resources. It defin... - [Apihub Api Hub Instance](gcpapihub-api-hub-instancedataset.md): This table represents the apihub_api_hub_instance resource from Google Cloud Platform. - [API Key](gcpapikeys-keydataset.md): An API Key in Google Cloud is a simple encrypted string used to authenticate applications calling Google Cloud APIs. ... - [App Engine Application](gcpappengine-applicationdataset.md): App Engine Application is a fully managed platform on Google Cloud for building and running web applications. It auto... - [App Engine Service](gcpappengine-servicedataset.md): App Engine Service in Google Cloud is a logical component within App Engine that runs a specific application or micro... - [App Engine Version](gcpappengine-versiondataset.md): App Engine Version in Google Cloud represents a specific deployment of an application within an App Engine service. E... - [Application](gcpapphub-applicationdataset.md): Represents the App Engine application for a Google Cloud project. It is a global, per-project resource that sets the ... - [App Hub Service](gcpapphub-servicedataset.md): App Hub Service in Google Cloud is a managed platform that helps organize, manage, and monitor applications across mu... - [Service Project Attachment](gcpapphub-service-project-attachmentdataset.md): A Service Project Attachment in Google Cloud links a service project to a host project within a Shared VPC setup. It ... - [App Hub Workload](gcpapphub-workloaddataset.md): App Hub Workload in Google Cloud is a managed resource that represents an application's deployed components and their... - [Artifact Registry Docker Image](gcpartifactregistry-docker-imagedataset.md): Artifact Registry Docker Image in Google Cloud is a managed service for storing, managing, and securing container ima... - [Artifact Registry Maven Artifact](gcpartifactregistry-maven-artifactdataset.md): Artifact Registry Maven Artifact in Google Cloud is a resource that stores and manages Maven packages within Artifact... - [Artifact Registry NPM Package](gcpartifactregistry-npm-packagedataset.md): Artifact Registry NPM Package in Google Cloud is a managed service for storing, managing, and securing Node.js packag... - [Artifact Registry Python Package](gcpartifactregistry-python-packagedataset.md): Artifact Registry Python Package in Google Cloud is a managed service for storing, managing, and securing Python pack... - [Artifact Registry Repository](gcpartifactregistry-repositorydataset.md): Artifact Registry Repository in GCP is a managed service for storing and managing build artifacts such as container i... - [Artifact Registry Rule](gcpartifactregistry-ruledataset.md): Artifact Registry Rule in Google Cloud Platform defines policies and configurations for managing container images and... - [Backup and DR Backup](gcpbackupdr-backupdataset.md): Backup and DR Backup in Google Cloud is a managed service that provides centralized backup and disaster recovery for ... - [Backup and DR Backup Plan](gcpbackupdr-backup-plandataset.md): A Backup and DR Backup Plan in Google Cloud defines how data is backed up, stored, and recovered across Google Cloud ... - [Backup and DR Backup Plan Association](gcpbackupdr-backup-plan-associationdataset.md): Associates a backup plan with a specific resource in Google Cloud Backup and DR service. It defines which workloads o... - [Backup Vault](gcpbackupdr-backup-vaultdataset.md): A Backup Vault in Google Cloud is a managed container that securely stores backup data for various GCP services. It c... - [Backup and DR Data Source](gcpbackupdr-data-sourcedataset.md): Backup and DR Data Source in Google Cloud provides access to backup and disaster recovery configurations and metadata... - [Backup and DR Management Server](gcpbackupdr-management-serverdataset.md): Backup and DR Management Server in Google Cloud is a managed service that provides centralized backup, disaster recov... - [Batch Job](gcpbatch-jobdataset.md): Batch Job in Google Cloud is a managed service that allows you to run batch workloads at scale without managing infra... - [BeyondCorp AppConnection](gcpbeyondcorp-app-connectiondataset.md): BeyondCorp AppConnection in Google Cloud is a resource that defines a secure connection between a user and a private ... - [BeyondCorp AppConnector](gcpbeyondcorp-app-connectordataset.md): BeyondCorp AppConnector is a Google Cloud resource that provides secure connectivity between on-premises or hybrid en... - [BeyondCorp AppGateway](gcpbeyondcorp-app-gatewaydataset.md): BeyondCorp AppGateway is a managed Google Cloud resource that provides secure access to applications without requirin... - [BigQuery Dataset](gcpbigquery-datasetdataset.md): A BigQuery Dataset in Google Cloud is a logical container used to organize and manage tables, views, and other BigQue... - [BigQuery Model](gcpbigquery-modeldataset.md): A BigQuery Model in Google Cloud is a managed machine learning resource that allows users to train, store, and use ML... - [BigQuery Table](gcpbigquery-tabledataset.md): A BigQuery Table in Google Cloud is a structured dataset container that stores rows and columns of data within a BigQ... - [BigQuery Data Transfer Config](gcpbigquerydatatransfer-transfer-configdataset.md): BigQuery Data Transfer Config is a Google Cloud resource that automates data movement into BigQuery from various sour... - [BigQuery Migration Workflow](gcpbigquerymigration-migration-workflowdataset.md): BigQuery Migration Workflow in Google Cloud helps automate and manage the process of migrating data warehouses to Big... - [App Profile](gcpbigtableadmin-app-profiledataset.md): An App Profile in Google Cloud is a configuration for a Cloud Bigtable instance that defines how requests are routed ... - [Cloud Bigtable Backup](gcpbigtableadmin-backupdataset.md): Cloud Bigtable Backup in Google Cloud is a feature that lets you create consistent, point-in-time backups of your Big... - [Cloud Bigtable Cluster](gcpbigtableadmin-clusterdataset.md): Cloud Bigtable Cluster in GCP is a scalable, high-performance NoSQL database cluster used for large analytical and op... - [Cloud Bigtable Instance](gcpbigtableadmin-instancedataset.md): Cloud Bigtable Instance is a scalable NoSQL database resource in Google Cloud designed for high-throughput and low-la... - [Cloud Bigtable Table](gcpbigtableadmin-tabledataset.md): Cloud Bigtable Table is a scalable, high-performance NoSQL table in Google Cloud Bigtable. It is designed for large a... - [Binary Authorization Attestor](gcpbinaryauthorization-attestordataset.md): A Binary Authorization Attestor in Google Cloud is a security resource that defines and manages trusted authorities f... - [Binary Authorization Platform Policy](gcpbinaryauthorization-platform-policydataset.md): Binary Authorization Platform Policy in Google Cloud is a security control that enforces signature-based validation o... - [Binary Authorization Policy](gcpbinaryauthorization-policydataset.md): Binary Authorization Policy is a Google Cloud resource that defines rules for container image deployment security. It... - [Blockchain Node Engine Blockchain Node](gcpblockchainnodeengine-blockchain-nodedataset.md): Blockchain Node Engine Blockchain Node on Google Cloud is a managed service that allows you to deploy, manage, and sc... - [Certificate Manager Certificate](gcpcertificatemanager-certificatedataset.md): Certificate Manager Certificate in Google Cloud is a managed resource that provisions and manages SSL/TLS certificate... - [Certificate Issuance Configuration](gcpcertificatemanager-certificate-issuance-configdataset.md): Certificate Issuance Configuration in Google Cloud is a resource that defines how SSL/TLS certificates are issued and... - [Certificate Map](gcpcertificatemanager-certificate-mapdataset.md): Certificate Map in Google Cloud is a resource used to organize and manage SSL/TLS certificates for load balancers. It... - [Certificate Map Entry](gcpcertificatemanager-certificate-map-entrydataset.md): A Certificate Map Entry in Google Cloud is a configuration element within Certificate Manager that associates a speci... - [Certificate Manager DNS Authorization](gcpcertificatemanager-dns-authorizationdataset.md): Certificate Manager DNS Authorization in Google Cloud is a resource used to verify domain ownership through DNS recor... - [Certificate Manager TrustConfig](gcpcertificatemanager-trust-configdataset.md): Certificate Manager TrustConfig in Google Cloud is a resource that defines trust stores and trust anchors used for ce... - [Cloud Asset Feed](gcpcloudasset-feeddataset.md): Cloud Asset Feed in Google Cloud lets you receive real-time updates about changes to your cloud resources and policie... - [ProjectBillingInfo](gcpcloudbilling-project-billing-infodataset.md): ProjectBillingInfo represents the billing configuration for a Google Cloud project. It contains information about whi... - [Bitbucket Server Config](gcpcloudbuild-bitbucket-server-configdataset.md): Bitbucket Server Config in Google Cloud is a configuration resource used to integrate and manage Bitbucket Server rep... - [Cloud Build Trigger](gcpcloudbuild-build-triggerdataset.md): Cloud Build Trigger in Google Cloud Platform automatically starts a build process when specific events occur in a sou... - [GitHubEnterpriseConfig](gcpcloudbuild-github-enterprise-configdataset.md): GitHubEnterpriseConfig in Google Cloud represents the configuration settings that connect a Google Cloud project or s... - [Cloud Build Worker Pool](gcpcloudbuild-worker-pooldataset.md): A Cloud Build Worker Pool in Google Cloud is a private pool of workers used to run Cloud Build jobs on dedicated infr... - [Cloud Deploy Automation](gcpclouddeploy-automationdataset.md): Cloud Deploy Automation in Google Cloud is a managed service that automates the delivery of applications across multi... - [Cloud Deploy AutomationRun](gcpclouddeploy-automation-rundataset.md): Cloud Deploy AutomationRun in Google Cloud represents an automated execution instance within a Cloud Deploy pipeline.... - [Cloud Deploy Custom Target Type](gcpclouddeploy-custom-target-typedataset.md): Cloud Deploy Custom Target Type in Google Cloud lets you define and manage custom deployment targets beyond the built... - [Cloud Deploy Delivery Pipeline](gcpclouddeploy-delivery-pipelinedataset.md): Cloud Deploy Delivery Pipeline in Google Cloud is a resource that defines the sequence of stages and targets for rele... - [Cloud Deploy JobRun](gcpclouddeploy-job-rundataset.md): Cloud Deploy JobRun in Google Cloud represents an execution instance of a deployment job within a delivery pipeline. ... - [Cloud Deploy Release](gcpclouddeploy-releasedataset.md): Cloud Deploy Release in Google Cloud represents a specific version of an application or service that is ready to be d... - [Cloud Deploy Rollout](gcpclouddeploy-rolloutdataset.md): Cloud Deploy Rollout in Google Cloud represents a specific deployment instance within a delivery pipeline. It defines... - [Cloud Deploy Target](gcpclouddeploy-targetdataset.md): A Cloud Deploy Target in Google Cloud is a deployment destination that defines where application releases are deliver... - [Cloud Functions Function](gcpcloudfunctions-functiondataset.md): Cloud Functions Function in GCP is a serverless compute resource that lets you run event-driven code without managing... - [Cloud KMS CryptoKeyVersion](gcpcloudkms-crypto-key-versiondataset.md): A Cloud KMS CryptoKeyVersion in Google Cloud represents a specific version of a cryptographic key within a Cloud KMS ... - [Cloud KMS Import Job](gcpcloudkms-import-jobdataset.md): A Cloud KMS Import Job in Google Cloud is a temporary resource used to securely import cryptographic key material int... - [Quota Preference](gcpcloudquotas-quota-preferencedataset.md): Quota Preference in Google Cloud Platform allows users to define and manage preferences for quota usage and allocatio... - [Lien](gcpcloudresourcemanager-liendataset.md): A Lien in Google Cloud is a restriction placed on a project or resource to prevent accidental deletion or modificatio... - [TagKey](gcpcloudresourcemanager-tag-keydataset.md): TagKey in Google Cloud is a resource that defines a key within the tagging system used for organizing and managing cl... - [TagValue](gcpcloudresourcemanager-tag-valuedataset.md): TagValue in Google Cloud represents a specific value within a TagKey, used for organizing and managing resources thro... - [Cloudrun Job](gcpcloudrun-jobdataset.md): This table represents the Cloudrun Job resource from Google Cloud Platform. - [Cloud Tasks Queue](gcpcloudtasks-queuedataset.md): Cloud Tasks Queue in Google Cloud is a fully managed service that lets you manage the execution, dispatch, and delive... - [Cloud Composer Environment](gcpcomposer-environmentdataset.md): Cloud Composer Environment in GCP is a fully managed workflow orchestration service built on Apache Airflow. It allow... - [External IP Address](gcpcompute-addressdataset.md): An External IP Address in Google Cloud is a publicly accessible IP assigned to a resource, such as a virtual machine,... - [Compute Autoscaler](gcpcompute-autoscalerdataset.md): Compute Autoscaler in Google Cloud automatically adjusts the number of virtual machine instances in a managed instanc... - [Compute Backend Bucket](gcpcompute-backend-bucketdataset.md): A Compute Backend Bucket in Google Cloud is a backend service that uses a Cloud Storage bucket to serve static conten... - [Backend Service](gcpcompute-backend-servicedataset.md): A Backend Service in Google Cloud is a configuration resource that defines how incoming traffic is distributed to bac... - [Compute Commitment](gcpcompute-commitmentdataset.md): A Compute Commitment in Google Cloud is a contract that provides discounted pricing in exchange for committing to use... - [Persistent Disk](gcpcompute-diskdataset.md): Persistent Disk in Google Cloud is a durable block storage option for virtual machine instances. It provides high-per... - [External VPN Gateway](gcpcompute-external-vpn-gatewaydataset.md): External VPN Gateway in Google Cloud represents a physical or virtual VPN device located outside of Google Cloud that... - [Firewall Rules](gcpcompute-firewalldataset.md): Firewall Rules in Google Cloud Platform control network traffic to and from virtual machine instances. They define al... - [Firewall Policy](gcpcompute-firewall-policydataset.md): A Firewall Policy in Google Cloud is a centralized set of rules that control network traffic across multiple Virtual ... - [Forwarding Rule](gcpcompute-forwarding-ruledataset.md): A Forwarding Rule in Google Cloud is a configuration that directs traffic to a specific target resource, such as a lo... - [Global Address](gcpcompute-global-addressdataset.md): A Global Address in Google Cloud is a static external IP address that can be used across multiple regions. It is typi... - [Global Forwarding Rule](gcpcompute-global-forwarding-ruledataset.md): A Global Forwarding Rule in Google Cloud is a configuration that directs incoming traffic from a single global IP add... - [Compute Engine health check](gcpcompute-health-checkdataset.md): A Compute Engine health check in Google Cloud continuously monitors the status of virtual machine instances or backen... - [HTTP Health Check](gcpcompute-http-health-checkdataset.md): HTTP Health Check in Google Cloud Platform is used to monitor the health of instances in a load-balanced service. It ... - [HTTPs Health Check](gcpcompute-https-health-checkdataset.md): An HTTPS Health Check in Google Cloud Platform is used to monitor the health of backend services by sending HTTPS req... - [Compute Engine Image](gcpcompute-imagedataset.md): A Compute Engine Image in Google Cloud is a bootable disk image used to create virtual machine instances. It contains... - [Virtual Machine Instance](gcpcompute-instancedataset.md): A Virtual Machine Instance in Google Cloud (GCP) is a compute resource that provides on-demand, scalable virtual serv... - [Managed Instance Group](gcpcompute-instance-groupdataset.md): A Managed Instance Group in Google Cloud is a collection of identical virtual machine instances that are managed as a... - [Managed Instance Group](gcpcompute-instance-group-managerdataset.md): A Managed Instance Group in Google Cloud is a collection of identical virtual machine instances managed as a single e... - [Compute Instance Settings](gcpcompute-instance-settingsdataset.md): Compute Instance Settings in GCP define the configuration parameters for virtual machine instances, including machine... - [Compute Engine Instance Template](gcpcompute-instance-templatedataset.md): A Compute Engine Instance Template in Google Cloud is a reusable configuration that defines settings for virtual mach... - [Compute Engine Instant Snapshot](gcpcompute-instant-snapshotdataset.md): Compute Engine Instant Snapshot is a Google Cloud resource that allows you to capture a point-in-time copy of a persi... - [Cloud Interconnect](gcpcompute-interconnectdataset.md): Cloud Interconnect on Google Cloud provides high-bandwidth, low-latency connections between your on-premises network ... - [Interconnect Attachment](gcpcompute-interconnect-attachmentdataset.md): An Interconnect Attachment in Google Cloud is a regional resource that connects your Virtual Private Cloud (VPC) netw... - [Compute Engine License](gcpcompute-licensedataset.md): A Compute Engine License in Google Cloud represents the licensing terms associated with a virtual machine image or op... - [Compute Engine Machine Image](gcpcompute-machine-imagedataset.md): A Compute Engine Machine Image in Google Cloud is a resource that stores all the configuration, metadata, and disk da... - [Virtual Private Cloud Network](gcpcompute-networkdataset.md): A Virtual Private Cloud Network in Google Cloud is a logically isolated, private network that provides secure communi... - [Network Attachment](gcpcompute-network-attachmentdataset.md): A Network Attachment in Google Cloud is a resource that connects a Virtual Private Cloud (VPC) network to a service p... - [Network Edge Security Service](gcpcompute-network-edge-security-servicedataset.md): Network Edge Security Service in Google Cloud provides centralized security controls for traffic entering or leaving ... - [Network Endpoint Group](gcpcompute-network-endpoint-groupdataset.md): A Network Endpoint Group (NEG) in Google Cloud is a collection of network endpoints, such as IP and port combinations... - [Node Group](gcpcompute-node-groupdataset.md): A Node Group in Google Cloud is a collection of virtual machine instances within a single zone that share the same co... - [Compute Node Template](gcpcompute-node-templatedataset.md): A Compute Node Template in Google Cloud is a resource that defines the configuration for sole-tenant nodes. It specif... - [Packet Mirroring](gcpcompute-packet-mirroringdataset.md): Packet Mirroring in Google Cloud captures network traffic from specified VM instances, forwarding copies of the packe... - [Project](gcpcompute-projectdataset.md): A GCP Project is the primary container for organizing and managing Google Cloud resources. It provides an isolated en... - [Public Delegated Prefix](gcpcompute-public-delegated-prefixdataset.md): A Public Delegated Prefix in Google Cloud is a reserved block of public IP addresses that a project can delegate to o... - [Compute Engine Reservation](gcpcompute-reservationdataset.md): Compute Engine Reservation in Google Cloud lets you reserve a specific amount of Compute Engine VM capacity in a chos... - [Compute Resource Policy](gcpcompute-resource-policydataset.md): A Compute Resource Policy in Google Cloud is a configuration that defines rules for managing compute resources such a... - [Route](gcpcompute-routedataset.md): A Route in Google Cloud defines how network traffic is directed within a Virtual Private Cloud (VPC). It specifies a ... - [Cloud Router](gcpcompute-routerdataset.md): Cloud Router in Google Cloud is a fully distributed and managed service that enables dynamic routing between your Vir... - [Cloud Armor Security Policy](gcpcompute-security-policydataset.md): Cloud Armor Security Policy in Google Cloud is a set of rules that help protect applications and services from web-ba... - [Service Attachment](gcpcompute-service-attachmentdataset.md): A Service Attachment in Google Cloud is a resource that allows a service producer to publish a service through Privat... - [Compute Engine Snapshot](gcpcompute-snapshotdataset.md): A Compute Engine Snapshot in Google Cloud is a point-in-time backup of a persistent disk. It captures the disk's data... - [SSL Certificate](gcpcompute-ssl-certificatedataset.md): An SSL Certificate in Google Cloud is a managed resource that provides secure communication between clients and servi... - [SSL Policy](gcpcompute-ssl-policydataset.md): An SSL Policy in Google Cloud defines the SSL features and minimum TLS versions that can be used by load balancers. I... - [Compute Storage Pool](gcpcompute-storage-pooldataset.md): A regional storage pool in Compute Engine for Hyperdisk. You pre-provision performance (IOPS/throughput) and capacity... - [Subnetworks](gcpcompute-subnetworkdataset.md): Subnetworks in Google Cloud are regional resources that define IP address ranges within a Virtual Private Cloud (VPC)... - [Target gRPC Proxy](gcpcompute-target-grpc-proxydataset.md): A Target gRPC Proxy in Google Cloud is a load balancing resource that routes incoming gRPC requests to backend servic... - [Target HTTP Proxy](gcpcompute-target-http-proxydataset.md): A Target HTTP Proxy in Google Cloud is a forwarding resource that routes incoming HTTP requests to a specified URL ma... - [Target HTTPS Proxy](gcpcompute-target-https-proxydataset.md): A Target HTTPS Proxy in Google Cloud is a global resource that routes incoming HTTPS requests to backend services bas... - [Target Instance](gcpcompute-target-instancedataset.md): A Target Instance in Google Cloud is a single virtual machine instance used as a target for traffic from a forwarding... - [Target Pool](gcpcompute-target-pooldataset.md): A Target Pool in Google Cloud is a resource used for managing groups of virtual machine instances that receive incomi... - [Target SSL Proxy](gcpcompute-target-ssl-proxydataset.md): A Target SSL Proxy in Google Cloud is a regional proxy resource that routes incoming SSL traffic from clients to back... - [Target TCP Proxy](gcpcompute-target-tcp-proxydataset.md): A Target TCP Proxy in Google Cloud is a regional proxy resource that routes incoming TCP traffic to backend services ... - [Target VPN Gateway](gcpcompute-target-vpn-gatewaydataset.md): A Target VPN Gateway in Google Cloud is a regional resource that represents the VPN endpoint on the Google Cloud side... - [URL map](gcpcompute-url-mapdataset.md): A URL map in Google Cloud Platform defines how HTTP and HTTPS requests are routed to backend services based on rules ... - [Cloud VPN Gateway](gcpcompute-vpn-gatewaydataset.md): Cloud VPN Gateway in Google Cloud is a virtual gateway that securely connects your on-premises network to your Virtua... - [Cloud VPN Tunnel](gcpcompute-vpn-tunneldataset.md): Cloud VPN Tunnel in Google Cloud securely connects your on-premises network to your Virtual Private Cloud (VPC) netwo... - [Cloud Deployment Manager Deployment](gcpconfig-deploymentdataset.md): Cloud Deployment Manager Deployment is a Google Cloud resource used to automate the creation and management of GCP re... - [Config Controller Preview](gcpconfig-previewdataset.md): Config Controller Preview is a managed service in Google Cloud that provides a hosted instance of Config Connector an... - [Connector Connection](gcpconnectors-connectiondataset.md): Connector Connection in Google Cloud represents a network link created through Serverless VPC Access. It allows serve... - [Connectors Endpoint Attachment](gcpconnectors-endpoint-attachmentdataset.md): Connectors Endpoint Attachment in Google Cloud is a resource that allows private connectivity between a Virtual Priva... - [Event Subscription](gcpconnectors-event-subscriptiondataset.md): Event Subscription in Google Cloud is a configuration that allows services to receive notifications when specific eve... - [Regional Setting](gcpconnectors-regional-settingdataset.md): Defines the geographical region where Google Cloud resources are deployed and managed. A regional setting determines ... - [Regional Settings](gcpconnectors-regional-settingsdataset.md): Regional Settings in Google Cloud Platform define configuration parameters that apply to resources within a specific ... - [EncryptionSpec](gcpcontactcenterinsights-encryption-specdataset.md): EncryptionSpec in Google Cloud defines the encryption settings used to protect data at rest for a resource. It specif... - [Contact Center AI Insights Issue Model](gcpcontactcenterinsights-issue-modeldataset.md): Contact Center AI Insights Issue Model in Google Cloud is a machine learning model that identifies and categorizes re... - [Phrase Matcher](gcpcontactcenterinsights-phrase-matcherdataset.md): Phrase Matcher is a Google Cloud resource used to identify and analyze specific phrases within text or audio data. It... - [View](gcpcontactcenterinsights-viewdataset.md): A View in Google Cloud refers to a virtual table defined by a SQL query that presents data from one or more tables or... - [Dataflow Job](gcpdataflow-jobdataset.md): A Dataflow Job in Google Cloud is a managed service execution of a data processing pipeline built with Apache Beam. I... - [Dataform Compilation Result](gcpdataform-compilation-resultdataset.md): Dataform Compilation Result in Google Cloud represents the output of compiling a Dataform workflow. It contains the p... - [Dataform ReleaseConfig](gcpdataform-release-configdataset.md): Dataform ReleaseConfig in Google Cloud defines the configuration for creating and managing Dataform releases. It spec... - [Dataform Repository](gcpdataform-repositorydataset.md): A Dataform Repository in Google Cloud is a managed workspace for organizing and versioning SQL workflows used in data... - [Dataform Workflow Config](gcpdataform-workflow-configdataset.md): Dataform Workflow Config in Google Cloud defines the configuration for running Dataform workflows, which manage SQL-b... - [Dataform Workflow Invocation](gcpdataform-workflow-invocationdataset.md): Dataform Workflow Invocation in Google Cloud is a resource that represents the execution of a Dataform workflow. It a... - [Dataform Workspace](gcpdataform-workspacedataset.md): Dataform Workspace in Google Cloud is a managed environment for developing, testing, and deploying SQL-based data tra... - [DNS Peering Zone](gcpdatafusion-dns-peeringdataset.md): A DNS Peering Zone in Google Cloud allows private DNS resolution across different Virtual Private Cloud (VPC) network... - [Cloud Data Fusion Instance](gcpdatafusion-instancedataset.md): Cloud Data Fusion Instance is a fully managed, cloud-native data integration service that allows users to build and m... - [Data Lineage Process](gcpdatalineage-processdataset.md): Data Lineage Process in GCP tracks the flow of data through various services, showing how data is created, transforme... - [Connection Profile](gcpdatamigration-connection-profiledataset.md): A Connection Profile in Google Cloud is a configuration resource that stores connection details for data sources or d... - [Conversion Workspace](gcpdatamigration-conversion-workspacedataset.md): Conversion Workspace in Google Cloud is a managed environment used for database migration and modernization. It allow... - [Database Migration Service MigrationJob](gcpdatamigration-migration-jobdataset.md): Database Migration Service MigrationJob in Google Cloud is a managed resource that defines and manages the process of... - [PrivateConnection](gcpdatamigration-private-connectiondataset.md): PrivateConnection in Google Cloud is a resource that enables private network connectivity between a customer's Virtua... - [Dataplex Aspect Type](gcpdataplex-aspect-typedataset.md): Dataplex Aspect Type in Google Cloud defines a reusable schema that describes a specific aspect of data assets, such ... - [Dataplex Asset](gcpdataplex-assetdataset.md): A Dataplex Asset in Google Cloud is a data resource, such as a Cloud Storage bucket or BigQuery dataset, that is regi... - [Dataplex DataScan](gcpdataplex-data-scandataset.md): Dataplex DataScan in Google Cloud is a managed service that allows you to run data quality and profiling scans on you... - [Dataplex Entry Group](gcpdataplex-entry-groupdataset.md): A Dataplex Entry Group in Google Cloud is a logical container used to organize and manage metadata entries within Dat... - [Dataplex Entry Type](gcpdataplex-entry-typedataset.md): Dataplex Entry Type in Google Cloud defines a custom metadata schema for data assets managed within Dataplex. It allo... - [Dataplex Environment](gcpdataplex-environmentdataset.md): A Dataplex Environment in Google Cloud is a managed compute resource that provides the infrastructure for running dat... - [Dataplex Glossary](gcpdataplex-glossarydataset.md): Dataplex Glossary in Google Cloud is a centralized metadata management feature that allows users to define, organize,... - [Dataplex Lake](gcpdataplex-lakedataset.md): Dataplex Lake in Google Cloud is a centralized data repository that organizes, secures, and manages data across stora... - [Dataplex Task](gcpdataplex-taskdataset.md): A Dataplex Task in Google Cloud is a scheduled or on-demand job that runs data processing workloads within a Dataplex... - [Dataplex Zone](gcpdataplex-zonedataset.md): A Dataplex Zone in Google Cloud is a logical subdivision within a Dataplex lake that organizes and governs data based... - [Dataproc Autoscaling Policy](gcpdataproc-autoscaling-policydataset.md): A Dataproc Autoscaling Policy in Google Cloud automatically adjusts the number of worker nodes in a Dataproc cluster ... - [Dataproc Batch](gcpdataproc-batchdataset.md): Dataproc Batch in Google Cloud is a managed service for running batch workloads using open-source data processing fra... - [Dataproc Cluster](gcpdataproc-clusterdataset.md): A Dataproc Cluster in Google Cloud is a managed cluster of virtual machines optimized for running Apache Spark, Apach... - [Dataproc Job](gcpdataproc-jobdataset.md): A Dataproc Job in Google Cloud is a workload submitted to a Dataproc cluster for processing big data tasks. It suppor... - [Dataproc Session](gcpdataproc-sessiondataset.md): Dataproc Session in Google Cloud is a temporary interactive environment for running Spark workloads without managing ... - [Dataproc Workflow Template](gcpdataproc-workflow-templatedataset.md): A Dataproc Workflow Template in Google Cloud is a reusable definition of a sequence of jobs to run on Dataproc cluste... - [Datastream Connection Profile](gcpdatastream-connection-profiledataset.md): A Datastream Connection Profile in Google Cloud defines the connection details for a data source or destination used ... - [Datastream Private Connection](gcpdatastream-private-connectiondataset.md): Datastream Private Connection in Google Cloud is a network configuration that enables secure, private connectivity be... - [Datastream Stream](gcpdatastream-streamdataset.md): Datastream Stream in Google Cloud is a serverless change data capture and replication service that lets you synchroni... - [Developer Connect Connection](gcpdeveloperconnect-connectiondataset.md): Developer Connect Connection in Google Cloud is a resource that establishes a secure link between Google Cloud and ex... - [Developer Connect Git Repository Link](gcpdeveloperconnect-git-repository-linkdataset.md): Developer Connect Git Repository Link in Google Cloud is a resource that connects a Git repository from supported sou... - [Dialogflow Agent](gcpdialogflow-agentdataset.md): A Dialogflow Agent is a Google Cloud resource that enables the creation of conversational interfaces such as chatbots... - [Dialogflow Conversation Profile](gcpdialogflow-conversation-profiledataset.md): A Dialogflow Conversation Profile in Google Cloud defines the configuration for managing conversations between users ... - [Dialogflow Knowledge Base](gcpdialogflow-knowledge-basedataset.md): Dialogflow Knowledge Base in Google Cloud is a feature that allows virtual agents to automatically find and deliver a... - [Discovery Engine Collection](gcpdiscoveryengine-collectiondataset.md): Discovery Engine Collection in Google Cloud is a container for organizing and managing data used by Discovery Engine ... - [Discovery Engine Data Store](gcpdiscoveryengine-data-storedataset.md): Discovery Engine Data Store is a Google Cloud resource that stores and manages structured and unstructured data used ... - [Discoveryengine Datastore](gcpdiscoveryengine-datastoredataset.md): This table represents the discoveryengine_datastore resource from Google Cloud Platform. - [Discovery Engine Engine](gcpdiscoveryengine-enginedataset.md): Discovery Engine Engine is a Google Cloud resource that provides the core configuration for Discovery Engine, a servi... - [Deidentify Template](gcpdlp-deidentify-templatedataset.md): A Deidentify Template in Google Cloud is a reusable configuration that defines how sensitive data should be transform... - [DiscoveryConfig](gcpdlp-discovery-configdataset.md): DiscoveryConfig in Google Cloud is a configuration resource used by Security Command Center to define how assets and ... - [Dlp Dlp Job](gcpdlp-dlp-jobdataset.md): This table represents the dlp_dlp_job resource from Google Cloud Platform. - [InspectTemplate](gcpdlp-inspect-templatedataset.md): InspectTemplate in Google Cloud is a reusable configuration for Data Loss Prevention (DLP) inspections. It defines wh... - [Data Loss Prevention Job Trigger](gcpdlp-job-triggerdataset.md): A Data Loss Prevention Job Trigger in Google Cloud automatically starts DLP inspection or risk analysis jobs based on... - [StoredInfoType](gcpdlp-stored-info-typedataset.md): A StoredInfoType in Google Cloud is a reusable custom data type definition used by Cloud Data Loss Prevention (DLP). ... - [Cloud DNS Managed Zone](gcpdns-managed-zonedataset.md): A Cloud DNS Managed Zone in Google Cloud is a container for DNS records that define how domain names are resolved. It... - [DNS Policy](gcpdns-policydataset.md): A DNS Policy in Google Cloud lets you manage and control DNS behavior for your Virtual Private Cloud networks. It all... - [Cloud DNS Resource Record Set](gcpdns-resource-record-setdataset.md): Cloud DNS Resource Record Set in Google Cloud represents a collection of DNS records that share the same name, type, ... - [DNS Response Policy](gcpdns-response-policydataset.md): A DNS Response Policy in Google Cloud lets you control how DNS queries are resolved within your network. It allows yo... - [DNS Response Policy Rule](gcpdns-response-policy-ruledataset.md): A DNS Response Policy Rule in Google Cloud lets you define custom DNS behavior within a managed response policy. It a... - [Document AI Processor](gcpdocumentai-processordataset.md): Document AI Processor is a managed Google Cloud service that uses machine learning to extract, classify, and structur... - [Document AI Processor Version](gcpdocumentai-processor-versiondataset.md): A Document AI Processor Version in Google Cloud represents a specific release of a Document AI processor model. Each ... - [Cloud Domains Registration](gcpdomains-registrationdataset.md): Cloud Domains Registration in Google Cloud allows users to search for, register, and manage domain names directly wit... - [Essential Contacts Contact](gcpessentialcontacts-contactdataset.md): Essential Contacts Contact in Google Cloud Platform is a resource that defines contact information for important noti... - [Eventarc Channel](gcpeventarc-channeldataset.md): Eventarc Channel in Google Cloud is a resource that connects event providers and event consumers. It acts as a commun... - [Eventarc Channel Connection](gcpeventarc-channel-connectiondataset.md): Eventarc Channel Connection in Google Cloud is a resource that establishes a link between an event producer and an Ev... - [Eventarc Enrollment](gcpeventarc-enrollmentdataset.md): Eventarc Enrollment in Google Cloud enables services to receive and react to events from various sources across GCP a... - [Google API Source](gcpeventarc-google-api-sourcedataset.md): Google API Source is a Google Cloud resource that connects external APIs or services to Google Cloud's event-driven i... - [Eventarc Message Bus](gcpeventarc-message-busdataset.md): Eventarc Message Bus is a Google Cloud service that enables event-driven communication between applications and servi... - [Eventarc Pipeline](gcpeventarc-pipelinedataset.md): Eventarc Pipeline is a Google Cloud resource that enables the creation of event-driven workflows by connecting event ... - [Eventarc Trigger](gcpeventarc-triggerdataset.md): Eventarc Trigger in Google Cloud is a resource that allows you to route events from various sources to Cloud Run, Wor... - [Backup for Google Cloud FileStore](gcpfile-backupdataset.md): Backup for Google Cloud Filestore allows you to create and manage backups of your Filestore instances. These backups ... - [Filestore Instance](gcpfile-instancedataset.md): Filestore Instance in Google Cloud is a managed network-attached storage service that provides high-performance file ... - [Filestore Snapshot](gcpfile-snapshotdataset.md): Filestore Snapshot in Google Cloud is a point-in-time copy of a Filestore instance. It allows you to preserve the sta... - [Backtest Result](gcpfinancialservices-backtest-resultdataset.md): This table represents the Backtest Result resource from Google Cloud Platform. - [Financial Services Dataset](gcpfinancialservices-datasetdataset.md): A Financial Services Dataset in Google Cloud is a curated collection of financial data designed to support analytics,... - [Financial Services Engine Config](gcpfinancialservices-engine-configdataset.md): This table represents the Financial Services Engine Config resource from Google Cloud Platform. - [>-](gcpfinancialservices-instancedataset.md): This table represents the There is no official Google Cloud resource called "gcp_financialservices_instance". resourc... - [Financial Services Prediction Result](gcpfinancialservices-prediction-resultdataset.md): This table represents the Financial Services Prediction Result resource from Google Cloud Platform. - [Firebase Firebase App Info](gcpfirebase-firebase-app-infodataset.md): This table represents the firebase_firebase_app_info resource from Google Cloud Platform. - [Firebase Firebase Project](gcpfirebase-firebase-projectdataset.md): This table represents the firebase_firebase_project resource from Google Cloud Platform. - [Firebase Data Connect Connector](gcpfirebasedataconnect-connectordataset.md): Firebase Data Connect Connector is a managed service in Google Cloud that enables secure and efficient access to rela... - [Firebase Data Connect Schema](gcpfirebasedataconnect-schemadataset.md): Firebase Data Connect Schema defines the structure and relationships of data used by Firebase Data Connect, a service... - [Firebase Data Connect Service](gcpfirebasedataconnect-servicedataset.md): Firebase Data Connect Service is a managed service in Google Cloud that provides a secure and scalable way to connect... - [Firebase Rules Release](gcpfirebaserules-releasedataset.md): Firebase Rules Release is a Google Cloud resource that represents a specific deployment of Firebase security rules fo... - [Firebase Rules Ruleset](gcpfirebaserules-rulesetdataset.md): A Firebase Rules Ruleset in Google Cloud Platform defines the access control and validation logic for Firebase servic... - [Firestore Backup and Restore](gcpfirestore-backupdataset.md): Firestore Backup and Restore is a managed Google Cloud service that automates the creation, storage, and recovery of ... - [Cloud Firestore Database](gcpfirestore-databasedataset.md): Cloud Firestore Database is a fully managed NoSQL document database from Google Cloud. It stores data in collections ... - [Folder](gcpfolderdataset.md): This table represents the Folder resource from Google Cloud Platform. - [Backup](gcpgkebackup-backupdataset.md): Backup in Google Cloud is a managed service that allows you to create, manage, and restore backups of your data and w... - [Backup Plan](gcpgkebackup-backup-plandataset.md): A Backup Plan in Google Cloud is a configuration that defines how backups are created, scheduled, and retained for re... - [Backup for GKE Restore Plan](gcpgkebackup-restoredataset.md): A Backup for GKE Restore Plan in Google Cloud defines how and where to restore a previously created GKE backup. It sp... - [Backup for GKE RestorePlan](gcpgkebackup-restore-plandataset.md): Backup for GKE RestorePlan in Google Cloud is a configuration that defines how a backup of a Google Kubernetes Engine... - [VolumeBackup](gcpgkebackup-volume-backupdataset.md): A VolumeBackup in Google Cloud is a point-in-time copy of a persistent disk or volume used for data protection and re... - [Backup for GKE Volume Restore](gcpgkebackup-volume-restoredataset.md): Backup for GKE Volume Restore in Google Cloud is a feature that allows you to recover persistent volumes associated w... - [GKE Hub Feature](gcpgkehub-featuredataset.md): GKE Hub Feature is a Google Cloud resource that represents a specific capability or service enabled within the GKE Hu... - [Fleet](gcpgkehub-fleetdataset.md): Fleet in Google Cloud is a container management resource that allows you to organize and manage multiple Kubernetes c... - [GKE Hub Membership](gcpgkehub-membershipdataset.md): GKE Hub Membership represents a registered Kubernetes cluster within the Google Kubernetes Engine (GKE) Hub. It allow... - [GKE Hub MembershipBinding](gcpgkehub-membership-bindingdataset.md): GKE Hub MembershipBinding is a Google Cloud resource that associates a GKE Hub Membership with a specific policy or c... - [GKE Hub Feature Membership](gcpgkehub-membership-featuredataset.md): GKE Hub Feature Membership represents the association between a specific GKE cluster and a feature managed through th... - [GKE Hub Namespace](gcpgkehub-namespacedataset.md): GKE Hub Namespace is a Google Cloud resource that represents a logical namespace within a registered Kubernetes clust... - [GKE Hub RBAC Role Binding](gcpgkehub-rbac-role-bindingdataset.md): GKE Hub RBAC Role Binding is a Google Cloud resource that defines role-based access control bindings for users, group... - [GKE Hub Scope](gcpgkehub-scopedataset.md): GKE Hub Scope is a Google Cloud resource that groups multiple GKE clusters into a logical scope for centralized manag... - [Attached Cluster](gcpgkemulticloud-attached-clusterdataset.md): An Attached Cluster in Google Cloud is a Kubernetes cluster that runs outside Google Cloud but is registered with Goo... - [AWS Cluster (GKE Multi-Cloud)](gcpgkemulticloud-aws-clusterdataset.md): AWS Cluster (GKE Multi-Cloud) is a Google Cloud resource that allows you to create and manage Kubernetes clusters run... - [AWS Node Pool](gcpgkemulticloud-aws-node-pooldataset.md): This table represents the AWS Node Pool resource from Google Cloud Platform. - [AzureClient](gcpgkemulticloud-azure-clientdataset.md): This table represents the AzureClient resource from Google Cloud Platform. - [Azure Cluster](gcpgkemulticloud-azure-clusterdataset.md): This table represents the Azure Cluster resource from Google Cloud Platform. - [Azure Node Pool](gcpgkemulticloud-azure-node-pooldataset.md): This table represents the Azure Node Pool resource from Google Cloud Platform. - [Bare Metal Cluster](gcpgkeonprem-bare-metal-clusterdataset.md): A Bare Metal Cluster in Google Cloud is a managed environment that allows you to run workloads directly on physical s... - [Bare Metal Node Pool](gcpgkeonprem-bare-metal-node-pooldataset.md): A Bare Metal Node Pool in Google Cloud is a collection of physical, non-virtualized servers used to run workloads tha... - [VMware Cluster (GKE On-Prem)](gcpgkeonprem-vmware-clusterdataset.md): A VMware Cluster in GKE On-Prem is a group of VMware-based nodes managed by Google Kubernetes Engine running in an on... - [VMware Node Pool](gcpgkeonprem-vmware-node-pooldataset.md): A VMware Node Pool in Google Cloud is a group of nodes used to run VMware workloads within Google Cloud VMware Engine... - [Cloud Healthcare API Consent Store](gcphealthcare-consent-storedataset.md): Cloud Healthcare API Consent Store is a Google Cloud resource that manages patient consent policies for healthcare da... - [Cloud Healthcare API Dataset](gcphealthcare-datasetdataset.md): A Cloud Healthcare API Dataset in Google Cloud is a container for healthcare data that supports multiple data formats... - [Cloud Healthcare API DICOM store](gcphealthcare-dicom-storedataset.md): A Cloud Healthcare API DICOM store in Google Cloud is a managed service for storing, managing, and accessing medical ... - [FHIR store](gcphealthcare-fhir-storedataset.md): A FHIR store in Google Cloud is a managed repository for healthcare data that follows the HL7 FHIR (Fast Healthcare I... - [HL7v2 Store](gcphealthcare-hl7-v2-storedataset.md): HL7v2 Store in Google Cloud is a managed service within Cloud Healthcare API that allows secure storage, management, ... - [IAM Policy](gcpiam-policydataset.md): This table represents the IAM Policy resource from Google Cloud Platform. - [IAM Role](gcpiam-roledataset.md): An IAM Role in Google Cloud is a collection of permissions that define what actions a user or service account can per... - [Service Account](gcpiam-service-accountdataset.md): A Service Account in GCP is a special type of account used by applications, virtual machines, or services to interact... - [Service Account Key](gcpiam-service-account-keydataset.md): A Service Account Key in Google Cloud is a credential file that allows applications or services to authenticate as a ... - [IAP Tunnel Destination Group](gcpiap-tunnel-dest-groupdataset.md): An IAP Tunnel Destination Group in Google Cloud is a configuration resource used with Identity-Aware Proxy (IAP) to d... - [Identity Platform Config](gcpidentitytoolkit-configdataset.md): Identity Platform Config in Google Cloud is a configuration resource that manages authentication settings for applica... - [Identity Platform Default Supported Idp Config](gcpidentitytoolkit-default-supported-idp-configdataset.md): This resource represents the default configuration for supported identity providers in Google Cloud Identity Platform... - [Identity Platform Inbound SAML Configuration](gcpidentitytoolkit-inbound-saml-configdataset.md): Identity Platform Inbound SAML Configuration in Google Cloud allows you to set up and manage SAML-based single sign-o... - [Identity Platform OAuth IdP Config](gcpidentitytoolkit-oauth-idp-configdataset.md): Identity Platform OAuth IdP Config in Google Cloud is a configuration resource that defines how an external OAuth ide... - [Identity Platform Tenant](gcpidentitytoolkit-tenantdataset.md): Identity Platform Tenant in Google Cloud is an isolated identity and authentication environment that allows you to ma... - [Cloud IDS Endpoint](gcpids-endpointdataset.md): Cloud IDS Endpoint is a managed intrusion detection service in Google Cloud that inspects network traffic for threats... - [Integration Auth Config](gcpintegrations-auth-configdataset.md): Integration Auth Config in Google Cloud is a configuration resource that defines authentication settings for integrat... - [Certificate Manager Certificate](gcpintegrations-certificatedataset.md): Certificate Manager Certificate in Google Cloud is a managed resource that provisions and manages SSL/TLS certificate... - [Integration Execution](gcpintegrations-executiondataset.md): Integration Execution in Google Cloud refers to the runtime instance of an integration flow within Application Integr... - [Integration](gcpintegrations-integrationdataset.md): Integration in Google Cloud refers to a managed service that connects and automates workflows across different Google... - [Integrations Integration Version](gcpintegrations-integration-versiondataset.md): This table represents the integrations_integration_version resource from Google Cloud Platform. - [Salesforce Channel Connection](gcpintegrations-sfdc-channeldataset.md): Salesforce Channel Connection in Google Cloud is a resource that enables integration between Google Cloud services an... - [Salesforce Instance](gcpintegrations-sfdc-instancedataset.md): This table represents the Salesforce Instance resource from Google Cloud Platform. - [K8s Cluster Role](gcpk8s-cluster-roledataset.md): This table represents the k8s_cluster_role resource from Google Cloud Platform. - [K8s Cluster Role Binding](gcpk8s-cluster-role-bindingdataset.md): This table represents the k8s_cluster_role_binding resource from Google Cloud Platform. - [K8s Cron Job](gcpk8s-cron-jobdataset.md): This table represents the k8s_cron_job resource from Google Cloud Platform. - [K8s Daemon Set](gcpk8s-daemon-setdataset.md): This table represents the k8s_daemon_set resource from Google Cloud Platform. - [K8s Deployment](gcpk8s-deploymentdataset.md): This table represents the k8s_deployment resource from Google Cloud Platform. - [K8s Endpoints](gcpk8s-endpointsdataset.md): This table represents the k8s_endpoints resource from Google Cloud Platform. - [K8s Horizontal Pod Autoscaler](gcpk8s-horizontal-pod-autoscalerdataset.md): This table represents the k8s_horizontal_pod_autoscaler resource from Google Cloud Platform. - [K8s Ingress](gcpk8s-ingressdataset.md): This table represents the k8s_ingress resource from Google Cloud Platform. - [K8s Job](gcpk8s-jobdataset.md): This table represents the k8s_job resource from Google Cloud Platform. - [K8s Mutating Webhook Configuration](gcpk8s-mutating-webhook-configurationdataset.md): This table represents the k8s_mutating_webhook_configuration resource from Google Cloud Platform. - [K8s Namespace](gcpk8s-namespacedataset.md): This table represents the k8s_namespace resource from Google Cloud Platform. - [K8s Network Policy](gcpk8s-network-policydataset.md): This table represents the k8s_network_policy resource from Google Cloud Platform. - [K8s Node](gcpk8s-nodedataset.md): This table represents the k8s_node resource from Google Cloud Platform. - [K8s Persistent Volume](gcpk8s-persistent-volumedataset.md): This table represents the k8s_persistent_volume resource from Google Cloud Platform. - [K8s Persistent Volume Claim](gcpk8s-persistent-volume-claimdataset.md): This table represents the k8s_persistent_volume_claim resource from Google Cloud Platform. - [K8s Pod](gcpk8s-poddataset.md): This table represents the k8s_pod resource from Google Cloud Platform. - [K8s Pod Disruption Budget](gcpk8s-pod-disruption-budgetdataset.md): This table represents the k8s_pod_disruption_budget resource from Google Cloud Platform. - [K8s Pod Template](gcpk8s-pod-templatedataset.md): This table represents the k8s_pod_template resource from Google Cloud Platform. - [K8s Replica Set](gcpk8s-replica-setdataset.md): This table represents the k8s_replica_set resource from Google Cloud Platform. - [K8s Replication Controller](gcpk8s-replication-controllerdataset.md): This table represents the k8s_replication_controller resource from Google Cloud Platform. - [K8s Resource Quota](gcpk8s-resource-quotadataset.md): This table represents the k8s_resource_quota resource from Google Cloud Platform. - [K8s Role](gcpk8s-roledataset.md): This table represents the k8s_role resource from Google Cloud Platform. - [K8s Role Binding](gcpk8s-role-bindingdataset.md): This table represents the k8s_role_binding resource from Google Cloud Platform. - [K8s Secret](gcpk8s-secretdataset.md): This table represents the k8s_secret resource from Google Cloud Platform. - [K8s Service](gcpk8s-servicedataset.md): This table represents the k8s_service resource from Google Cloud Platform. - [K8s Service Account](gcpk8s-service-accountdataset.md): This table represents the k8s_service_account resource from Google Cloud Platform. - [K8s Stateful Set](gcpk8s-stateful-setdataset.md): This table represents the k8s_stateful_set resource from Google Cloud Platform. - [K8s Storage Class](gcpk8s-storage-classdataset.md): This table represents the k8s_storage_class resource from Google Cloud Platform. - [K8s Validating Webhook Configuration](gcpk8s-validating-webhook-configurationdataset.md): This table represents the k8s_validating_webhook_configuration resource from Google Cloud Platform. - [KMS Crypto Key](gcpkms-crypto-keydataset.md): This table represents the KMS Crypto Key resource from Google Cloud Platform. - [KMS Keyring](gcpkms-keyringdataset.md): This table represents the KMS Keyring resource from Google Cloud Platform. - [Kubernetes Engine Cluster](gcpkubernetes-engine-clusterdataset.md): This table represents the Kubernetes Engine Cluster resource from Google Cloud Platform. - [Kubernetes Engine Node Pool](gcpkubernetes-engine-node-pooldataset.md): This table represents the Kubernetes Engine Node Pool resource from Google Cloud Platform. - [Livestream Channel](gcplivestream-channeldataset.md): A Livestream Channel in Google Cloud is a managed resource that enables real-time video streaming. It handles live vi... - [Livestream Input](gcplivestream-inputdataset.md): Livestream Input in Google Cloud is a resource that represents an input endpoint for ingesting live video streams int... - [Livestream Pool](gcplivestream-pooldataset.md): Livestream Pool in Google Cloud is a managed resource that handles live video streaming workloads. It manages a group... - [Log Link](gcplogging-linkdataset.md): Log Link in Google Cloud Platform provides a way to connect and reference logs generated by various GCP services. It ... - [Log Bucket](gcplogging-log-bucketdataset.md): A Log Bucket in Google Cloud is a specialized storage container within Cloud Logging that holds log entries. It allow... - [Log-based Metric](gcplogging-log-metricdataset.md): A Log-based Metric in Google Cloud is a custom metric derived from log entries in Cloud Logging. It allows you to fil... - [Log Sink](gcplogging-log-sinkdataset.md): A Log Sink in Google Cloud is a resource that exports log entries from Cloud Logging to a chosen destination such as ... - [Log View](gcplogging-log-viewdataset.md): Log View in Google Cloud Platform is a configuration that defines how logs are displayed and filtered within Cloud Lo... - [Recent query in Logs Explorer](gcplogging-recent-querydataset.md): Recent query in Logs Explorer in GCP allows users to quickly access and rerun their most recent log queries within th... - [Logging Saved Query](gcplogging-saved-querydataset.md): A Logging Saved Query in Google Cloud is a reusable query definition that allows users to store and manage log querie... - [Looker Instance](gcplooker-instancedataset.md): A Looker Instance in Google Cloud is a managed business intelligence and data analytics platform that allows users to... - [Managed Microsoft AD Domain](gcpmanagedidentities-domaindataset.md): Managed Microsoft AD Domain on Google Cloud is a fully managed service that provides highly available, secure, and sc... - [Managed Kafka Cluster](gcpmanagedkafka-clusterdataset.md): A Managed Kafka Cluster on Google Cloud is a fully managed service for running Apache Kafka without handling infrastr... - [Memcached Instance](gcpmemcache-instancedataset.md): A Memcached Instance in Google Cloud is a fully managed, in-memory caching service based on the open-source Memcached... - [Dataproc Metastore Backup](gcpmetastore-backupdataset.md): Dataproc Metastore Backup is a Google Cloud resource that creates a backup of a Dataproc Metastore service, preservin... - [Dataproc Metastore Federation](gcpmetastore-federationdataset.md): Dataproc Metastore Federation in Google Cloud allows you to access and manage metadata from multiple Hive Metastores ... - [Dataproc Metastore Metadata Import](gcpmetastore-metadata-importdataset.md): Dataproc Metastore Metadata Import in Google Cloud is a feature that allows users to import metadata from external so... - [Dataproc Metastore Service](gcpmetastore-servicedataset.md): Dataproc Metastore Service is a fully managed, centralized metadata repository for Apache Hive metastore on Google Cl... - [Alerting Policy](gcpmonitoring-alert-policydataset.md): An Alerting Policy in Google Cloud defines conditions that trigger notifications when monitored metrics meet specific... - [Cloud Monitoring Notification Channel](gcpmonitoring-notification-channeldataset.md): A Cloud Monitoring Notification Channel in GCP defines where and how alert notifications are sent when a monitoring p... - [Snooze](gcpmonitoring-snoozedataset.md): This table represents the Snooze resource from Google Cloud Platform. - [Uptime Check Configuration](gcpmonitoring-uptime-check-configdataset.md): Uptime Check Configuration in Google Cloud is used to monitor the availability and performance of applications or ser... - [NetApp Active Directory](gcpnetapp-active-directorydataset.md): NetApp Active Directory in Google Cloud is a managed service that integrates Cloud Volumes Service for NetApp with Mi... - [NetApp Backup for Google Cloud](gcpnetapp-backupdataset.md): NetApp Backup for Google Cloud is a managed backup service that provides secure, automated protection for data stored... - [NetApp Backup Policy](gcpnetapp-backup-policydataset.md): A NetApp Backup Policy in Google Cloud defines automated backup schedules and retention rules for Cloud Volumes ONTAP... - [NetApp Backup Vault](gcpnetapp-backup-vaultdataset.md): NetApp Backup Vault on Google Cloud is a managed storage service that securely stores backups of Cloud Volumes ONTAP ... - [NetApp KmsConfig](gcpnetapp-kms-configdataset.md): NetApp KmsConfig in Google Cloud is a configuration resource that defines the Key Management Service (KMS) settings f... - [NetApp Volumes Replication](gcpnetapp-replicationdataset.md): NetApp Volumes Replication in Google Cloud enables data replication between NetApp volumes for disaster recovery, bac... - [NetApp Snapshot](gcpnetapp-snapshotdataset.md): NetApp Snapshot in Google Cloud is a point-in-time copy of a Cloud Volumes Service volume. It allows users to quickly... - [NetApp Storage Pool](gcpnetapp-storage-pooldataset.md): NetApp Storage Pool in Google Cloud is a managed storage resource that provides scalable, high-performance file stora... - [NetApp Volume](gcpnetapp-volumedataset.md): NetApp Volume on Google Cloud is a managed file storage resource that provides high-performance, scalable, and secure... - [Network Connectivity Hub](gcpnetworkconnectivity-hubdataset.md): Network Connectivity Hub in Google Cloud is a central management resource for connecting and organizing multiple netw... - [Hub Route](gcpnetworkconnectivity-hub-routedataset.md): A Hub Route in Google Cloud is a network route resource within a Network Connectivity Center hub. It defines how traf... - [Policy Based Route](gcpnetworkconnectivity-policy-based-routedataset.md): A Policy Based Route in Google Cloud lets you define advanced routing rules that go beyond standard destination-based... - [Route Table](gcpnetworkconnectivity-route-tabledataset.md): A Route Table in Google Cloud defines how network traffic is directed within a Virtual Private Cloud (VPC). It contai... - [Spoke](gcpnetworkconnectivity-spokedataset.md): A Spoke in Google Cloud is a network resource used within the Network Connectivity Center. It represents a connection... - [Connectivity Test](gcpnetworkmanagement-connectivity-testdataset.md): Connectivity Test in Google Cloud is a Network Intelligence Center tool that verifies and diagnoses network connectiv... - [Address Group](gcpnetworksecurity-address-groupdataset.md): An Address Group in Google Cloud is a network security resource that lets you group multiple IP addresses, IP ranges,... - [ClientTlsPolicy](gcpnetworksecurity-client-tls-policydataset.md): ClientTlsPolicy is a Google Cloud resource that defines how a client secures connections to a server using TLS. It sp... - [Firewall Endpoint](gcpnetworksecurity-firewall-endpointdataset.md): Firewall Endpoint in Google Cloud is a managed network security service that provides a dedicated point for enforcing... - [Firewall Endpoint Association](gcpnetworksecurity-firewall-endpoint-associationdataset.md): Firewall Endpoint Association in Google Cloud links a network endpoint group or interface with a specific firewall po... - [GatewaySecurityPolicy](gcpnetworksecurity-gateway-security-policydataset.md): GatewaySecurityPolicy is a Google Cloud resource used to define and manage security policies for network gateways. It... - [GatewaySecurityPolicyRule](gcpnetworksecurity-gateway-security-policy-ruledataset.md): GatewaySecurityPolicyRule is a Google Cloud resource that defines a rule within a Gateway Security Policy. It specifi... - [Server TLS Policy](gcpnetworksecurity-server-tls-policydataset.md): A Server TLS Policy in Google Cloud defines the configuration for Transport Layer Security (TLS) settings used by a s... - [TLS Inspection Policy](gcpnetworksecurity-tls-inspection-policydataset.md): A TLS Inspection Policy in Google Cloud defines how encrypted traffic is inspected by security services such as firew... - [URL List](gcpnetworksecurity-url-listdataset.md): A URL List in Google Cloud is a resource used to define and manage lists of URLs or domains for network security poli... - [Endpoint Policy](gcpnetworkservices-endpoint-policydataset.md): An Endpoint Policy in Google Cloud defines access control and security rules for network endpoints. It allows adminis... - [Gateway](gcpnetworkservices-gatewaydataset.md): Gateway in Google Cloud is a managed service that provides a secure entry point for APIs and services. It allows you ... - [gRPC Route](gcpnetworkservices-grpc-routedataset.md): A gRPC Route in Google Cloud is a configuration resource used within Traffic Director or API Gateway to define how gR... - [HTTPRoute](gcpnetworkservices-http-routedataset.md): HTTPRoute in Google Cloud defines how HTTP requests are routed within a service mesh or gateway. It specifies routing... - [LB Traffic Extension](gcpnetworkservices-lb-traffic-extensiondataset.md): LB Traffic Extension in Google Cloud Platform is a feature that enhances load balancer functionality by allowing cust... - [Service Mesh](gcpnetworkservices-meshdataset.md): Service Mesh in Google Cloud is a managed service that provides consistent networking, security, and observability fo... - [Service LB Policy](gcpnetworkservices-service-lb-policydataset.md): Service LB Policy in Google Cloud defines how internal or external load balancers distribute traffic among backend se... - [TCPRoute](gcpnetworkservices-tcp-routedataset.md): TCPRoute is a Google Cloud resource used to define and manage routing rules for TCP traffic within the GKE Gateway AP... - [TLSRoute](gcpnetworkservices-tls-routedataset.md): TLSRoute is a Google Cloud resource used in Traffic Director and Gateway API to define how TLS traffic is routed with... - [WasmPlugin](gcpnetworkservices-wasm-plugindataset.md): WasmPlugin is a Google Cloud resource used to extend the functionality of Envoy-based service proxies with WebAssembl... - [Wasm Plugin Version](gcpnetworkservices-wasm-plugin-versiondataset.md): Wasm Plugin Version in Google Cloud represents a specific version of a WebAssembly (Wasm) plugin used within GCP serv... - [Vertex AI Workbench Instance](gcpnotebooks-instancedataset.md): Vertex AI Workbench Instance is a managed Jupyter-based development environment in Google Cloud designed for data sci... - [Oracle Database Autonomous Database](gcporacledatabase-autonomous-databasedataset.md): This table represents the Oracle Database Autonomous Database resource from Google Cloud Platform. - [Oracle Cloud Exadata Infrastructure](gcporacledatabase-cloud-exadata-infrastructuredataset.md): This table represents the Oracle Cloud Exadata Infrastructure resource from Google Cloud Platform. - [Oracle Database Cloud VM Cluster](gcporacledatabase-cloud-vm-clusterdataset.md): This table represents the Oracle Database Cloud VM Cluster resource from Google Cloud Platform. - [Organization](gcporganizationdataset.md): This table represents the Organization resource from Google Cloud Platform. - [Organization Policy](gcporgpolicy-policydataset.md): Organization Policy in Google Cloud lets administrators define and enforce constraints across resources in an organiz... - [OS policy assignment](gcposconfig-os-policy-assignmentdataset.md): An OS policy assignment in Google Cloud is a configuration resource that defines and enforces operating system polici... - [OS Policy Assignment Report](gcposconfig-os-policy-assignment-reportdataset.md): An OS Policy Assignment Report in Google Cloud provides detailed compliance information for virtual machine instances... - [OS Config Patch Deployment](gcposconfig-patch-deploymentdataset.md): OS Config Patch Deployment in Google Cloud automates the process of applying operating system patches across virtual ... - [Certificate Authority Pool](gcpprivateca-ca-pooldataset.md): A Certificate Authority Pool in Google Cloud is a container for managing multiple certificate authorities within Cert... - [Certificate Authority Service Certificate](gcpprivateca-certificatedataset.md): Certificate Authority Service Certificate in Google Cloud is a managed resource used to create, manage, and deploy X.... - [Certificate Authority](gcpprivateca-certificate-authoritydataset.md): Certificate Authority in Google Cloud is a managed service that allows you to create, manage, and deploy private cert... - [Certificate Revocation List](gcpprivateca-certificate-revocation-listdataset.md): A Certificate Revocation List (CRL) in Google Cloud is a list of digital certificates that have been revoked before t... - [Certificate Template](gcpprivateca-certificate-templatedataset.md): A Certificate Template in Google Cloud is a reusable configuration that defines parameters and policies for issuing X... - [Privileged Access Manager Grant](gcpprivilegedaccessmanager-grantdataset.md): Privileged Access Manager Grant in Google Cloud is a resource that defines temporary elevated access to sensitive res... - [Project](gcpprojectdataset.md): This table represents the Project resource from Google Cloud Platform. - [Pub/Sub Schema](gcppubsub-schemadataset.md): Pub/Sub Schema in Google Cloud defines the structure of messages published to and received from Pub/Sub topics. It en... - [Pub/Sub Snapshot](gcppubsub-snapshotdataset.md): A Pub/Sub Snapshot in Google Cloud is a point-in-time copy of a subscription's message backlog. It allows you to pres... - [Pub/Sub Subscription](gcppubsub-subscriptiondataset.md): A Pub/Sub Subscription in Google Cloud is a resource that delivers messages from a Pub/Sub topic to subscribers. It d... - [Pub/Sub Topic](gcppubsub-topicdataset.md): A Pub/Sub Topic in Google Cloud is a messaging resource that allows applications to send messages asynchronously. Pub... - [reCAPTCHA Enterprise Key](gcprecaptchaenterprise-keydataset.md): reCAPTCHA Enterprise Key in Google Cloud is a security resource used to protect applications from fraudulent activity... - [Redis Cluster](gcpredis-clusterdataset.md): Redis Cluster on Google Cloud is a managed in-memory data store service based on open-source Redis. It provides high ... - [Redis Instance](gcpredis-instancedataset.md): A Redis Instance in Google Cloud is a managed in-memory data store service built on open-source Redis. It provides hi... - [Catalog](gcpretail-catalogdataset.md): Catalog in Google Cloud refers to the Data Catalog service, which provides a fully managed metadata management soluti... - [Cloud Run Domain Mapping](gcprun-domain-mappingdataset.md): Cloud Run Domain Mapping in Google Cloud allows you to associate a custom domain with a Cloud Run service. It manages... - [Cloud Run Execution](gcprun-executiondataset.md): Cloud Run Execution in Google Cloud represents a single run of a Cloud Run job. It manages the lifecycle of a job exe... - [Cloud Run Revision](gcprun-revisiondataset.md): A Cloud Run Revision in Google Cloud represents an immutable version of a deployed service. Each time you deploy new ... - [Cloud Run Service](gcprun-servicedataset.md): Cloud Run Service is a fully managed compute platform on Google Cloud that automatically runs stateless containers in... - [Secret Manager Secret](gcpsecretmanager-secretdataset.md): Secret Manager Secret in Google Cloud is a secure resource used to store, manage, and access sensitive information su... - [Secret Manager Secret Version](gcpsecretmanager-secret-versiondataset.md): A Secret Manager Secret Version in Google Cloud securely stores a specific version of a secret, such as an API key or... - [Secure Source Manager Instance](gcpsecuresourcemanager-instancedataset.md): A Secure Source Manager Instance in Google Cloud is a fully managed, private Git repository service designed for secu... - [Event Threat Detection Custom Module](gcpsecuritycenter-event-threat-detection-custom-moduledataset.md): Event Threat Detection Custom Module in Google Cloud allows users to create and manage custom detection rules for ide... - [Security Health Analytics Mute Configuration](gcpsecuritycenter-mute-configdataset.md): A Security Health Analytics Mute Configuration in Google Cloud is used to suppress or mute specific security findings... - [Security Command Center NotificationConfig](gcpsecuritycenter-notification-configdataset.md): Security Command Center NotificationConfig in Google Cloud defines how and where to send notifications about security... - [Securitycentermanagement Event Threat Detecti Jridl2t5leo 0](gcpsecuritycentermanagement-event-threat-detecti-jridl2t5leo-0dataset.md): This table represents the securitycentermanagement_event_threat_detecti_jridl2t5leo_0 resource from Google Cloud Plat... - [Securitycentermanagement Security Health Anal Lg7ivt72ktm 0](gcpsecuritycentermanagement-security-health-anal-lg7ivt72ktm-0dataset.md): This table represents the securitycentermanagement_security_health_anal_lg7ivt72ktm_0 resource from Google Cloud Plat... - [Service Directory Endpoint](gcpservicedirectory-endpointdataset.md): A Service Directory Endpoint in Google Cloud represents a network endpoint that provides a specific service instance ... - [Service Directory Namespace](gcpservicedirectory-namespacedataset.md): A Service Directory Namespace in Google Cloud is a container for organizing and managing services within Service Dire... - [Service Directory Service](gcpservicedirectory-servicedataset.md): Service Directory Service in Google Cloud is a fully managed service that helps you register, manage, and discover se... - [Managed Service](gcpservicemanagement-managed-servicedataset.md): A Managed Service in Google Cloud is a fully managed offering where Google handles infrastructure, scaling, patching,... - [Service Management Service](gcpservicemanagement-servicedataset.md): Service Management Service in Google Cloud Platform provides APIs and tools to create, configure, manage, and publish... - [Service Networking Connection](gcpservicenetworking-connectiondataset.md): A Service Networking Connection in Google Cloud enables private communication between a Virtual Private Cloud (VPC) n... - [Service Usage API Service](gcpserviceusage-servicedataset.md): The Service Usage API Service in Google Cloud Platform allows users to manage the activation and usage of Google Clou... - [Cloud Spanner Backup](gcpspanner-backupdataset.md): Cloud Spanner Backup is a managed backup resource in Google Cloud that allows you to create consistent, point-in-time... - [Cloud Spanner Database](gcpspanner-databasedataset.md): Cloud Spanner Database is a fully managed, horizontally scalable, and strongly consistent relational database service... - [Cloud Spanner Instance](gcpspanner-instancedataset.md): A Cloud Spanner Instance in Google Cloud is a container for Spanner databases that defines the compute and storage re... - [Cloud Spanner Instance Configuration](gcpspanner-instance-configdataset.md): A Cloud Spanner Instance Configuration in Google Cloud defines the geographic placement and replication settings for ... - [Cloud Spanner Instance Partition](gcpspanner-instance-partitiondataset.md): A Cloud Spanner Instance Partition is a logical subdivision of a Cloud Spanner instance that allows you to isolate wo... - [CustomClass](gcpspeech-custom-classdataset.md): CustomClass in Google Cloud is a Speech-to-Text resource that defines custom word classes to improve recognition accu... - [PhraseSet](gcpspeech-phrase-setdataset.md): PhraseSet is a Google Cloud Speech-to-Text resource that defines a collection of phrases or words to help improve spe... - [Speech-to-Text](gcpspeech-recognizerdataset.md): Speech-to-Text is a Google Cloud service that converts spoken language into written text using machine learning model... - [SQL Database Instance](gcpsql-database-instancedataset.md): This table represents the SQL Database Instance resource from Google Cloud Platform. - [Sqladmin Backup](gcpsqladmin-backupdataset.md): This table represents the sqladmin_backup resource from Google Cloud Platform. - [Sqladmin Backup Run](gcpsqladmin-backup-rundataset.md): This table represents the sqladmin_backup_run resource from Google Cloud Platform. - [Cloud Storage Bucket](gcpstorage-bucketdataset.md): A Cloud Storage Bucket in GCP is a scalable container for storing objects such as files, images, and backups. It prov... - [Storage Insights Dataset Config](gcpstorageinsights-dataset-configdataset.md): Storage Insights Dataset Config in GCP defines the configuration for datasets used by Storage Insights. It manages ho... - [Storage Insights ReportConfig](gcpstorageinsights-report-configdataset.md): Storage Insights ReportConfig in Google Cloud is a configuration resource that defines how storage usage and performa... - [Storage Insights Report Detail](gcpstorageinsights-report-detaildataset.md): Storage Insights Report Detail in Google Cloud provides detailed analytics and reporting on Cloud Storage usage. It h... - [Storage Transfer Service Transfer Job](gcpstoragetransfer-transfer-jobdataset.md): A Storage Transfer Service Transfer Job in Google Cloud is a managed resource that automates data transfers between s... - [Tpu Instance](gcptpu-instancedataset.md): This table represents the tpu_instance resource from Google Cloud Platform. - [Transcoder job](gcptranscoder-jobdataset.md): A Transcoder job in Google Cloud is a resource that processes media files by converting them from one format to anoth... - [Transcoder Job Template](gcptranscoder-job-templatedataset.md): A Transcoder Job Template in Google Cloud is a reusable configuration that defines how media files should be processe... - [CloneJob](gcpvmmigration-clone-jobdataset.md): CloneJob is a Google Cloud resource used in the Migrate to Virtual Machines service. It represents a specific cloning... - [CutoverJob](gcpvmmigration-cutover-jobdataset.md): CutoverJob in Google Cloud is a resource used in the Migrate to Virtual Machines service to manage the final migratio... - [DatacenterConnector](gcpvmmigration-datacenter-connectordataset.md): DatacenterConnector in Google Cloud is a component used to connect on-premises environments with Google Cloud for mig... - [Migration Group](gcpvmmigration-groupdataset.md): A Migration Group in Google Cloud is a logical container used to organize and manage multiple migration sources or wo... - [VM Migration Image Import](gcpvmmigration-image-importdataset.md): VM Migration Image Import in Google Cloud is a service that helps migrate virtual machine images from on-premises or ... - [Migrating VM](gcpvmmigration-migrating-vmdataset.md): A Migrating VM in Google Cloud is a virtual machine that is in the process of being moved from one host or environmen... - [VM Migration Source](gcpvmmigration-sourcedataset.md): VM Migration Source in Google Cloud represents the origin environment from which virtual machines are discovered and ... - [Target Project](gcpvmmigration-target-projectdataset.md): A Target Project in Google Cloud is a project that serves as the destination for network or service configurations, s... - [VM Migration Utilization Report](gcpvmmigration-utilization-reportdataset.md): VM Migration Utilization Report in Google Cloud provides detailed insights into the performance and resource usage of... - [VMware Engine Cluster](gcpvmwareengine-clusterdataset.md): VMware Engine Cluster in Google Cloud is a managed environment that allows you to run VMware workloads natively on Go... - [External Access Rule](gcpvmwareengine-external-access-ruledataset.md): An External Access Rule in Google Cloud defines how external traffic can reach resources within a Virtual Private Clo... - [External Address](gcpvmwareengine-external-addressdataset.md): An External Address in Google Cloud is a static or ephemeral IP address that can be assigned to resources such as vir... - [Network Peering](gcpvmwareengine-network-peeringdataset.md): Network Peering in Google Cloud allows private connectivity between two Virtual Private Cloud (VPC) networks. It enab... - [Network Policy](gcpvmwareengine-network-policydataset.md): A Network Policy in Google Cloud defines rules that control network traffic to and from Google Kubernetes Engine (GKE... - [VMware Engine Private Cloud](gcpvmwareengine-private-clouddataset.md): VMware Engine Private Cloud on Google Cloud is a fully managed VMware environment that allows you to run native VMwar... - [Private Connection](gcpvmwareengine-private-connectiondataset.md): Private Connection in Google Cloud enables secure, private communication between your Virtual Private Cloud (VPC) net... - [Vmwareengine Vmware Engine Network](gcpvmwareengine-vmware-engine-networkdataset.md): This table represents the vmwareengine_vmware_engine_network resource from Google Cloud Platform. - [Serverless VPC Access Connector](gcpvpcaccess-connectordataset.md): Serverless VPC Access Connector in Google Cloud allows serverless services like Cloud Functions, Cloud Run, and App E... - [Web Security Scanner ScanConfig](gcpwebsecurityscanner-scan-configdataset.md): Web Security Scanner ScanConfig in Google Cloud is a configuration resource that defines how web security scans are p... - [Workflows Workflow](gcpworkflows-workflowdataset.md): Workflows Workflow in Google Cloud is a managed orchestration service that lets you connect and automate services, AP... - [Workstation](gcpworkstations-workstationdataset.md): A Google Cloud Workstation is a managed development environment that provides secure, scalable, and preconfigured wor... - [Workstation Cluster](gcpworkstations-workstation-clusterdataset.md): A Workstation Cluster in Google Cloud is a managed environment for creating and managing multiple high-performance wo... - [Workstation Config](gcpworkstations-workstation-configdataset.md): Workstation Config in Google Cloud defines the configuration for a Cloud Workstations environment. It specifies setti... - [Setting Up Database Monitoring for Google Cloud SQL managed MySQL](gcsql.md): Database Monitoring provides deep visibility into your MySQL databases by exposing query metrics, query samples, expl... - [The UTS namespace should not be shared with the host](gdz-mkr-i6f.md): Classification:complianceFramework:cis-dockerControl:5.20 - [Generate an API Key](generate-api-key.md): Cloudcraft offers a [developer API](https://docs.datadoghq.com/cloudcraft/api/) that provides programmatic access and... - [Generate Custom Metrics from Spans and Traces](generate-metrics.md): {% image - [If using generic exception, it should be last](generic-exception-last.md): {% callout %} - [Secret Scanning with Generic CI Providers](generic-ci-providers.md): {% callout %} - [Generic Git module without revision](generic-git-module-without-revision.md): {% callout %} - [Enforce generic naming standards](generics-naming.md): {% callout %} - [Geo redundancy is disabled](geo-redundancy-is-disabled.md): {% callout %} - [Geo restriction disabled](geo-restriction-disabled.md): {% callout %} - [Geomap Widget](geomap.md): The geomap widget visualizes geographic data with shaded regions or points. It can be used to: - [Functions prefixed by get should return something](get-return.md): {% callout %} - [getter/setter must have 1 or 2 arguments respectively](get-set-arguments.md): {% callout %} - [Getting started](getting-started.md): - [Connect your AWS account to Cloudcraft](https://docs.datadoghq.com/cloudcraft/getting-started/connect-aws-account-... - [Getting Started](getting-started-2.md): Datadog is an observability platform that supports every phase of software development on any stack. The platform con... - [Getting Started with the Wildcard Widget](getting-started-with-wildcard-widget.md): The Wildcard widget is a powerful and flexible visualization tool in Datadog that lets you build custom visual repres... - [Salesforce Brute force attack on user](gfg-cli-otv.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [The controller-manager.conf file should be owned by root:root](gfu-cte-g2y.md): Classification:complianceFramework:cis-kubernetesControl:1.1.18 - [Microsoft 365 SharePoint object shared with guest](gh5-qhe-h9m.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Git Hooks](git-hooks.md): {% callout %} - [Provision Datadog Teams with GitHub](github.md): Link your GitHub teams to Datadog Teams to automatically provision Datadog Teams. The following features are supported: - [Continuous Testing and CI GitHub Actions](github-actions.md): Trigger Datadog Synthetic tests from your GitHub workflows. - [Github organization webhook with SSL disabled](github-organization-webhook-with-ssl-disabled.md): {% callout %} - [GitHub repository set to public](github-repository-set-to-public.md): {% callout %} - [GitLab Setup for CI Visibility](gitlab.md): {% callout %} - [GKE control plane is public](gke-control-plane-is-public.md): {% callout %} - [GKE legacy authorization enabled](gke-legacy-authorization-enabled.md): {% callout %} - [GKE using default service account](gke-using-default-service-account.md): {% callout %} - [Glacier Component](glacier.md): Use the Glacier component to visualize long-term storage classes from your Amazon Web Services architecture. - [Avoid standard constants](global-stdout.md): {% callout %} - [Global Accelerator flow logs disabled](global-accelerator-flow-logs-disabled.md): {% callout %} - [APM Terms and Concepts](glossary.md): The APM UI provides many tools to troubleshoot application performance and correlate it throughout the product, enabl... - [Glue Data Catalog encryption disabled](glue-data-catalog-encryption-disabled.md): {% callout %} - [Glue security configuration encryption disabled](glue-security-configuration-encryption-disabled.md): {% callout %} - [Glue with vulnerable policy](glue-with-vulnerable-policy.md): {% callout %} - [Tracing Go Applications](go.md): The Go Tracer requires Go`1.18+`and Datadog Agent`>= 5.21.1`. For a full list of Datadog's Go version and framewor... - [Troubleshooting Go Compile-Time Instrumentation](go-compile-time.md): This guide explains how to troubleshoot builds that [Orchestrion](https://github.com/DataDog/orchestrion) manages. Th... - [Google Cloud Configuration Guide for Cloud SIEM](google-cloud-config-guide-for-cloud-siem.md): [Datadog Cloud SIEM](https://docs.datadoghq.com/security/cloud_siem/) applies detection rules to all processed logs i... - [Google SAML IdP](google.md): As a prerequisite, **IDP initiated SSO** must be checked on the Datadog [SAML configuration page](https://app.datadog... - [Integrate Google Chat with Datadog Incident Management](google-chat.md): The Google Chat integration for Datadog Incident Management connects your incident response workflows directly to Goo... - [Google Cloud Integration Billing](google-cloud.md): Datadog bills for hosts running the Agent and all GCE instances picked up by the Google Cloud integration. Services o... - [Google Compute network using default firewall rule](google-compute-network-using-default-firewall-rule.md): {% callout %} - [Google Compute network using firewall rule that allows all ports](google-compute-network-using-firewall-rule-allows-all-ports.md): {% callout %} - [Google Compute network using firewall rule that allows port range](google-compute-network-using-firewall-rule-allows-port-range.md): {% callout %} - [Google Compute SSL policy weak cipher in use](google-compute-ssl-policy-weak-cipher-in-use.md): {% callout %} - [Google Compute subnetwork logging disabled](google-compute-subnetwork-logging-disabled.md): {% callout %} - [Google Compute subnetwork with private Google access disabled](google-compute-subnetwork-with-private-google-access-disabled.md): {% callout %} - [Google Container node pool auto repair disabled](google-container-node-pool-auto-repair-disabled.md): {% callout %} - [Google project auto create network disabled](google-project-auto-create-network-disabled.md): {% callout %} - [>-](google-project-iam-binding-service-account-has-token-creator-or-account-user-rol.md): {% callout %} - [Google project IAM member service account has admin role](google-project-iam-member-service-account-has-admin-role.md): {% callout %} - [>-](google-project-iam-member-service-account-has-token-creator-or-account-user-role.md): {% callout %} - [Data Streams Monitoring for Google Pub/Sub](google-pubsub.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Google Storage bucket level access disabled](google-storage-bucket-level-access-disabled.md): {% callout %} - [Is GovCloud supported?](govcloud-support.md): Yes, access to Cloudcraft in the AWS US GovCloud is supported in the Enterprise plan. Contact [Cloudcraft's sales tea... - [Governance Console](governance-console.md): Governance Console provides a centralized, self-service view of Datadog usage and adoption across your organization. ... - [Etcd data directory should have permissions of 700 or more restrictive](gqh-gvy-7jy.md): Classification:complianceFramework:cis-kubernetesControl:1.1.11 - [Granular Access Control](granular-access.md): Some resources allow you to restrict access to individual resources by roles, [Teams](https://docs.datadoghq.com/acco... - [Graph Insights](graph-insights.md): Graph insights can help you find potential root causes for an observed issue by searching for other metrics that exhi... - [Graphing with JSON](graphing-json.md): {% image - [Share Graphs](graphs.md): To share a graph: - [Grok Parser](grok-parser.md): Create custom grok rules to parse the full message or a specific attribute of your raw event. As a best practice, it ... - [Potential code injection when using GroovyShell](groovyshell-code-injection.md): {% callout %} - [Group By and Presets](group-by-presets.md): Cloudcraft's **Group By** and **Presets** features empower users to create custom, insightful diagrams tailored to sp... - [Group Widget](group.md): {% alert level="info" %} - [Group with privilege escalation by actions 'glue:UpdateDevEndpoint](group-with-privilege-escalation-by-actions-glue-updatedevendpoint.md): {% callout %} - [Group with privilege escalation by actions 'iam:AddUserToGroup](group-with-privilege-escalation-by-actions-iam-addusertogroup.md): {% callout %} - [Group with privilege escalation by actions 'iam:AttachGroupPolicy](group-with-privilege-escalation-by-actions-iam-attachgrouppolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:AttachRolePolicy](group-with-privilege-escalation-by-actions-iam-attachrolepolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:AttachUserPolicy](group-with-privilege-escalation-by-actions-iam-attachuserpolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:CreateAccessKey](group-with-privilege-escalation-by-actions-iam-createaccesskey.md): {% callout %} - [Group with privilege escalation by actions 'iam:CreateLoginProfile](group-with-privilege-escalation-by-actions-iam-createloginprofile.md): {% callout %} - [Group with privilege escalation by actions 'iam:CreatePolicyVersion](group-with-privilege-escalation-by-actions-iam-createpolicyversion.md): {% callout %} - [>-](group-with-privilege-escalation-by-actions-iam-passrole-and-cloudformation-creat.md): {% callout %} - [>-](group-with-privilege-escalation-by-actions-iam-passrole-and-ec2-runinstances.md): {% callout %} - [>-](group-with-privilege-escalation-by-actions-iam-passrole-and-glue-createdevendpoi.md): {% callout %} - [>-](group-with-privilege-escalation-by-actions-iam-passrole-and-lambda-createfunctio.md): {% callout %} - [Group with privilege escalation by actions 'iam:PutGroupPolicy](group-with-privilege-escalation-by-actions-iam-putgrouppolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:PutRolePolicy](group-with-privilege-escalation-by-actions-iam-putrolepolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:PutUserPolicy](group-with-privilege-escalation-by-actions-iam-putuserpolicy.md): {% callout %} - [Group with privilege escalation by actions 'iam:SetDefaultPolicyVersion](group-with-privilege-escalation-by-actions-iam-setdefaultpolicyversion.md): {% callout %} - [>-](group-with-privilege-escalation-by-actions-iam-updateassumerolepolicy-and-sts-as.md): {% callout %} - [Group with privilege escalation by actions 'iam:UpdateLoginProfile](group-with-privilege-escalation-by-actions-iam-updateloginprofile.md): {% callout %} - [Group with privilege escalation by actions 'lambda:UpdateFunctionCode](group-with-privilege-escalation-by-actions-lambda-updatefunctioncode.md): {% callout %} - [Beta - Databricks group without user or instance profile](group-without-user-or-instance-profile.md): {% callout %} - [Avoid insecure GRPC connection](grpc-client-insecure.md): {% callout %} - [Avoid insecure GRPC server](grpc-server-insecure.md): {% callout %} - [Remove redundant identifier in optional binding guard](guard-let-shorthand.md): {% callout %} - [GuardDuty detector disabled](guardduty-detector-disabled.md): {% callout %} - [Continuous Profiler Guides](guide.md): - [Isolate Outliers in Monolithic Services](https://docs.datadoghq.com/profiler/guide/isolate-outliers-in-monolithic-... - [Audit Trail Guides](guides.md): - [Track Dashboard Access and Configuration Changes](https://docs.datadoghq.com/account_management/audit_trail/guides... - [Pods should verify the API server's serving certificate before connecting](gwu-zan-dnt.md): Classification:complianceFramework:cis-kubernetesControl:1.3.5 - [An AWS S3 bucket lifecycle expiration policy was set to disabled](gzr-098-e6b.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Kubelet connections should use HTTPS for enhanced security](h4p-ch8-wwd.md): Classification:complianceFramework:cis-kubernetesControl:1.2.4 - [>-](h56-k5y-xp3.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [AWS WAF traffic blocked by specific rule](h8p-rcn-miw.md): Detects when a specific AWS Web Application Firewall (WAF) rule blocks an anomalous amount of traffic. - [Enabling App and API Protection for HAProxy](haproxy.md): {% callout %} - [Secret should not be hardcoded in code](hardcoded-crypto-key.md): {% callout %} - [Avoid hardcoded HMAC keys](hardcoded-hmac-key.md): {% callout %} - [Avoid hardcoding IP addresses](hardcoded-ip.md): {% callout %} - [Prevent usage of hardcoded keys](hardcoded-key.md): {% callout %} - [Avoid hardcoded Record Id](hardcoded-record-id.md): {% callout %} - [Avoid hardcoded salesforce URL](hardcoded-salesforce-url.md): {% callout %} - [Do not hardcode temporary file or directory names](hardcoded-tmp-file.md): {% callout %} - [Hardcoded AWS access key](hardcoded-aws-access-key.md): {% callout %} - [Hardcoded AWS access key in Lambda](hardcoded-aws-access-key-in-lambda.md): {% callout %} - [Prefer using hash each_key and each_value](hash-each.md): {% callout %} - [Use fetch with default over custom check](hash-fetch-default.md): {% callout %} - [Use fetch to check hash keys](hash-fetch.md): {% callout %} - [Prefer using hash key and value](hash-key.md): {% callout %} - [Wrap hash literal in braces if last in array](hash-literal-as-last-array-item.md): {% callout %} - [Use new syntax when keys are symbols](hash-literals.md): {% callout %} - [Odd hash.Sum call flow](hashsum.md): {% callout %} - [>-](he2-ia2-8dl.md): Create an activity log alert for the Deallocate Virtual Machine event. - [Account should have a configured activity log alert for deleting VMs](he4-ir2-45l.md): Create an activity log alert for the Delete Virtual Machine event. - [Heatmap Widget](heatmap.md): {% callout %} - [Datadog Help](help.md): Our friendly, knowledgeable solutions engineers are here to help! - [Help Bits learn](help-bits-learn.md): {% callout %} - [Instrumenting a Ruby on Rails application on Heroku with Datadog](heroku-ruby.md): Heroku is a popular platform within Ruby developers and, more specifically, Ruby on Rails developers. Datadog support... - [Datadog-Heroku Buildpack troubleshooting](heroku-troubleshooting.md): To start debugging Heroku, use the`agent-wrapper`command with the information/debugging commands listed in the [Age... - [Datadog Heroku Buildpack](heroku.md): This [Heroku buildpack](https://devcenter.heroku.com/articles/buildpacks) installs the Datadog Agent in your Heroku d... - [High Availability MultiRegion](high-availability-multiregion.md): Configure High Availability Multi-Region (HAMR) connections between Datadog organizations. HAMR provides disaster rec... - [High Google KMS crypto key rotation period](high-google-kms-crypto-key-rotation-period.md): {% callout %} - [High KMS key rotation period](high-kms-key-rotation-period.md): {% callout %} - [High CPU or Memory Consumption](high-memory-usage.md): Several factors can cause high Agent CPU or memory consumption. If you try the steps below and continue to have troub... - [Sending large volumes of metrics](high-throughput.md): DogStatsD works by sending metrics generated from your application to the [Agent](https://docs.datadoghq.com/agent/) ... - [Does Cloudcraft have HIPAA accreditation?](hipaa-accreditation.md): Cloudcraft does not currently have HIPAA accreditation; however, the Cloudcraft application, services, and your data ... - [Create a Historical Job](historical-job.md): Historical jobs are one-time executable queries on historical logs used to backtest detection rules and assess their ... - [Historical Jobs](historical-jobs.md): {% callout %} - [Kubelets should have HTTPS connections with TLS setup](hj4-2eq-48p.md): Classification:complianceFramework:cis-kubernetesControl:4.2.10 - [S3 buckets should have 'Block Public Access' enabled](hkp-p6b-f7w.md): Amazon S3 provides the`Block public access`bucket setting and the`Block public access`account setting to help res... - [Compiler executed in container](hlb-3os-6op.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1027-obfusca... - [Calling hmac.New with unchanging hash.New](hmac-needs-new.md): {% callout %} - [Host Map Widget](hostmap.md): The host map widget graphs any metric across your hosts using the same visualization available from the main [Host Ma... - [HostnameVerifier should check certificates](hostname-verifier-true.md): {% callout %} - [Hostname Detection in Containers](hostname-containers.md): Many features in Datadog rely on the Agent to provide an accurate hostname for monitored hosts. While this is straigh... - [Hosts](hosts.md): Get information about your infrastructure hosts in Datadog, and mute or unmute any notifications from your hosts. See... - [Hosts and Containers](hosts-and-containers.md): The [Hosts and Containers](https://app.datadoghq.com/security/workload-protection/inventory/hosts) view in Datadog Wo... - [Cloud Security Vulnerabilities Hosts and Containers Compatibility](hosts-containers-compatibility.md): Cloud Security Vulnerabilities supports vulnerability scanning for hosts and containers running the following operati... - [Migrating from the V1 Hourly Usage APIs to V2](hourly-usage-migration.md): On February 1, 2025, the individual hourly usage by product endpoints will be deprecated in favor of the v2 [hourly u... - [How does Cloudcraft connect to my AWS account?](how-cloudcraft-connects-to-aws.md): Cloudcraft uses cross-account roles to access your AWS account, which is considered [the secure way to access your AW... - [How does Cloudcraft connect to my Azure account?](how-cloudcraft-connects-to-azure.md): Cloudcraft connects to your Azure account using the IAM role created in your Azure subscription. This role allows Clo... - [Uninstalling the Agent](how-do-i-uninstall-the-agent.md): For information on uninstalling the Agent on your system, select your operating system, platform, or configuration tool. - [How App and API Protection Works in Datadog](how-it-works.md): {% callout %} - [How to graph percentiles in Datadog?](how-to-graph-percentiles-in-datadog.md): It's possible to get percentiles in Datadog by submitting data as a histogram metric through DogStatsD. The Agent emb... - [Importing Datadog Resources into Terraform](how-to-import-datadog-resources-into-terraform.md): Terraform supports an out-of-the-box way to import existing resources into your terraform state via the [`terraform i... - [Security Filters with the Cloud SIEM API](how-to-setup-security-filters-using-cloud-siem-api.md): The Cloud SIEM product analyzes your ingested logs to detect threats in real time, such as by matching logs with thre... - [How to use Terraform to restrict the editing of a dashboard](how-to-use-terraform-to-restrict-dashboard-edit.md): The`restricted_roles`attribute can be used to restrict editing of the dashboard to specific roles. The field takes ... - [How does weighted() work?](how-weighted-works.md): Every metrics query has a standard order of evaluation (see the [Anatomy of a query](https://docs.datadoghq.com/metri... - [Troubleshooting Custom Metrics Server and HPA](hpa.md): If you are having issues with the Custom Metrics Server: - [HPA targeted deployments with configured replica count](hpa-targeted-deployments-with-configured-replica-count.md): {% callout %} - [HPA targets invalid object](hpa-targets-invalid-object.md): {% callout %} - [MFA should be enabled for all users with console access](hsh-y5w-hxe.md): Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabl... - [Local File Inclusion (LFI) attack attempts](ht4-jny-221.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Use of unsanitized data to make API calls](html-format-from-user-input.md): {% callout %} - [Avoid HTML built in strings](html-string-from-parameters.md): {% callout %} - [Avoid HTML XSS attacks](html-xss.md): {% callout %} - [Prevent HTTP parameter pollution](http-parameter-pollution.md): {% callout %} - [Ensure we use https://](http-request-secure.md): {% callout %} - [Lack of sanitization of user data](http-response-from-request.md): {% callout %} - [use JsonResponse instead of HttpResponse to send JSON data](http-response-with-json-dumps.md): {% callout %} - [Prefer using HTTP status code symbols](http-status-code-symbols.md): {% callout %} - [Avoid HTTP functions without timeouts](http-support-timeout.md): {% callout %} - [HTTP Requests](http.md): {% callout %} - [HTTP port open to internet](http-port-open.md): {% callout %} - [Instrumenting Apache HTTP Server](httpd.md): Datadog provides an HTTPd [module](https://github.com/DataDog/httpd-datadog) to enhance [Apache HTTP Server](https://... - [Use `https` protocol over `http`](https-protocol-missing.md): {% callout %} - [Docker daemon activities should be audited](hvr-5bi-sf6.md): Classification:complianceFramework:cis-dockerControl:1.2.3 - [Log4shell vulnerability triggered (RCE) - CVE-2021-44228](hw9-hzr-a6q.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Okta blocked numerous requests from a malicious IP](hzd-556-lum.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Containers should use the cgroup configured in Docker](i83-4vy-3gc.md): Classification:complianceFramework:cis-dockerControl:5.24 - [IaC Security Rules](iac-rules.md): {% callout %} - [Infrastructure as Code (IaC) Security](iac-security.md): {% callout %} - [IAM Access Analyzer not enabled](iam-access-analyzer-not-enabled.md): {% callout %} - [IAM access key is exposed](iam-access-key-is-exposed.md): {% callout %} - [IAM audit not properly configured](iam-audit-not-properly-configured.md): {% callout %} - [IAM database auth not enabled](iam-database-auth-not-enabled.md): {% callout %} - [IAM group without users](iam-group-without-users.md): {% callout %} - [IAM group inline policies](iam-groups-inline-policies.md): {% callout %} - [IAM managed policy applied to a user](iam-managed-policy-applied-to-a-user.md): {% callout %} - [IAM password policy does not require lowercase letter](iam-password-does-not-require-lowercase.md): {% callout %} - [IAM password policy does not require numbers](iam-password-does-not-require-number.md): {% callout %} - [IAM password policy does not require symbol](iam-password-does-not-require-symbol.md): {% callout %} - [IAM password policy does not require uppercase letter](iam-password-does-not-require-uppercase.md): {% callout %} - [IAM password without minimum length](iam-password-without-minimum-length.md): {% callout %} - [IAM policies attached to a user](iam-policies-attached-to-user.md): {% callout %} - [IAM policies with full privileges](iam-policies-with-full-privileges.md): {% callout %} - [IAM policies without groups](iam-policies-without-groups.md): {% callout %} - [IAM policy grants AssumeRole permission across all services](iam-policy-grants-assumerole-permission-across-all-services.md): {% callout %} - [IAM policy grants full permissions](iam-policy-grants-full-permissions.md): {% callout %} - [IAM policy on user](iam-policy-on-user.md): {% callout %} - [IAM role allows all principals to assume](iam-role-allows-all-principals-to-assume.md): {% callout %} - [IAM role policy passrole allows all](iam-role-policy-passrole-allows-all.md): {% callout %} - [IAM role with full privileges](iam-role-with-full-privileges.md): {% callout %} - [IAM user LoginProfile password is in plaintext](iam-user-login-profile-password-is-in-plaintext.md): {% callout %} - [IAM user policy without MFA](iam-user-policy-without-mfa.md): {% callout %} - [IAM user has too many access keys](iam-user-too-many-access-keys.md): {% callout %} - [IAM user with access to console](iam-user-with-access-to-console.md): {% callout %} - [IAM user with no group](iam-user-with-no-group.md): {% callout %} - [Runtime Code Analysis (IAST)](iast.md): {% callout %} - [IBInspectable should use proper typing](ibinspectable.md): {% callout %} - [Data Streams Monitoring for IBM MQ](ibm-mq.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Variables of type IBOutlet should be private](iboutlet-private.md): {% callout %} - [DNS lookup for cryptocurrency mining pool](ibu-wip-tm1.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Icon Component](icon.md): The Icon component is one of the basic available components. Along with Images** and Blocks, it can be used to repres... - [Datadog IDE Plugins for Code Security](ide-plugins.md): {% callout %} - [Datadog Plugin for JetBrains IDEs](idea.md): {% callout %} - [Check identifier names for wording issues](identifiers.md): {% callout %} - [Identifying Unauthorized and Anomalous Processes](identify-unauthorized-anomalous-procs.md): You can use Workload Protection to identify if unauthorized or anomalous processes are running or executed on your IT... - [Identify CI Jobs on the Critical Path to Reduce the Pipeline Duration](identify-highest-impact-jobs-with-critical-path.md): {% callout %} - [Prefer equal? over == when comparing object_id](identity-comparison.md): {% callout %} - [Cloud Security Identity Risks](identity-risks.md): Cloud Security Identity Risks is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate... - [Enforce if/else expressions to use braces](if-else-bracing.md): {% callout %} - [Enforce single line if statement styling](if-else-wrapping.md): {% callout %} - [Remove redundant identifier in optional binding if condition](if-let-shorthand.md): {% callout %} - [when an if condition returns an value, else is not necessary](if-return-no-else.md): {% callout %} - [Iframe Widget](iframe.md): An inline frame (iframe) is a HTML element that loads another HTML page within the document. The iframe widget allows... - [The Docker server certificate key file should be owned by root](ifu-a4v-5aw.md): Classification:complianceFramework:cis-dockerControl:3.13 - [Ignore SAML comments](ignore-saml-comment.md): {% callout %} - [Ensures ThreadStatic fields are marked static](ignored-threadstatic.md): {% callout %} - [Ignoring Unwanted Resources in APM](ignoring-apm-resources.md): A service can handle a variety of requests, some of which you might not want traced or included in trace metrics. An ... - [Avoid illogical comparisons with count](illogical-count-compare.md): {% callout %} - [The kubelet service file should be owned by root:root](im5-rvz-tcd.md): Classification:complianceFramework:cis-kubernetesControl:4.1.2 - [OneLogin user locked out](im7-3xo-xff.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Image Component](image.md): The Image component is a basic but powerful component available for designing diagrams. Along with Icon and Blocks, i... - [Image policy webhook admission control plugin not set](image-policy-webhook-admission-control-plugin-not-set.md): {% callout %} - [Image pull policy of the container is not set to always](image-pull-policy-of-container-is-not-always.md): {% callout %} - [Image without digest](image-without-digest.md): {% callout %} - [IMDSv1 enabled](imdsv1-is-enabled.md): {% callout %} - [Watchdog Impact Analysis](impact-analysis.md): Whenever Watchdog finds an APM anomaly, it simultaneously analyzes a variety of latency and error metrics that are su... - [Use the method's implicit 'begin](implicit-begin.md): {% callout %} - [Import pandas according to coding guidelines](import-as-pd.md): {% callout %} - [CGI is outdated](import-cgi.md): {% callout %} - [DES and Triple DES are now insecure](import-des.md): {% callout %} - [The md5 hashing algorithm is insecure](import-md5.md): {% callout %} - [module imported twice](import-modules-twice.md): {% callout %} - [RC4 encryption is now insecure](import-rc4.md): {% callout %} - [The SHA-1 algorithm family is no longer secure](import-sha1.md): {% callout %} - [only one module to import per import statement](import-single-module.md): {% callout %} - [Impossible Travel](impossible-travel.md): The impossible travel method detects access from different locations whose distance is greater than the distance a hu... - [React hooks should be called correctly](improper-hook-call.md): {% callout %} - [In-App WAF Rules](inapp-waf-rules.md): {% callout %} - [Incident Services](incident-services.md): Create, update, delete, and retrieve services which can be associated with incidents. See the [Incident Management pa... - [Incident Teams](incident-teams.md): The Incident Teams endpoints are deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/team... - [Incident AI](incident-ai.md): {% callout %} - [Getting Started with Incident Management](incident-management.md): Datadog Incident Management is for tracking and communicating about an issue you've identified with your metrics, tra... - [Incident Response](incident-response.md): - [Incident Management- Learn how to manage and resolve incidents efficiently.](https://docs.datadoghq.com/incident_r... - [Incident Settings](incident-settings.md): Use [Incident Settings](https://app.datadoghq.com/incidents/settings) to customize aspects of the Incident Management... - [Incidents](incidents.md): Manage incident response, as well as associated attachments, metadata, and todos. See the [Incident Management page](... - [Prevent injection through include statements](include-injection.md): {% callout %} - [Do not use TaskContinuationOptions](incorrect-complete-options.md): {% callout %} - [Incorrect volume claim access mode ReadWriteOnce](incorrect-volume-claim-access-mode-read-write-once.md): {% callout %} - [Increment or decrement are single statement](increment-decrement-single-stmt.md): {% callout %} - [Beta - Databricks OBO token has indefinite lifetime](indefinitely-obo-token.md): {% callout %} - [Beta - Databricks token has indefinite lifetime](indefinitely-token.md): {% callout %} - [Do not use a string with only one character](indexof-char.md): {% callout %} - [IndexOf function should check the first character](indexof-checks.md): {% callout %} - [Use Contains to check if a string contains something](indexof-contains.md): {% callout %} - [New CSV headers for Individual Organizations Summary](individual-orgs-summary.md): CSV header changes take effect the week of February 19, 2024. The following example demonstrates the new CSV structure. - [Avoid inefficient empty string test](inefficient-empty-string-test.md): {% callout %} - [Inefficient string comparison](inefficient-string-comparison.md): {% callout %} - [Remapping rules for inferred entities](inferred-entity-remapping-rules.md): {% callout %} - [Inferred services](inferred-services.md): Datadog automatically discovers the dependencies for an instrumented service, such as databases, queues, or third-par... - [Use Kernel#loop instead of while/until](infinite-loop.md): {% callout %} - [Information](information.md): From the [Incident Settings Information](https://app.datadoghq.com/incidents/settings#Information) page, you can cust... - [Infrastructure](infrastructure.md): {% callout %} - [Correlate Infrastructure Metrics with GitLab Jobs in Datadog](infrastructure-metrics-with-gitlab.md): {% callout %} - [Set up Log Ingestion](ingest.md): {% callout %} - [Ingest and Enrich](ingest-and-enrich.md): Cloud SIEM detection rules analyze logs and security data to generate security signals when threats are detected. Aft... - [Set up Log Ingestion](ingest-logs.md): {% callout %} - [Set Ingestion Control for CI Visibility](ingestion-control.md): {% callout %} - [Ingestion Controls](ingestion-controls.md): {% image - [Ingestion Mechanisms](ingestion-mechanisms.md): {% image - [Trace Sampling Use Cases](ingestion-sampling-use-cases.md): Trace data tends to be repetitive. A problem in your application is rarely identified in only one trace and no others... - [Set up App and API Protection for Nginx in Kubernetes](ingress-controller.md): {% callout %} - [CloudPrem Ingress Configuration](ingress.md): {% callout %} - [Ingress controller exposes workload](ingress-controller-exposes-workload.md): {% callout %} - [use super() to call the parent constructor](init-call-parent.md): {% callout %} - [ensure classes have an __init__ method](init-method-required.md): {% callout %} - [No return in an __init__ function](init-no-return-value.md): {% callout %} - [Init Container Resource Usage](init-resource-calc.md): Starting in Agent [v7.60+](https://github.com/DataDog/datadog-agent/blob/40f0be0645ae309a07031bd7954fd58a8eb79853/pkg... - [Use ||= to initialize variables if they are not already](initialization-shorthand.md): {% callout %} - [Understanding Injector Behavior with Single Step Instrumentation](injectors.md): The injector is a shared library that automatically instruments applications at runtime. With [Single Step Instrument... - [Inline policies are attached to an ECS service](inline-policies-are-attached-to-ecs-service.md): {% callout %} - [Do not modify innerHTML or outerHTML](inner-outer-html.md): {% callout %} - [Input Parameters](input-parameters.md): {% callout %} - [Insecure AFNetworking certificate pinning configuration](insecure-afnet-cert-config.md): {% callout %} - [Avoid using an insecure Access-Control-Allow-Origin header](insecure-allow-origin.md): {% callout %} - [Avoid setting insecure cookie settings](insecure-cookie.md): {% callout %} - [Do not use insecure functions](insecure-hash-functions.md): {% callout %} - [Do not use weak hash functions](insecure-hash.md): {% callout %} - [Ensure JWT signatures are verified](insecure-jwt.md): {% callout %} - [Do not generate insecure session IDs](insecure-session-id.md): {% callout %} - [Do not use insecure encryption protocols](insecure-ssl-protocols.md): {% callout %} - [Insecure storage mechanism used](insecure-storage.md): {% callout %} - [Don't use UserDefaults to store sensitive data.](insecure-user-defaults.md): {% callout %} - [Websockets must use SSL connections](insecure-websocket.md): {% callout %} - [Insecure bind address set](insecure-bind-address-set.md): {% callout %} - [Insecure port not properly set](insecure-port-not-properly-set.md): {% callout %} - [Watchdog Insights](insights.md): Investigating an incident requires trial and error. Drawing from their experience, engineers familiar with a particul... - [Install CloudPrem](install.md): {% callout %} - [Install the Datadog Agent on Kubernetes](installation.md): This page provides instructions on installing the Datadog Agent in a Kubernetes environment. - [Installing the Agent on a server with limited internet connectivity](installing-the-agent-on-a-server-with-limited-internet-connectivity.md): The one-line install command provided in the [Agent install instructions](https://app.datadoghq.com/account/settings/... - [Instance with no VPC](instance-with-no-vpc.md): {% callout %} - [Instrument a custom method to get deep visibility into your business logic](instrument-custom-method.md): *8 minutes to complete* - [Enforce using Integer to check the type of an integer number](integer-type-checking.md): {% callout %} - [Integration Management](integration-management.md): The Agent comes with a set of bundled official Datadog integrations to allow users to start monitoring their applicat... - [Integrations](integrations.md): More than 1,000 built-in integrations. See across all your systems, apps, and services. - [Intelligent Correlation](intelligent.md): {% callout %} - [Interface names should start with I](interface-first-letter.md): {% callout %} - [Internal Developer Portal](internal-developer-portal.md): {% callout %} - [Internet Gateway Component](internet-gateway.md): Use the Internet Gateway component to represent gateways to the internet from your Amazon Web Services architecture. - [Interpolation](interpolation.md): | Function | Description | Example | - [Introduction to CloudPrem](introduction.md): {% callout %} - [Do not call intval on untrusted user data](intval-untrusted-data.md): {% callout %} - [Avoid invalid assert](invalid-assert.md): {% callout %} - [Common invalid host-port pairs](invalid-host-port-pair.md): {% callout %} - [Invalid seek value](invalid-seek-value.md): {% callout %} - [strip() argument should not have duplicate characters](invalid-strip-call.md): {% callout %} - [Invalid image tag](invalid-image.md): {% callout %} - [Coverage and Posture Management](inventory.md): The [Workload Protection Inventory](https://app.datadoghq.com/security/workload-protection/inventory/hosts) tools giv... - [Inverted boolean logic is hard to read and should be avoided](inverted-boolean-logic.md): {% callout %} - [Investigate Incidents](investigate.md): {% image - [Investigate Agent Events](investigate-agent-events.md): This topic explains how to use the Agent Events explorer to query and review the Datadog Agent threat detection event... - [Investigate issues](investigate-issues.md): {% callout %} - [Investigate Security Signals](investigate-security-signals.md): A Cloud SIEM security signal is created when Datadog detects a threat while analyzing logs against detection rules. V... - [Investigate Sensitive Data Findings](investigate-sensitive-data-findings.md): Datadog's Sensitive Data Scanner can help prevent sensitive data leaks and limit non-compliance risks by identifying,... - [Investigator](investigator.md): When a security signal alerts on suspicious activity by a user or a resource, some commonly asked questions during th... - [IOC Explorer](ioc-explorer.md): {% callout %} - [Tracing iOS Applications](ios.md): Send [traces](https://docs.datadoghq.com/tracing/visualization/#trace) to Datadog from your iOS applications with [Da... - [IoT Agent](iot.md): The Datadog IoT Agent is a version of the Agent optimized for monitoring IoT devices and embedded applications. Custo... - [IoT policy allows action as a wildcard](iot-policy-allows-action-as-wildcard.md): {% callout %} - [IoT policy allows a wildcard resource](iot-policy-allows-wildcard-resource.md): {% callout %} - [IP Allowlist](ip-allowlist.md): The IP allowlist API is used to manage the IP addresses that can access the Datadog API and web UI. It does not block... - [IP Ranges](ip-ranges.md): Get a list of IP prefixes belonging to Datadog. - [IP aliasing disabled](ip-aliasing-disabled.md): {% callout %} - [IP Allowlist](ip-allowlist-2.md): {% callout %} - [IP forwarding enabled](ip-forwarding-enabled.md): {% callout %} - [The scheduler pod specification file ownership should be set to root](ipi-wby-anc.md): Classification:complianceFramework:cis-kubernetesControl:1.1.6 - [Prefer is keyword over as](is-instead-of-as.md): {% callout %} - [Dashboards API: Migrate from is_read_only](is-read-only-deprecation.md): Datadog is removing support for the`is_read_only`attribute in the Dashboards API's. For customers who manage Dashbo... - [Prefer is_a? over kind_of?](isa-over-kindof.md): {% callout %} - [Use isna instead of isnull](isna-instead-of-isnull.md): {% callout %} - [Isolate Outliers in Monolithic Services](isolate-outliers-in-monolithic-services.md): When investigating the performance of a monolithic application–that is, a single service that has multiple uses–y... - [Issue Correlation with Error Tracking](issue-correlation.md): {% callout %} - [Issue States in Error Tracking](issue-states.md): All issues in Error Tracking have a status to help you triage and prioritize issues or dismiss noise. There are five ... - [Issue Team Ownership](issue-team-ownership.md): Issue Team Ownership automates your triaging work by assigning issues to the right teams. Your team owns an issue if ... - [Instrumenting Istio](istio.md): Datadog monitors every aspect of your Istio environment, so you can: - [Interactive shell spawned in container](iuc-a05-y6b.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1609-container-adm... - [The etcd data directory should be owned by etcd:etcd](iwn-p4i-x2e.md): Classification:complianceFramework:cis-kubernetesControl:1.1.12 - [Application Load Balancers should use HTTPS](ix9-ih4-ucg.md): Use HTTPS to secure communication between your application client and an Elastic Load Balancer (ELB) listener. - [Exfiltration attempt via network utility](j21-bxf-prt.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1048-exfiltrati... - [Containers should not mount the Docker socket docker.sock inside them](j9z-sms-f3m.md): Classification:complianceFramework:cis-dockerControl:5.31 - [Tracing Java Applications](java.md): The latest Java Tracer supports all JVMs version 8 and higher. For additional information about JVM versions below 8,... - [JavaScript Feature Flags](javascript.md): {% callout %} - [Each controller should use individual service account credentials](jbp-64r-kyz.md): Classification:complianceFramework:cis-kubernetesControl:1.3.3 - [Jenkins Setup for CI Visibility](jenkins.md): {% callout %} - [Kubelet should be able to manage changes to iptables](jeq-xry-fa2.md): Classification:complianceFramework:cis-kubernetesControl:4.2.7 - [Account should have a configured activity log alert for power off events](jf0-k3w-az5.md): Create an activity log alert for the Power Off Virtual Machine event. - [Base64 was detected in an http.user_agent or http.referrer](jhe-xm6-xdm.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1027-obf... - [Auto escape should be set to true](jinja-autoescape.md): {% callout %} - [Jira Integration](jira-integration.md): Manage your Jira Integration. Atlassian Jira is a project management and issue tracking tool for teams to coordinate ... - [Create Jira Issues for Cloud Security Issues](jira.md): Available for: - [>-](jl4-3l3-ix2.md): Create an activity log alert for the Create or Update Storage Account event. - [Anomalous number of S3 buckets accessed](jlu-h6s-of3.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1619-cloud-storage... - [Data Observability: Jobs Monitoring](jobs-monitoring.md): {% image - [Microsoft 365 Anomalous Amount of Deleted Emails](jq3-281-esg.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1485-data-destruction... - [Unfamiliar kernel module loaded from memory](jrx-axx-056.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1547-boot-or-log... - [Avoid unsafe deserialization](json-unsafe-deserialization.md): {% callout %} - [do not specify content-type for JsonResponse](jsonresponse-no-content-type.md): {% callout %} - [Prevent missing key props in iterators/collection literals](jsx-key.md): {% callout %} - [Avoid comments from being inserted as text nodes](jsx-no-comment-textnodes.md): {% callout %} - [Ensures unique key prop](jsx-no-duplicate-key.md): {% callout %} - [Avoid duplicate properties in JSX](jsx-no-duplicate-props.md): {% callout %} - [Prevent target='_blank' security risks](jsx-no-target-blank.md): {% callout %} - [Ensure JWT use an algorithm](jwt-algorithm-none.md): {% callout %} - [Ensure JWT use a secure algorithm](jwt-algorithm.md): {% callout %} - [Ensure JWT are verified](jwt-no-verify.md): {% callout %} - [Ensure an isRevoked method is used for tokens](jwt-not-revoked.md): {% callout %} - [Do not put sensitive data in objects](jwt-sensitive-data.md): {% callout %} - [JWT must always be verified](jwt-verify.md): {% callout %} - [Use default encryption from the JWT library](jwt-weak-encryption.md): {% callout %} - [Containers should have an enabled AppArmor profile](jyb-pxc-x25.md): Classification:complianceFramework:cis-dockerControl:5.1 - [Account should have a configured activity log alert for sql database updates](k11-j84-lw1.md): Create an activity log alert for the Create or Update Azure SQL Database event. - [S3 buckets should have 'MFA Delete' enabled](k20-cl4-oat.md): Enabling`MFA Delete`on S3 buckets requires two forms of authentication whenever there is an attempt to change the v... - [Kubernetes Clusters](k8sclustersdataset.md): The Kubernetes Clusters table provides comprehensive information about Kubernetes clusters monitored by Datadog. Each... - [Kubernetes DaemonSets](k8sdaemonsetsdataset.md): The Kubernetes DaemonSets table provides information about Kubernetes DaemonSets monitored by Datadog across your clu... - [Kubernetes Deployments](k8sdeploymentsdataset.md): The Kubernetes Deployments table provides information about Kubernetes deployments monitored by Datadog across your c... - [Kubernetes Namespaces](k8snamespacesdataset.md): The Kubernetes Namespaces table provides information about Kubernetes namespaces monitored by Datadog across your clu... - [Kubernetes Nodes](k8snodesdataset.md): The Kubernetes Nodes table provides comprehensive information about Kubernetes nodes (worker machines) monitored by D... - [Kubernetes Pods](k8spodsdataset.md): The Kubernetes Pods table provides detailed information about Kubernetes pods monitored by Datadog across your cluste... - [Kubernetes Services](k8sservicesdataset.md): The Kubernetes Services table provides comprehensive information about Kubernetes services monitored by Datadog acros... - [Google Compute Engine instance metadata SSH key added or modified](k9n-l4e-i45.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Account should have a configured activity log alert for 'Delete Key Vault](ka5-bad-7de.md): Create an activity log alert for the Delete Key Vault event. - [Data Streams Monitoring for Kafka](kafka.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Containers should have memory usage limits configured on Docker hosts](kax-jws-8j3.md): Classification:complianceFramework:cis-dockerControl:5.10 - [>-](kbp-pln-54a.md): Update publicly accessible Amazon Elasticsearch domains to block unsigned requests. - [A new Microsoft 365 application was installed](kc5-vk1-ysw.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [Salesforce login from disabled account](kcl-yns-z9l.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Account should have a configured activity log alert for ''Update Key Vault''](kd9-bgd-5gs.md): Create an activity log alert for the Update Key Vault event. - [Key Management](key-management.md): Manage your Datadog API and application keys. You need an API key and an application key for a user with the required... - [Key expiration not set](key-expiration-not-set.md): {% callout %} - [Key Vault secrets content type undefined](key-vault-secrets-content-type-undefined.md): {% callout %} - [Avoid DES keys](keygenerator-avoid-des.md): {% callout %} - [Keyspaces Component](keyspaces.md): Use the Keyspaces component to visualize Apache Cassandra-compatible database services from your Amazon Web Services ... - [Container images should include HEALTHCHECK instructions](kg8-vpu-74c.md): Classification:complianceFramework:cis-dockerControl:4.6 - [Kinesis Stream Component](kinesis-stream.md): Use the Kinesis Stream component to represent real-time data streams from your Amazon Web Services architecture. - [Data Streams Monitoring for Amazon Kinesis](kinesis.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Kinesis not encrypted with KMS](kinesis-not-encrypted-with-kms.md): {% callout %} - [Kinesis SSE not configured](kinesis-sse-not-configured.md): {% callout %} - [>-](kl0-mc2-4gv.md): Create an activity log alert for the Delete PostgreSQL Database event. - [>-](kl4-bv9-4rt.md): Create an activity log alert for the Delete MySQL Database event. - [KMS admin and CryptoKey roles in use](kms-admin-and-crypto-key-roles-in-use.md): {% callout %} - [KMS allows a wildcard principal](kms-allows-wildcard-principal.md): {% callout %} - [KMS CryptoKey is publicly accessible](kms-crypto-key-publicly-accessible.md): {% callout %} - [KMS key rotation disabled](kms-enable-key-rotation-disabled.md): {% callout %} - [KMS key with a vulnerable policy](kms-key-with-full-permissions.md): {% callout %} - [KMS key with no deletion window](kms-key-with-no-deletion-window.md): {% callout %} - [Instrumenting Kong](kong.md): Datadog APM is available for [Kong Gateway](https://docs.konghq.com/gateway/latest/) using the [kong-plugin-ddtrace](... - [Kotlin Multiplatform Crash Reporting and Error Tracking](kotlin-multiplatform.md): Error Tracking processes errors collected from the Kotlin Multiplatform SDK. - [IAM policies should be attached and managed at the group level](kp3-9yr-ube.md): By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the mechanism through whic... - [New Private Repository Container Image detected in AWS ECR](kq2-xck-hec.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1525-implant-int... - [New Kubernetes privileged pod created](kqq-0do-gio.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Kubernetes Security Posture Management](kspm.md): Kubernetes Security Posture Management (KSPM) for Cloud Security helps you proactively strengthen the security postur... - [Datadog Plugin for kubectl](kubectl-plugin.md): Datadog provides a`kubectl`plugin with helper utilities that gives visibility into internal components. You can use... - [Kubelet certificate authority not set](kubelet-certificate-authority-not-set.md): {% callout %} - [Kubelet client certificate or key not set](kubelet-client-certificate-or-key-not-set.md): {% callout %} - [Kubelet client periodic certificate switch disabled](kubelet-client-periodic-certificate-switch-disabled.md): {% callout %} - [Kubelet event QPS not properly set](kubelet-event-qps-not-properly-set.md): {% callout %} - [Kubelet hostname override is set](kubelet-hostname-override-is-set.md): {% callout %} - [Kubelet HTTPS set to false](kubelet-https-set-to-false.md): {% callout %} - [Kubelet not managing IP tables](kubelet-not-managing-ip-tables.md): {% callout %} - [Kubelet protect-kernel-defaults set to false](kubelet-protect-kernel-defaults-set-to-false.md): {% callout %} - [Kubelet read-only port is not set to zero](kubelet-read-only-port-is-not-set-to-zero.md): {% callout %} - [Kubelet streaming connection timeout disabled](kubelet-streaming-connection-timeout-disabled.md): {% callout %} - [Kubernetes Cluster Name Automatic Detection](kubernetes-cluster-name-detection.md): For Agent v6.11+, the Datadog Agent can automatically detect the Kubernetes cluster name on Google Kubernetes Engine ... - [Legacy Kubernetes versions](kubernetes-legacy.md): The default configuration targets Kubernetes 1.7.6 and later, as the Agent relies on features and endpoints introduce... - [Single Step APM Instrumentation on Kubernetes](kubernetes.md): In a Kubernetes environment, use Single Step Instrumentation (SSI) for APM to install the Datadog Agent and [instrume... - [Kubernetes cluster without Terway as CNI network plugin](kubernetes-cluster-without-terway-as-cni-network-plugin.md): {% callout %} - [Manually install and configure the Datadog Agent on Kubernetes with DaemonSet](kubernetes-daemonset.md): {% alert level="danger" %} - [Kubernetes Explorer](kubernetes-explorer.md): {% image - [Configure Kubernetes Explorer](kubernetes-explorer-configuration.md): This page lists configuration options for the [Containers](https://app.datadoghq.com/containers) page in Datadog. To ... - [Kubernetes Resource Utilization](kubernetes-resource-utilization.md): {% image - [Kubelet nodes should only read objects associated with them](kvf-zte-cje.md): Classification:complianceFramework:cis-kubernetesControl:1.2.8 - [Cloud credentials accessed by network utility](kzv-bta-ny6.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1552-unsecured-cre... - [>-](l3r-4tc-7z1.md): Create an activity log alert for the Create or Update Virtual Machine event. - [Potential Illicit Consent Grant attack via Azure registered application](l6w-nd1-kir.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing... - [Omit parentheses if a lambda has no parameter](lambda-no-parameter.md): {% callout %} - [Ensure lambdas have parenthesis around parameters](lambda-parameters.md): {% callout %} - [Lambda Component](lambda.md): Use the Lambda component to represent Lambda instances from your Amazon Web Services architecture. - [Lambda function publicly accessible](lambda-function-publicly-accessible.md): {% callout %} - [Lambda function with privileged role](lambda-function-with-privileged-role.md): {% callout %} - [Lambda function without dead-letter queue](lambda-function-without-dead-letter-queue.md): {% callout %} - [Lambda function without tags](lambda-function-without-tags.md): {% callout %} - [Lambda functions with full privileges](lambda-functions-with-full-privileges.md): {% callout %} - [Lambda functions without unique IAM roles](lambda-functions-without-unique-iam-roles.md): {% callout %} - [Lambda functions without X-Ray tracing](lambda-functions-without-x-ray-tracing.md): {% callout %} - [Lambda IAM InvokeFunction misconfigured](lambda-iam-invokefunction-misconfigured.md): {% callout %} - [Lambda permission misconfigured](lambda-permission-misconfigured.md): {% callout %} - [Lambda permission principal is a wildcard](lambda-permission-principal-is-wildcard.md): {% callout %} - [Lambda with vulnerable policy](lambda-with-vulnerable-policy.md): {% callout %} - [Avoid potential path injections in Laravel](laravel-avoid-path-injection.md): {% callout %} - [Ensure Laravel cookies are encrypted](laravel-cookie-not-encrypted.md): {% callout %} - [Enable CSRF token verification to avoid CSRF attacks](laravel-csrf-not-verified.md): {% callout %} - [Avoid possible command injections when sending mail](laravel-mail-command-injection.md): {% callout %} - [Prevent native SQL injections](laravel-native-sql-injection.md): {% callout %} - [Avoid building paths from unsanitized input](laravel-path-traversal-storage.md): {% callout %} - [Avoid building paths from untrusted data](laravel-path-traversal.md): {% callout %} - [Prevent raw SQL injections](laravel-raw-sql-injection.md): {% callout %} - [Do not write responses with unsanitized data](laravel-response-write.md): {% callout %} - [Prevent SQL queries built from unsanitized input](laravel-sql-injection.md): {% callout %} - [LastPass SAML IdP](lastpass.md): Follow the [LastPass Datadog App Integration](https://support.logmeininc.com/lastpass/help/datadog-app-integration) s... - [API Reference](latest.md): The Datadog API is an HTTP REST API. The API uses resource-oriented URLs to call the API, uses status codes to indica... - [Launch configuration is not encrypted](launch-configuration-is-not-encrypted.md): {% callout %} - [Launch template is not encrypted](launch-template-is-not-encrypted.md): {% callout %} - [Azure Active Directory risky sign-in](lb6-1tt-tv9.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [LDAP connections should be authenticated](ldap-authenticate-connection.md): {% callout %} - [Prevent LDAP Entry Poisoning](ldap-entry-poisoning.md): {% callout %} - [Prevent LDAP injection](ldap-injection.md): {% callout %} - [Avoid connecting to a LDAP server without password](ldap-without-password.md): {% callout %} - [Brute-forced user has assigned a role](ldd-v8t-81e.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [Database process spawned shell](ldw-moi-trt.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1190-exploit-publi... - [Datadog Learning Center](learning-center.md): Datadog is an extensive platform for understanding your infrastructure. [The Datadog Learning Center](https://learn.d... - [Create an Agent check for Datadog Agent 5](legacy.md): This documentation explains how to create an Agent check for Datadog Agent v5, which has been superseded by Agent v6.... - [App Analytics](legacy-app-analytics.md): {% alert level="warning" %} - [Legacy client certificate auth enabled](legacy-client-certificate-auth-enabled.md): {% callout %} - [Ensure legacy networks do not exist for a project](legacy-networks-exist-for-project.md): {% callout %} - [Java code injections attempts](let-1rp-8fi.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Understand Datadog retention policy to efficiently retain trace data](leveraging-diversity-sampling.md): Most traces generated by your applications are repetitive, and it's not necessarily relevant to ingest and retain the... - [Libraries](libraries.md): The following table lists Datadog-official and community contributed API and [DogStatsD](https://docs.datadoghq.com/m... - [Configure the Datadog Tracing Library](library-config.md): This page describes configuration options that behave consistently across all languages. To view these common configu... - [Library Configuration](library-configuration.md): {% callout %} - [Library Inventory](library-inventory.md): {% callout %} - [Library Rules](library-rules.md): {% callout %} - [2024 Linux Key Rotation](linux-key-rotation-2024.md): As a common best practice, Datadog periodically rotates the keys and certificates used to sign Datadog's Agent packag... - [Single Step APM Instrumentation on Linux](linux.md): On a Linux host or VM, use Single Step Instrumentation (SSI) for APM to install the Datadog Agent and [instrument](ht... - [Linux Agent attributes and helpers](linux-expressions.md): This documentation describes Linux attributes and helpers of the [Datadog's Security Language (SECL)](https://docs.da... - [A list component should have a key to prevent re-rendering](list-component-needs-key.md): {% callout %} - [Do not use array indexes for a list component's key](list-component-no-index.md): {% callout %} - [Dashboard List](list.md): Organize and streamline your expanding dashboard collection with Dashboard List features. Group dashboards into lists... - [Your application should not listen on all interfaces](listen-all-interfaces.md): {% callout %} - [Avoid array and hash constructor when empty](literal-hash-array.md): {% callout %} - [The literals should be first in String comparisons](literals-first-in-comparison.md): {% callout %} - [Live vs Snapshot Diagrams](live-vs-snapshot-diagrams.md): Cloudcraft offers two types of diagrams for visualizing your cloud infrastructure: Live and Snapshot. This document e... - [Live Call Routing](live-call-routing.md): {% callout %} - [Live Debugger](live-debugger.md): {% callout %} - [Liveness probe is not defined](liveness-probe-is-not-defined.md): {% callout %} - [Credential Stuffing Attack on Azure](ljt-3f4-8ty.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [LLM Observability](llm-observability.md): {% callout %} - [Microsoft 365 Anomalous Amount of Downloaded files](lmk-gfu-na5.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [Load Balancer Component](load-balancer.md): Use the Load Balancer component to represent application and network load balancers from your Amazon Web Services arc... - [Beta - Nifcloud LB listener use HTTP port](load-balancer-listener-use-http.md): {% callout %} - [Beta - Nifcloud LB use HTTP port](load-balancer-use-http.md): {% callout %} - [Beta - Nifcloud LB use insecure TLS policy ID](load-balancer-use-insecure-tls-policy-id.md): {% callout %} - [Beta - Nifcloud LB use insecure TLS policy name](load-balancer-use-insecure-tls-policy-name.md): {% callout %} - [prefer iloc or loc rather than ix](loc-not-ix.md): {% callout %} - [Enforce using the LocalHome suffix for Session EJB](local-home-naming-convention.md): {% callout %} - [Do not store sensitive data to local storage](local-storage-sensitive-data.md): {% callout %} - [Local SDK Injection](local-sdk-injection.md): Use the [Datadog Admission Controller](https://docs.datadoghq.com/containers/cluster_agent/admission_controller/?tab=... - [Do not lock on on publicly accessible instance](locking-public-instances.md): {% callout %} - [Container Log Collection Troubleshooting](log-collection.md): Containerized applications write logs to the Standard Output and Error (`stdout`/`stderr`) streams, which the conta... - [Untrusted user input is logged without sanitization](log-injection.md): {% callout %} - [Avoid logging sensitive data](log-sensitive-data.md): {% callout %} - [Docker Log collection](log.md): Datadog Agent 6+ collects logs from containers. Two types of installation are available: - [Log Management Billing](log-management.md): At the end of the month, Datadog computes the total number of log events that have been indexed: - [Create a Log Pipeline](log-pipeline.md): Log pipelines parse, filter, and enrich incoming logs to make them searchable and actionable within Datadog. For Tech... - [Log retention is not greater than 90 days](log-retention-is-not-greater-than-90-days.md): {% callout %} - [Log retention is not set](log-retention-is-not-set.md): {% callout %} - [Log Stream Widget](log-stream.md): {% alert level="danger" %} - [Agent Transport for Logs](log-transport.md): For Agent v6.19+/v7.19+, the default transport used for your logs is compressed HTTPS instead of TCP for the previous... - [Use constant template when logging data](logger-constant-template.md): {% callout %} - [Avoid logging exception](logging-exception.md): {% callout %} - [do not use format string with logging functions](logging-no-format.md): {% callout %} - [Configuring Login Methods](login-methods.md): Login Methods determine how users may authenticate themselves and log into your Datadog organization. Using Login Met... - [Logs Archives](logs-archives.md): Archives forward all the logs ingested to a cloud storage system. - [Logs Custom Destinations](logs-custom-destinations.md): Custom Destinations forward all the logs ingested to an external destination. - [Logs Indexes](logs-indexes.md): Manage configuration of [log indexes](https://docs.datadoghq.com/logs/indexes/). - [Logs Metrics](logs-metrics.md): Manage configuration of [log-based metrics](https://app.datadoghq.com/logs/pipelines/generate-metrics) for your organ... - [Logs Pipelines](logs-pipelines.md): Pipelines and processors operate on incoming logs, parsing and transforming them into structured attributes for easie... - [Logs Restriction Queries](logs-restriction-queries.md): **Note: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.c... - [Log Management](logs.md): {% callout %} - [Lookup Processor](lookup-processor.md): Use the lookup processor to define a mapping between an event attribute and a human readable value saved in a [Refere... - [Avoid regexp.Match in a loop](loop-regexp-match.md): {% callout %} - [Do not use stackalloc in loops](loop-stackalloc.md): {% callout %} - [Prefer using Kernel#loop with break for post-loop tests](loop-with-break.md): {% callout %} - [Avoid using specific implementation types](loose-coupling.md): {% callout %} - [Low RDS backup retention period](low-rds-backup-retention-period.md): {% callout %} - [Exchange Online mail forwarding rule enabled](lw7-2vm-4tl.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1137-office-appl... - [New AWS account seen assuming a role into AWS account](m0j-qd1-5he.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1199-trusted-... - [AWS Security Hub disabled](m4l-btf-8cs.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Set up App and API Protection on macOS](macos.md): {% callout %} - [Best practices for maintaining relevant dashboards](maintain-relevant-dashboards.md): A cluttered dashboard list page can make finding the right content difficult and pollute a search query with unused o... - [The maintainer entry is deprecated](maintainer-deprecated.md): {% callout %} - [Manage Datadog with Terraform](manage-datadog-with-terraform.md): You can use [Terraform](https://www.terraform.io/) to interact with the Datadog API and manage your Datadog organizat... - [Managing DatadogPodAutoscaler with Terraform](manage-datdadogpodautoscaler-with-terraform.md): The DatadogPodAutoscaler (DPA) is a Kubernetes custom resource definition (CRD) that enables autoscaling of Kubernete... - [Manage Your Team](manage-teams.md): Make architecture reviews a team effort, share your real-time cloud infrastructure views, or collaboratively design y... - [Manage Your User Profile](manage-user-profile.md): Your user profile is where you can make updates to your personal information, such as your name and email address. Yo... - [Team Management](manage.md): Each team has a detail page that displays information about the team, its members, and its associated resources. Navi... - [Managing Account Theft with AAP](manage-account-theft-appsec.md): {% callout %} - [Manage Data Collection](manage-data-collection.md): Error Tracking provides fine-grained control of which errors to ingest, helping you reduce noise and avoid unexpected... - [Managed Disk Component](managed-disk.md): You can use the Managed Disk component to represent and visualize managed block store volumes from your Azure environ... - [Connecting with Managed Authentication](managed-authentication.md): This guide assumes that you have configured [Database Monitoring](https://docs.datadoghq.com/database_monitoring/#get... - [Amazon ECS Managed Instances](managed-instances.md): {% callout %} - [Avoid manual sanitization of inputs](manual-sanitization.md): {% callout %} - [Avoid manual string trimming](manual-string-trimming.md): {% callout %} - [SAML Group Mapping](mapping.md): With Datadog, you can map attributes in your Identity Provider (IdP)'s response to Datadog entities. - [Ensure Azure MariaDB server is using latest TLS (1.2)](mariadb-not-using-latest-tls.md): {% callout %} - [MariaDB server public network access enabled](mariadb-public-network-access-enabled.md): {% callout %} - [MariaDB server geo-redundant backup disabled](mariadb-server-georedundant-backup-disabled.md): {% callout %} - [Build a Marketplace Offering](marketplace-offering.md): The [Datadog Marketplace](https://app.datadoghq.com/marketplace) is a digital marketplace where Technology Partners c... - [Sensitive host system directories should not be mounted on containers](mat-y72-f6k.md): Classification:complianceFramework:cis-dockerControl:5.5 - [Expand math.Pow calls](math-pow-expansion.md): {% callout %} - [Math/rand random number generation is insecure](math-rand-insecure.md): {% callout %} - [classes must be less than 900 lines](max-class-lines.md): {% callout %} - [Functions must be less than 200 lines](max-function-lines.md): {% callout %} - [Line cannot exceed default max length](max-line-len.md): {% callout %} - [Enforce a maximum number of parameters in a function](max-params.md): {% callout %} - [Set MaxResponseHeadersLength to a reasonable size](max-response-headers-length.md): {% callout %} - [Set MaxResponseHeadersLength to a reasonable size](maxresponseheaderslength-size.md): {% callout %} - [Datadog MCP Server](mcp-server.md): {% callout %} - [Do not use Mcrypt as it is deprecated](mcrypt-deprecated.md): {% callout %} - [Memory limits not defined](memory-limits-not-defined.md): {% callout %} - [Memory requests not defined](memory-requests-not-defined.md): {% callout %} - [Declare and assign variables in one statement](merge-declaration-assignment.md): {% callout %} - [Encapsulated if should be merged](mergeable-if.md): {% callout %} - [Do not use custom digest](message-digest-custom.md): {% callout %} - [Messages](messages.md): Messages feature allows identifying the root cause of poison pill messages and to better understand data streams by i... - [Getting Started with Datadog](meta.md): title: Getting Started with Datadog - [Metabase](metabase.md): Datadog's Metabase integration helps data teams make changes to their data platform without breaking Metabase dashboa... - [Invalid metadata label](metadata-label-is-invalid.md): {% callout %} - [Avoid parentheses when methods take no arguments](method-call-no-args-parens.md): {% callout %} - [Do not use :: to define class methods](method-definition-colon.md): {% callout %} - [Check function definition language](method-definition.md): {% callout %} - [a method has the same name than an attribute](method-hidden.md): {% callout %} - [Method name should use camelCase](method-name.md): {% callout %} - [Avoid parentheses for methods without arguments](method-parens.md): {% callout %} - [Metrics](metrics.md): {% callout %} - [Metrics and Tags](metrics-and-tags.md): {% callout %} - [Trace Metrics](metrics-namespace.md): Tracing application metrics are collected after you [enable trace collection and instrument your application](https:/... - [Jumpcloud policy created](mex-to8-3fa.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1484-domain-or-t... - [The API server should explicitly set a service account public key file](mez-uvc-4s3.md): Classification:complianceFramework:cis-kubernetesControl:1.2.28 - [Okta administrator role assigned to user](mft-lau-5u0.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [Microsoft Teams Integration](microsoft-teams-integration.md): Configure your [Datadog Microsoft Teams integration](https://docs.datadoghq.com/integrations/microsoft_teams/) direct... - [Integrate Microsoft Teams with Datadog Incident Management](microsoft-teams.md): The Microsoft Teams integration for Datadog Incident Management enables you to declare and manage incidents, automati... - [Migrate PagerDuty resources to Datadog On-Call](migrate-your-pagerduty-resources-to-on-call.md): {% callout %} - [Migrate Your Feature Flags from Statsig](migrate-from-statsig.md): {% callout %} - [Migrating from your current on-call provider](migrating-from-your-current-providers.md): {% callout %} - [Migrating to the New Events Features](migrating-to-new-events-features.md): {% alert level="danger" %} - [Migrate to Go Tracer v2](migration.md): The Go tracer v2 introduces API improvements, better performance, and enhanced compatibility with modern Go practices... - [Create a custom IAM policy to use with Cloudcraft](minimal-iam-policy.md): Cloudcraft uses a *read-only* IAM role to scan your AWS account and reverse-engineer the service relationships betwee... - [RSA keys should have a minimum of 2,048 bits](minimum-rsa-key-length.md): {% callout %} - [Cloud Security Misconfigurations](misconfigurations.md): Cloud Security Misconfigurations makes it easier to assess and visualize the current and historic security posture of... - [Misconfigured password policy expiration](misconfigured-password-policy-expiration.md): {% callout %} - [Express application should use Helmet](missing-helmet.md): {% callout %} - [Detects if `m.Run()` was actually called in `TestMain`](missing-run-in-test.md): {% callout %} - [Switch statements should have a default case](missing-switch-statement-default.md): {% callout %} - [Missing AppArmor profile](missing-app-armor-config.md): {% callout %} - [Missing cluster log types](missing-cluster-log-types.md): {% callout %} - [MITRE ATT&CK Map](mitre-attack-map.md): {% alert level="danger" %} - [Do not create a directory with write permissions for all](mkdir-permissions.md): {% callout %} - [Make sure temporary files are secure](mktemp.md): {% callout %} - [>-](mlb-mlg-mr4.md): Create an activity log alert for the "Delete SQL Server Firewall Rule." - [Unfamiliar kernel module loaded](mnc-w4f-4pf.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1547-boot-or-log... - [The Datadog Mobile App with IdP Initiated SAML](mobile-idp-login.md): In order to use the Datadog mobile app with Identity Provider (IdP) Initiated SAML, you need to pass an additional Re... - [Datadog Mobile App](mobile.md): The Datadog Mobile app enables you to view alerts from Datadog on your mobile device. When receiving an alert through... - [Getting Started with Mobile App Testing](mobile-app-testing.md): {% callout %} - [Replace var % 1 by 0](mod-one-always-zero.md): {% callout %} - [always specify max_length for a Charfield](model-charfield-max-length.md): {% callout %} - [use help_text to document model columns](model-help-text.md): {% callout %} - [Enforce modifier ordering](modifier-order.md): {% callout %} - [Do not modify function parameter](modify-parameter.md): {% callout %} - [Unfamiliar process accessed AWS EKS service account token](moi-gio-c9a.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1552-unsecured-cre... - [AWS WAF web access control list modified](moj-p98-l67.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Setting Up Database Monitoring for MongoDB Atlas](mongodbatlas.md): Database Monitoring offers comprehensive insights into your MongoDB databases by providing access to critical metrics... - [Monitor Authentication Logs for Security Threats](monitor-authentication-logs-for-security-threats.md): Being able to log, monitor, and analyze all authentication events is key for identifying security threats and managin... - [Monitoring Kafka Queues](monitor-kafka-queues.md): In event-driven pipelines, queuing and streaming technologies such as Kafka are essential to the successful operation... - [Monitor Summary Widget](monitor-summary.md): The monitor summary widget displays a summary view of all your Datadog monitors, or a subset based on a query. - [Monitor CloudPrem](monitoring.md): {% callout %} - [Monitors](monitors.md): Datadog Monitors provide vital visibility into your infrastructure, enabling proactive detection and real-time respon... - [Monorepo Support in Code Coverage](monorepo-support.md): {% callout %} - [Certificate managed by ACM should be renewed within 30 days of expiration](mpg-nle-oki.md): Renew your SSL/TLS certificate managed by AWS Certificate Manager (ACM) as there are 30 days left to renew. - [''Trusted Microsoft Services'' should be enabled for Storage Account access](mpx-tee-gng.md): Enabling firewall rules for a storage account restricts incoming data requests, including those from other Azure serv... - [Amazon MQ broker is publicly accessible](mq-broker-is-publicly-accessible.md): {% callout %} - [Amazon MQ broker logging disabled](mq-broker-logging-disabled.md): {% callout %} - [MSK broker is publicly accessible](msk-broker-is-publicly-accessible.md): {% callout %} - [MSK cluster encryption disabled](msk-cluster-encryption-disabled.md): {% callout %} - [MSK cluster logging disabled](msk-cluster-logging-disabled.md): {% callout %} - [MSSQL server auditing disabled](mssql-server-auditing-disabled.md): {% callout %} - [MSSQL server public network access enabled](mssql-server-public-network-access-enabled.md): {% callout %} - [>-](mtg-wt7-w4j.md): Classification:complianceFramework:cis-kubernetesControl:1.3.6 - [Multi-Factor Authentication (MFA)](multi-factor-authentication.md): Multi-Factor Authentication (MFA), or Two-Factor Authentication (2FA) requires a user to present more than one type o... - [Managing Multiple-Organization Accounts](multi-organization.md): It is possible to manage multiple child-organizations from one parent-organization account. This is typically used by... - [Braces required for multiline if or if/else statements.](multiline-if-else.md): {% callout %} - [Braces required for multiline for, while, and do statements.](multiline-loop.md): {% callout %} - [Can I scan multiple accounts onto the same blueprint?](multiple-accounts-same-blueprint.md): With a Cloudcraft Pro or Enterprise account, you can connect an unlimited number of AWS accounts. With each account, ... - [Do not use multiple CMD](multiple-cmd.md): {% callout %} - [Do not use multiple ENTRYPOINT](multiple-entrypoint.md): {% callout %} - [Do not use multiple HEALTHCHECK](multiple-healthcheck.md): {% callout %} - [Testing Multiple Environments](multiple-env.md): Continuous Testing allows you to apply the same scenario from scheduled tests against the production environment to d... - [Multisource Querying](multisource-querying.md): After you start ingesting your [AWS](https://docs.datadoghq.com/cloud_cost_management/setup/aws), [Azure](https://doc... - [Mute Rules](mute.md): Configure mute rules to streamline security alerts by automatically filtering out non-urgent findings. This approach ... - [Mute Issues in Cloud Security](mute-issues.md): Available for: - [>-](mwt-4aa-d87.md): Classification:complianceFramework:cis-kubernetesControl:1.1.17 - [ssl_enforcement_enabled is not set to ENABLED for MySQL database server](mysql-enforce-ssl-connection-disabled.md): {% callout %} - [Ensure MySQL is using the latest version of TLS encryption](mysql-not-using-latest-tls.md): {% callout %} - [MySQL server public access enabled](mysql-server-public-access-enabled.md): {% callout %} - [MySQL SSL connection disabled](mysql-ssl-connection-disabled.md): {% callout %} - [>-](mzw-7rd-5uu.md): Classification:complianceFramework:cis-dockerControl:3.10 - [ElastiCache clusters should use a non-default port for communication](n11-17q-3pj.md): Change your AWS ElastiCache cluster endpoint port to a non-default port. - [The controller manager pod specification file ownership should be root:root](n49-94s-88z.md): Classification:complianceFramework:cis-kubernetesControl:1.1.4 - [EBS snapshot should be encrypted](n68-nzh-pl8.md): Encrypt Amazon Elastic Block Store (EBS) snapshots with volume snapshot encryption keys. - [Namespace lifecycle admission control plugin disabled](namespace-lifecycle-admission-control-plugin-disabled.md): {% callout %} - [NAS file system not encrypted](nas-file-system-not-encrypted.md): {% callout %} - [NAS file system without KMS](nas-file-system-without-kms.md): {% callout %} - [Beta - Nifcloud NAS has common private network](nas-instance-has-common-private.md): {% callout %} - [Beta - Nifcloud NAS undefined description to NAS security group](nas-security-group-description-undefined.md): {% callout %} - [Beta - Nifcloud NAS has public ingress NAS security group rule](nas-security-group-has-public-ingress-sgr.md): {% callout %} - [NAT Gateway Component](nat-gateway.md): Use the NAT Gateway component to represent network address translation (NAT) gateways from your Amazon Web Services a... - [Navigate the Explorer](navigate.md): {% image - [Avoid negative zero](negative-zero.md): {% callout %} - [Neptune Component](neptune.md): Use the Neptune component to visualize serverless graph databases from your Amazon Web Services architecture. - [Neptune cluster instance is publicly accessible](neptune-cluster-instance-is-publicly-accessible.md): {% callout %} - [Neptune cluster with IAM database authentication disabled](neptune-cluster-with-iam-database-authentication-disabled.md): {% callout %} - [Neptune database cluster encryption disabled](neptune-database-cluster-encryption-disabled.md): {% callout %} - [Neptune logging is disabled](neptune-logging-disabled.md): {% callout %} - [Neptune cluster snapshot not encrypted](neptune-snapshots-not-encrypted.md): {% callout %} - [Do not have too many nested blocks](nested-blocks.md): {% callout %} - [Closure expressions should not be nested too deeply](nested-closure.md): {% callout %} - [NET_RAW capabilities disabled for PSP](net-raw-capabilities-disabled-for-psp.md): {% callout %} - [NET_RAW capabilities not dropped](net-raw-capabilities-not-being-dropped.md): {% callout %} - [Network ACL](network-acl.md): Use the Network ACL component to visualize network access control lists from your Amazon Web Services architecture. - [Network Device Monitoring](network-device-monitoring.md): The Network Device Monitoring API allows you to fetch devices and interfaces and their attributes. See the [Network D... - [Network Traffic](network.md): {% alert level="danger" %} - [Network ACL with unrestricted access to RDP](network-acl-with-unrestricted-access-to-rdp.md): {% callout %} - [Network ACL with unrestricted access to SSH](network-acl-with-unrestricted-access-to-ssh.md): {% callout %} - [Network interfaces IP forwarding enabled](network-interfaces-ip-forwarding-enabled.md): {% callout %} - [Network interfaces with public IP](network-interfaces-with-public-ip.md): {% callout %} - [Network Monitoring](network-monitoring.md): {% callout %} - [Network policy disabled](network-policy-disabled.md): {% callout %} - [Network policy without Pod target](network-policy-is-not-targeting-any-pod.md): {% callout %} - [Network watcher flow disabled](network-watcher-flow-disabled.md): {% callout %} - [Invoking a constructor must use parentheses](new-parens.md): {% callout %} - [Getting Started with Datadog](new-events-sources.md): | Old source type name | New source type name | - [New Value](new-value.md): The new value detection method alerts when attribute values that have not been seen before, such as a new user, accou... - [AWS EBS Snapshot possible exfiltration](nfk-un1-yds.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Jumpcloud administrator role assigned](ngh-qas-7b3.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Instrumenting NGINX](nginx.md): Datadog APM supports NGINX in two configurations: - [The certificate authorities file should have permissions of 644 or stricter](njz-66i-vae.md): Classification:complianceFramework:cis-kubernetesControl:4.1.7 - [Spring4shell RCE attempts - CVE-2022-22963](nln-n8g-3mg.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [SQS queue should have server-side encryption](nmb-c7a-8rv.md): Secure your Amazon Simple Queue Service (SQS) messages with server-side encryption. - [Avoid the use of alert, confirm, and prompt](no-alert.md): {% callout %} - [Avoid Array constructors](no-array-constructor.md): {% callout %} - [Promise executor cannot be an async function](no-async-promise-executor.md): {% callout %} - [do not use bare except](no-bare-except.md): {% callout %} - [Do not use a raise statement without a specific exception](no-bare-raise.md): {% callout %} - [do not raise base exception](no-base-exception.md): {% callout %} - [Avoid using BEGIN blocks](no-begin-blocks.md): {% callout %} - [Avoid the use of arguments.caller or arguments.callee](no-caller.md): {% callout %} - [Avoid lexical declarations in case clauses](no-case-declarations.md): {% callout %} - [Avoid explicit use of the case equality operator](no-case-equality.md): {% callout %} - [Avoid using the character literal syntax](no-character-literals.md): {% callout %} - [Avoid passing children as props](no-children-prop.md): {% callout %} - [Avoid class variables](no-class-var.md): {% callout %} - [Direct comparison with -0 detected](no-compare-neg-zero.md): {% callout %} - [The use of compile can be insecure](no-compile.md): {% callout %} - [Avoid assignment operators in conditional expressions](no-cond-assign.md): {% callout %} - [Avoid non-null assertion in confusing locations](no-confusing-non-null-assertion.md): {% callout %} - [Enforce consistent newline usage](no-consecutive-blank-lines.md): {% callout %} - [Enforce correct block comment usage](no-consecutive-comments.md): {% callout %} - [Avoid leaving console debug statements](no-console.md): {% callout %} - [Disallow reassigning const variables](no-const-assign.md): {% callout %} - [Avoid content tag](no-content-tag.md): {% callout %} - [Avoid using Perl-style special variables](no-cryptic-perlisms.md): {% callout %} - [Avoid using children with dangerouslySetInnerHTML](no-danger-with-children.md): {% callout %} - [do not use datetime.today()](no-datetime-today.md): {% callout %} - [Avoid `DateTime` unless for historical purposes](no-datetime.md): {% callout %} - [Disallow the use of debugger](no-debugger.md): {% callout %} - [Avoid using delete on variables directly](no-delete-var.md): {% callout %} - [Avoid deprecated methods](no-deprecated.md): {% callout %} - [Do not use DES](no-des-cipher.md): {% callout %} - [Avoid equal signs at the beginning of regular expressions](no-div-regex.md): {% callout %} - [Avoid unnecessary uses of `!!`](no-double-negation.md): {% callout %} - [do not use double negation](no-double-not.md): {% callout %} - [Do not use the same operator twice](no-double-operators.md): {% callout %} - [do not use operator -- and ++](no-double-unary-operator.md): {% callout %} - [Function parameters redeclared](no-dupe-args.md): {% callout %} - [Avoid duplicate class members](no-dupe-class-members.md): {% callout %} - [Avoid duplicate keys in object literals](no-dupe-keys.md): {% callout %} - [use a base class only once](no-duplicate-base-class.md): {% callout %} - [Avoid duplicate case labels](no-duplicate-case.md): {% callout %} - [Avoid duplicate enum member values](no-duplicate-enum-values.md): {% callout %} - [Avoid duplicate module imports](no-duplicate-imports.md): {% callout %} - [Avoid duplicate constituents of unions or intersections](no-duplicate-type-constituents.md): {% callout %} - [Do not use unless with else](no-else-with-unless.md): {% callout %} - [Avoid empty catch sections](no-empty-catch.md): {% callout %} - [Avoid empty character classes in regular expressions](no-empty-character-class.md): {% callout %} - [Class bodies should not be empty](no-empty-class-bodies.md): {% callout %} - [Prevent empty default cases](no-empty-default.md): {% callout %} - [A Kotlin (script) file should not be empty.](no-empty-file.md): {% callout %} - [Avoid empty finalizer](no-empty-finalizer.md): {% callout %} - [Avoid the declaration of empty interfaces](no-empty-interface.md): {% callout %} - [No blank lines at the start of a class](no-empty-lead-line-class.md): {% callout %} - [No leading empty lines in method blocks](no-empty-lead-line-method.md): {% callout %} - [Do not use an empty list as a default parameter](no-empty-list-as-parameter.md): {% callout %} - [Avoid empty destructuring patterns](no-empty-pattern.md): {% callout %} - [Avoid empty block statements](no-empty.md): {% callout %} - [Avoid using END blocks](no-end-blocks.md): {% callout %} - [do not use operations =+ and =-](no-equal-unary.md): {% callout %} - [Use of eval can be insecure](no-eval.md): {% callout %} - [Avoid reassigning exceptions in catch clauses](no-ex-assign.md): {% callout %} - [Do not throw exceptions in special methods](no-exception-special-methods.md): {% callout %} - [The use of exec can be insecure](no-exec.md): {% callout %} - [do not use exit()](no-exit.md): {% callout %} - [Avoid the any type](no-explicit-any.md): {% callout %} - [Omit the rb file extension in a require](no-explicit-rb-to-require.md): {% callout %} - [Do not extend Data.define](no-extend-data-define.md): {% callout %} - [You should not inherit from Struct.new](no-extend-struct-new.md): {% callout %} - [Avoid extra non-null assertions](no-extra-non-null-assertion.md): {% callout %} - [Avoid using runtime finalizers on exit](no-finalizers-on-exit.md): {% callout %} - [Avoid leading or trailing decimal points in numbers](no-floating-decimal.md): {% callout %} - [Prefer using iterators over for loops](no-for-loops.md): {% callout %} - [Dockerfiles should specify a base image](no-from-image.md): {% callout %} - [Avoid FTP connections](no-ftp.md): {% callout %} - [Disallow reassigning function declarations](no-func-assign.md): {% callout %} - [Avoid hardcoding secrets in JWT signing algorithms](no-hardcoded-secret.md): {% callout %} - [Avoid temporary hardcoded files](no-hardcoded-tempfile.md): {% callout %} - [Avoid html_safe](no-html-safe.md): {% callout %} - [Avoid HTTP url](no-http.md): {% callout %} - [Avoid unnecessary if-else chains that only returns a boolean](no-if-else-return.md): {% callout %} - [do not compare to True in a condition](no-if-true.md): {% callout %} - [Prevent the use methods similar to eval()](no-implied-eval.md): {% callout %} - [Prevent assigning to imported bindings](no-import-assign.md): {% callout %} - [Avoid explicit type declarations for variables and params](no-inferrable-types.md): {% callout %} - [Avoid variable or function declaration in nested blocks](no-inner-declarations.md): {% callout %} - [Avoid the use of the __iterator__ property](no-iterator.md): {% callout %} - [Create new IVs for every counter mode encryption operation](no-iv-reuse.md): {% callout %} - [Do not use latest tag](no-latest-tag.md): {% callout %} - [Prevents line break before assignment operator](no-line-break-before-assignment.md): {% callout %} - [Avoid if statements as the only statement in else blocks](no-lonely-if.md): {% callout %} - [Avoid MD5 to generate hashes](no-md5-digest.md): {% callout %} - [Avoid the use of chained assignment expressions](no-multi-assign.md): {% callout %} - [Avoid TypeScript namespaces](no-namespace.md): {% callout %} - [Avoid nested components](no-nested-components.md): {% callout %} - [Prevent nested method](no-nested-method.md): {% callout %} - [Avoid nested operators](no-nested-ternary.md): {% callout %} - [Avoid new operators with the Function object](no-new-func.md): {% callout %} - [Avoid Object constructors](no-new-object.md): {% callout %} - [Avoid privilege escalation via setuid or setgid](no-new-privileges.md): {% callout %} - [Avoid new statements with the Symbol object](no-new-symbol.md): {% callout %} - [Avoid new operators outside of assignments or comparisons](no-new.md): {% callout %} - [Avoid non-null assertions after an optional chain](no-non-null-optional-chain.md): {% callout %} - [do not use NullBooleanField](no-null-boolean.md): {% callout %} - [Avoid using octal literals to prevent unexpected behavior](no-octal.md): {% callout %} - [Avoid hash optional paramters](no-optional-hash-params.md): {% callout %} - [Do not use a predictable salt](no-predictable-salt.md): {% callout %} - [Avoid the use of the __proto__ property](no-proto.md): {% callout %} - [Do not use a pseudo-random number to generate a secret](no-pseudo-random-secret.md): {% callout %} - [Avoid pseudo-random numbers](no-pseudo-random.md): {% callout %} - [Do not use for i in range(len())](no-range-loop-with-len.md): {% callout %} - [Fragments should not be used when there is 1 child](no-redundant-fragments.md): {% callout %} - [Avoid usage of the return value of ReactDOM.render](no-render-return-value.md): {% callout %} - [Do not use template created with strings](no-render-template-string.md): {% callout %} - [Do not rescue the Exception class](no-rescue-exception.md): {% callout %} - [Avoid using 'rescue' as a modifier](no-rescue-modifier.md): {% callout %} - [Avoid assignment operators in return statements](no-return-assign.md): {% callout %} - [Do not return from an ensure block](no-return-ensure.md): {% callout %} - [Last user should not be root](no-root-user.md): {% callout %} - [RSA with no padding is insecure](no-rsa-no-padding.md): {% callout %} - [Avoid using JavaScript in URLs](no-script-url.md): {% callout %} - [Do not assign a variable to itself](no-self-assign.md): {% callout %} - [Avoid comparisons where both sides are exactly the same](no-self-compare.md): {% callout %} - [Avoid SHA1 to generate hashes](no-sha1-digest.md): {% callout %} - [Avoid side effects in a file that defines symbols](no-side-effect.md): {% callout %} - [Do not ignore Exception with a pass statement](no-silent-exception.md): {% callout %} - [Use an EOL comment over a single line block comment](no-single-line-block-comment.md): {% callout %} - [Avoid Thread.sleep in tests](no-sleep-in-tests.md): {% callout %} - [Avoid using string references](no-string-refs.md): {% callout %} - [Do not suppress exceptions without a comment](no-suppress-exceptions.md): {% callout %} - [Do not use positive values for a span's tabIndex attribute](no-tabindex-positive.md): {% callout %} - [Do not use `then` for multi-line if/unless/when/in](no-then.md): {% callout %} - [Do not use this in functional components](no-this-in-component.md): {% callout %} - [Do not use this in a static method](no-this-static.md): {% callout %} - [Avoid throwing literals instead of an object or error type](no-throw-literal.md): {% callout %} - [Avoid TrustStrategies that trust certificates blindly](no-trust-strategy.md): {% callout %} - [Headings must be accessible](no-unaccessible-heading.md): {% callout %} - [do not use __unicode__](no-unicode-on-models.md): {% callout %} - [Enforce not returning Unit type](no-unit-return.md): {% callout %} - [Avoid bind calls that are unnecessary](no-unnecessary-bind.md): {% callout %} - [Avoid unnecessary classes containing only static members](no-unnecessary-class.md): {% callout %} - [Avoid unnecessary ternary operations that return a boolean](no-unnecessary-ternary.md): {% callout %} - [Avoid unnecessary constraints on generic types](no-unnecessary-type-constraint.md): {% callout %} - [Disallow unreachable code](no-unreachable.md): {% callout %} - [Avoid assigning a value with type any](no-unsafe-assignment.md): {% callout %} - [Avoid unsafe CORS headers](no-unsafe-cors.md): {% callout %} - [Avoid unsafe declaration merging](no-unsafe-declaration-merging.md): {% callout %} - [Avoid negating the left operand of relational operators](no-unsafe-negation.md): {% callout %} - [Avoid external input controlling reflection](no-unsafe-reflection.md): {% callout %} - [Avoid unused expressions](no-unused-expressions.md): {% callout %} - [Avoid constructors that do nothing or only call super](no-useless-constructor.md): {% callout %} - [Avoid empty exports that don't change anything](no-useless-empty-export.md): {% callout %} - [Avoid unnecessary jump statements](no-useless-jumps.md): {% callout %} - [Avoid require statements](no-var-requires.md): {% callout %} - [Require let or const instead of var](no-var.md): {% callout %} - [No wildcard imports](no-wildcard-import.md): {% callout %} - [The with statement can lead to ambiguous code](no-with.md): {% callout %} - [Containers missing drop capabilities](no-drop-capabilities-for-containers.md): {% callout %} - [No password policy enabled](no-password-policy-enabled.md): {% callout %} - [No ROS stack policy](no-ros-stack-policy.md): {% callout %} - [No stack policy](no-stack-policy.md): {% callout %} - [Node auto upgrade disabled](node-auto-upgrade-disabled.md): {% callout %} - [Node restriction admission control plugin not set](node-restriction-admission-control-plugin-not-set.md): {% callout %} - [Tracing Node.js Applications](nodejs.md): The latest Node.js Tracer supports Node.js versions`>=18`. For a full list of Datadog's Node.js version and framewor... - [os.FileMode value appears it should be in octal](non-octal-os-filemode.md): {% callout %} - [Non kube-system pod with host mount](non-kube-system-pod-with-host-mount.md): {% callout %} - [Unrestricted capabilities in PodSecurityPolicy](not-limited-capabilities-for-pod-security-policy.md): {% callout %} - [Not proper email account in use](not-proper-email-account-in-use.md): {% callout %} - [Certificate authority is not unique](not-unique-certificate-authority.md): {% callout %} - [Notes and Links Widget](note.md): The **Notes & Links** widget is similar to the [free text widget](https://docs.datadoghq.com/dashboards/widgets/free_... - [Notebooks](notebooks.md): Notebooks are collaborative rich text documents that give you all the power of Datadog graphs. Multiple users can wor... - [Incident Notification](notification.md): Effective incident response depends on notifying the right people at the right time. Datadog Incident Management prov... - [Notification Rules](notification-rules.md): Automated notification rules ensure the right stakeholders are alerted about your incidents based on criteria you def... - [Notifications](notifications.md): Available for: - [Notifications and Integrations](notifications-integrations.md): {% callout %} - [prefer notna to notnull](notna-instead-of-notnull.md): {% callout %} - [SNS Topic should have restrictions set for publishing](npo-qzo-yjo.md): Update your Amazon Simple Notification Service (SNS) topic publishing permissions. - [VPC flow logging should be enabled in all VPCs](npt-kg2-pv2.md): VPC Flow Logs capture information about the IP traffic to and from network interfaces in your VPCs. This feature prov... - [Network Time Protocol (NTP) issues](ntp.md): If you have noticed any of the following issues, they may be related to the NTP offset on the hosts that are reportin... - [Enforce nullable type spacing](nullable-type-spacing.md): {% callout %} - [Controller Manager profiling should be disabled](nve-czf-sku.md): Classification:complianceFramework:cis-kubernetesControl:1.3.2 - [Potential cryptomining detected through IP callback](o2v-dml-922.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [Abnormal successful Microsoft 365 Exchange login event](o5s-014-bwz.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Large amount of downloads on Google Drive](o6k-nqg-bn1.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1213-data-from-in... - [OAuth2 Authorization Endpoints Reference](oauth2-endpoints.md): Applications using protected Datadog resources must be authorized by a user before they can access Datadog APIs on th... - [OAuth2 in Datadog](oauth2-in-datadog.md): This page provides a step-by-step overview on how to implement the OAuth protocol end-to-end on your application once... - [OAuth Apps](oauth-apps.md): Use the **OAuth Apps** management page under [Organization Settings](https://app.datadoghq.com/organization-settings/... - [Prevent deserialization](object-deserialization.md): {% callout %} - [Object is using a deprecated API version](object-is-using-a-deprecated-api-version.md): {% callout %} - [Ensure objects are used](objects-ensure-use.md): {% callout %} - [Observability Pipelines](observability-pipelines.md): Observability Pipelines allows you to collect and process logs within your own infrastructure, and then route them to... - [Observability](observability.md): {% callout %} - [Observability Pipelines](observability-pipelines-2.md): {% callout %} - [OCI Configuration Guide for Cloud SIEM](oci-config-guide-for-cloud-siem.md): Cloud SIEM applies detection rules to all processed logs in Datadog to detect threats such as targeted attacks, commu... - [Analytics Instance](ocianalytics-instancedataset.md): An Analytics Instance in Oracle Cloud Infrastructure is a managed service that provides a scalable environment for ru... - [Boot Volume](ociblockstorage-boot-volumedataset.md): A Boot Volume in Oracle Cloud Infrastructure is a detachable block storage device that contains the operating system ... - [Block Volume](ociblockstorage-volumedataset.md): Block Volume in OCI is a high-performance, durable storage resource that can be attached to compute instances. It pro... - [Bucket](ocibucketdataset.md): This table represents the Bucket resource from Oracle Cloud Infrastructure. - [Cloud Guard Configuration](ocicloudguard-configurationdataset.md): This table represents the Cloud Guard Configuration resource from Oracle Cloud Infrastructure. - [Autonomous Database](ocidatabase-autonomous-databasedataset.md): Autonomous Database in Oracle Cloud Infrastructure is a fully managed database service that automates provisioning, t... - [Event Rule](ocievents-ruledataset.md): An Event Rule in Oracle Cloud Infrastructure (OCI) is used to detect specific events within your tenancy and trigger ... - [File System](ocifilestorage-file-systemdataset.md): File System in OCI is a fully managed, scalable network file storage service that allows multiple compute instances t... - [Compartment](ociidentity-compartmentdataset.md): A Compartment in Oracle Cloud Infrastructure (OCI) is a logical container used to organize and isolate cloud resource... - [Identity Domain](ociidentity-domaindataset.md): An Identity Domain in Oracle Cloud Infrastructure is a security and identity management boundary that provides authen... - [Policy](ociidentity-policydataset.md): A Policy in Oracle Cloud Infrastructure (OCI) is a resource that defines permissions for groups of users to access sp... - [Region Subscription](ociidentity-region-subscriptiondataset.md): A Region Subscription in Oracle Cloud Infrastructure represents the association of a tenancy with a specific OCI regi... - [Tag Default](ociidentity-tag-defaultdataset.md): Tag Default in Oracle Cloud Infrastructure is a resource that automatically applies a predefined tag key and value to... - [Tenancy](ociidentity-tenancydataset.md): A Tenancy in Oracle Cloud Infrastructure (OCI) is the root compartment that represents an organization's account. It ... - [API Key](ociidentitydomains-api-keydataset.md): An API Key in Oracle Cloud Infrastructure (OCI) is a public key that you upload to your user account to enable secure... - [Auth Token](ociidentitydomains-auth-tokendataset.md): An Auth Token in Oracle Cloud Infrastructure is a password alternative used for authenticating with services that do ... - [Customer Secret Key](ociidentitydomains-customer-secret-keydataset.md): A Customer Secret Key in Oracle Cloud Infrastructure is a long-term credential that allows programmatic access to Obj... - [Dynamic Resource Group](ociidentitydomains-dynamic-resource-groupdataset.md): A Dynamic Resource Group in Oracle Cloud Infrastructure (OCI) is a logical group of resources that are defined by mat... - [Group](ociidentitydomains-groupdataset.md): A Group in Oracle Cloud Infrastructure (OCI) is a collection of users that share the same permissions. Instead of ass... - [Password Policy](ociidentitydomains-password-policydataset.md): Password Policy in OCI defines the rules and requirements for user account passwords within an OCI tenancy. It allows... - [Policy](ociidentitydomains-policydataset.md): A Policy in Oracle Cloud Infrastructure (OCI) is a set of permissions that define what actions groups of users can pe... - [Identity Domains Rule](ociidentitydomains-ruledataset.md): An Identity Domains Rule in Oracle Cloud Infrastructure (OCI) defines conditions and actions that automate identity m... - [Identity Domains User Database Credential](ociidentitydomains-user-db-credentialdataset.md): A User Database Credential in OCI Identity Domains represents the credentials that allow a user to authenticate to Or... - [Instance](ociinstancedataset.md): This table represents the Instance resource from Oracle Cloud Infrastructure. - [Integration Instance](ociintegration-instancedataset.md): An Integration Instance in Oracle Cloud Infrastructure is a managed environment for running Oracle Integration, which... - [Vault Key](ocikms-keydataset.md): A Vault Key in Oracle Cloud Infrastructure is a managed encryption key stored in the Vault service. It is used to pro... - [Key Version](ocikms-key-versiondataset.md): A Key Version in Oracle Cloud Infrastructure represents a specific cryptographic version of a master encryption key s... - [Log](ocilogging-logdataset.md): Log in Oracle Cloud Infrastructure is a resource that captures, stores, and manages log data from various OCI service... - [Log Group](ocilogging-log-groupdataset.md): A Log Group in Oracle Cloud Infrastructure (OCI) is a logical container used to organize and manage multiple logs tha... - [OCI Integration Billing](oci.md): Datadog bills for hosts running the Datadog Agent and all Oracle Cloud Infrastructure (OCI) Compute instances detecte... - [Capture Filter](ocinetwork-capture-filterdataset.md): A Capture Filter in Oracle Cloud Infrastructure (OCI) is a virtual network resource that defines rules to include or ... - [Network Security Group](ocinetwork-security-groupdataset.md): A Network Security Group (NSG) in OCI is a virtual firewall that lets you define and enforce security rules for a set... - [Network Security List](ocinetwork-security-listdataset.md): A Network Security List in OCI is a virtual firewall that controls inbound and outbound traffic at the subnet level. ... - [Network Security Rule](ocinetwork-security-ruledataset.md): This table represents the Network Security Rule resource from Oracle Cloud Infrastructure. - [Subnet](ocinetwork-subnetdataset.md): A Subnet in Oracle Cloud Infrastructure (OCI) is a logical subdivision of a Virtual Cloud Network (VCN). It provides ... - [Notification Topic](ocinotification-topicdataset.md): A Notification Topic in Oracle Cloud Infrastructure (OCI) is a communication channel used to broadcast messages to mu... - [Notification Topic Summary](ocinotification-topic-summarydataset.md): This table represents the Notification Topic Summary resource from Oracle Cloud Infrastructure. - [Subscription (Data Plane)](ocinotificationdataplane-subscriptiondataset.md): A Subscription (Data Plane) in OCI represents a customer's active agreement to use Oracle Cloud services. It defines ... - [Notification Subscription Summary](ocinotificationdataplane-subscription-summarydataset.md): This table represents the Notification Subscription Summary resource from Oracle Cloud Infrastructure. - [User](ociuserdataset.md): This table represents the User resource from Oracle Cloud Infrastructure. - [Virtual Cloud Network](ocivcndataset.md): This table represents the Virtual Cloud Network resource from Oracle Cloud Infrastructure. - [OCSF Processor](ocsf-processor.md): Cloud SIEM provides out-of-the-box [Open Cybersecurity Framework (OCSF) support](https://docs.datadoghq.com/security/... - [Offboarding teams and users from Datadog On-Call](offboarding-teams-and-users.md): {% callout %} - [Azure New Owner added to Azure Active Directory application](ofj-lse-l1a.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Okta Integration](okta-integration.md): Configure your [Datadog Okta integration](https://docs.datadoghq.com/integrations/okta/) directly through the Datadog... - [Okta SAML Identity Provider Configuration](okta.md): {% callout %} - [AWS ConsoleLogin with MFA triggered Impossible Travel scenario](oky-4op-88y.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Omit default slices](omit-default-slice-index.md): {% callout %} - [On-Call Paging](on-call-paging.md): Trigger and manage [Datadog On-Call](https://docs.datadoghq.com/service_management/on-call/) pages directly through t... - [On-Call](on-call.md): {% callout %} - [FROM or MAINTAINER cannot be triggered within ONBUILD](onbuild-allowed-actions.md): {% callout %} - [Separate lines for each field declaration](one-declaration-per-line.md): {% callout %} - [Use only an allowed registry in the FROM image](only-use-allowed-registry.md): {% callout %} - [OOTB Rules](ootb-rules.md): Datadog provides out-of-the-box (OOTB) threat detection rules to flag attacker techniques so you can immediately take... - [>-](op4-440-iu1.md): Create an activity log alert for the Delete Storage Account event. - [Use of unsanitized data to open file](open-file-unsanitized-data.md): {% callout %} - [Filename coming from the request](open-filename-from-request.md): {% callout %} - [Open Cybersecurity Schema Framework (OCSF) Common Data Model in Datadog](open-cybersecurity-schema-framework.md): Cloud SIEM collects and analyzes data from a wide range of sources such as cloud services, firewalls, networks, appli... - [Custom Jobs using OpenLineage](openlineage.md): {% alert level="info" %} - [OpenTelemetry in Datadog](opentelemetry.md): {% callout %} - [OpenTracing Instrumentation Setup](opentracing.md): If [OpenTelemetry](https://docs.datadoghq.com/tracing/trace_collection/otel_instrumentation/) or [`ddtrace`](https://... - [Operate CloudPrem](operate.md): {% callout %} - [Advanced setup for Datadog Operator](operator-advanced.md): [The Datadog Operator](https://github.com/DataDog/datadog-operator) is a way to deploy the Datadog Agent on Kubernete... - [Installing the Datadog Agent on Amazon EKS with the Datadog Operator add-on](operator-eks-addon.md): {% alert level="info" %} - [Opsgenie Integration](opsgenie-integration.md): Configure your [Datadog Opsgenie integration](https://docs.datadoghq.com/integrations/opsgenie/) directly through the... - [Optional arguments should appear at the end](optional-arguments.md): {% callout %} - [Do not use Optional on ref or out. parameters](optional-ref-out.md): {% callout %} - [Oracle](oracle.md): To set up Cloud Cost Management for Oracle Cloud Infrastructure (OCI) in Datadog, you should: - [Org Connections](org-connections.md): Manage connections between organizations. Org connections allow for controlled sharing of data between different Data... - [Organization Settings](org-settings.md): The Organization Settings section is available to [Administrators](https://docs.datadoghq.com/account_management/user... - [Switching Between Organizations](org-switching.md): If you belong to multiple Datadog organizations, the org switcher at the bottom left of the nav bar allows you to tog... - [Organizations](organizations.md): Create, edit, and manage your organizations. Read more about [multi-org accounts](https://docs.datadoghq.com/account_... - [assigning to os.environ does not clear the environment](os-environ-no-assign.md): {% callout %} - [Unsanitized data is sent to popen, causing command injection](os-popen-command-injection.md): {% callout %} - [Call of a spawn process without sanitization](os-spawn.md): {% callout %} - [Command coming from incoming request](os-system-from-request.md): {% callout %} - [Use of unsanitized data to create processes](os-system-unsanitized-data.md): {% callout %} - [Command execution without sanitization](os-system.md): {% callout %} - [OSLogin disabled](os-login-disabled.md): {% callout %} - [OSLogin is disabled for VM instance](os-login-is-disabled-for-vm-instance.md): {% callout %} - [OSS bucket allows all actions from all principals](oss-bucket-allows-all-actions-from-all-principals.md): {% callout %} - [OSS bucket allows delete action from all principals](oss-bucket-allows-delete-from-all-principals.md): {% callout %} - [OSS bucket allows list action from all principals](oss-bucket-allows-list-action-from-all-principals.md): {% callout %} - [OSS bucket allows put action from all principals](oss-bucket-allows-put-action-from-all-principals.md): {% callout %} - [OSS bucket encryption using CMK disabled](oss-bucket-cmk-encryption-disabled.md): {% callout %} - [OSS bucket has static website](oss-bucket-has-static-website.md): {% callout %} - [OSS bucket IP restriction disabled](oss-bucket-ip-restriction-disabled.md): {% callout %} - [OSS bucket lifecycle rule disabled](oss-bucket-lifecycle-disabled.md): {% callout %} - [OSS bucket logging disabled](oss-bucket-logging-disabled.md): {% callout %} - [OSS bucket public access enabled](oss-bucket-public-access-enabled.md): {% callout %} - [OSS bucket transfer acceleration disabled](oss-bucket-transfer-acceleration-disabled.md): {% callout %} - [OSS bucket versioning disabled](oss-bucket-versioning-disabled.md): {% callout %} - [OSS buckets secure transport disabled](oss-buckets-securetransport-disabled.md): {% callout %} - [macOS](osx.md): This page outlines the basic features of the Datadog Agent for macOS. See the [Supported Platforms](https://docs.data... - [Encrypted administrator password retrieved for Windows EC2 instance](otd-at8-rcy.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-crede... - [.NET Custom Instrumentation using the OpenTelemetry API](otel.md): There are a few reasons to manually instrument your applications with the OpenTelemetry API: - [Custom Instrumentation with the OpenTelemetry API](otel-instrumentation.md): Datadog tracing libraries provide an implementation of the [OpenTelemetry API](https://opentelemetry.io/docs/referenc... - [Correlate APM Data with Other Telemetry](other-telemetry.md): Correlating data by various Datadog products gives context to help estimate the business impact and find the root cau... - [Do not use OutAttribute on string parameters for P/Invokes](outattr-on-pinvoke.md): {% callout %} - [Outdated GKE version](outdated-gke-version.md): {% callout %} - [Output without description](output-without-description.md): {% callout %} - [Overlays](overlays.md): {% callout %} - [Attack Summary](overview.md): {% callout %} - [Runc binary modified](p1b-13u-xtn.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1611-es... - [Windows firewall disabled](p2q-2n2-wik.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Windows Domain Admin group changed](p9l-g28-nxb.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Package names should not contain uppercase characters](package-case.md): {% callout %} - [Enforce packing naming convention](package-naming.md): {% callout %} - [PagerDuty Integration](pagerduty-integration.md): Configure your [Datadog-PagerDuty integration](https://docs.datadoghq.com/integrations/pagerduty/) directly through t... - [Do not use parallel assignment to define variables](parallel-assignment.md): {% callout %} - [Parameter name should use camelCase](parameter-name.md): {% callout %} - [Capturing SQL Query Parameter Values With Database Monitoring](parameterized-queries.md): The Database Monitoring integrations collect aggregated query metrics, in-flight query executions, and query explain ... - [An empty parentheses block before a lambda is redundant.](parens-before-trailing-lambda.md): {% callout %} - [Partners](partners.md): Datadog Partner Network DocumentationJoin Now - [Password without reuse prevention](password-without-reuse-prevention.md): {% callout %} - [Prevent path injection](path-injection.md): {% callout %} - [Potential path traversal from request](path-traversal-file-read.md): {% callout %} - [Avoid path traversal](path-traversal.md): {% callout %} - [Pattern-based Correlation](patterns.md): {% callout %} - [What payment methods are accepted?](payment-methods.md): All major credit and debit cards are accepted when signing up online, including Visa, MasterCard, Discover, and Ameri... - [Log4shell RCE attempts - CVE-2021-44228](pd3-xlj-up0.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Peer auto TLS set to true](peer-auto-tls-set-to-true.md): {% callout %} - [Datadog Role Permissions](permissions.md): Permissions define the type of access a user has to a given resource. Typically, permissions give a user the right to... - [Avoid overly permissive CORS](permissive-cors.md): {% callout %} - [Permissive access to create Pods](permissive-access-to-create-pods.md): {% callout %} - [Upgrading to PostgreSQL 15 and higher](pg15-upgrade.md): Run this command on each database host to enable the additional permission needed for the`datadog`user: - [Google Cloud Service Account accessing anomalous number of Google Cloud APIs](pgl-8ie-264.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1580-cloud-infrast... - [Tracing PHP Applications](php.md): The minimum PHP version requirement for the latest version of`dd-trace-php`is PHP 7. If you are using PHP 5, you ca... - [Deep call stacks on PHP 5](php-5-deep-call-stacks.md): PHP supports a virtually infinite call stack. However, the function call hook provided by the Zend Engine,`zend_exec... - [(Legacy) PHP Compatibility Requirements](php-v0.md): {% alert level="danger" %} - [The docker.service file should have auditing configured if applicable](pi5-992-feg.md): Classification:complianceFramework:cis-dockerControl:1.2.6 - [Pie Chart Widget](pie-chart.md): The pie chart widget can display a single dataset with corresponding proportions, or multiple datasets with nested pr... - [Do not use cache when installing packages](pip-no-cache.md): {% callout %} - [Always pin versions with pip](pip-pin-versions.md): {% callout %} - [Pipeline Data Model And Execution Types](pipeline-data-model.md): {% callout %} - [Processing Configuration](pipelines.md): {% callout %} - [Pipelines and Processors](pipelines-and-processors.md): Datadog Event Management Pipelines allow you to process and manage events from various sources efficiently. With pipe... - [Use pivot_table instead of pivot or unstack](pivot-table.md): {% callout %} - [Log4j Scanner detected in user agent or referrer](pk1-cvn-6t2.md): Classification:attackTactic:[TA0043-reconnaissance](https://attack.mitre.org/tactics/TA0043)Technique:[T1595-active-s... - [Prefer using render plain](plain-text-rendering.md): {% callout %} - [Plan your Datadog installation](plan.md): When you plan a new software installation, its crucial to understand its capabilities, objectives, timelines, teams, ... - [Plan and Usage Settings](plan-and-usage.md): [Administrators](https://docs.datadoghq.com/account_management/users/default_roles/) can access the [organization set... - [Planning](planning.md): The Planning section of Cloud Cost Management helps you take control of your cloud spend by enabling you to set budge... - [Validate platform capatibility](platform-compatibility.md): {% callout %} - [Pod misconfigured network policy](pod-misconfigured-network-policy.md): {% callout %} - [Pod or container without LimitRange](pod-or-container-without-limit-range.md): {% callout %} - [Pod or container without ResourceQuota](pod-or-container-without-resource-quota.md): {% callout %} - [Pod or container without security context](pod-or-container-without-security-context.md): {% callout %} - [Pod security policy admission control plugin not set](pod-security-policy-admission-control-plugin-not-set.md): {% callout %} - [Pod security policy disabled](pod-security-policy-disabled.md): {% callout %} - [Using the Docker integration with Podman container runtime](podman-support-with-docker-integration.md): Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Re... - [Policies](policies.md): {% callout %} - [Policy without principal](policy-without-principal.md): {% callout %} - [ssl_enforcement_enabled is not set to ENABLED for PostgreSQL database server](postgres-enforce-ssl-connection-disabled.md): {% callout %} - [Ensure that PostgreSQL server disables public network access](postgres-sql-server-enables-public-access.md): {% callout %} - [PostgreSQL log checkpoints disabled](postgresql-log-checkpoints-disabled.md): {% callout %} - [PostgreSQL log connections not set](postgresql-log-connections-not-set.md): {% callout %} - [PostgreSQL log disconnections not set](postgresql-log-disconnections-not-set.md): {% callout %} - [PostgreSQL log duration not set](postgresql-log-duration-not-set.md): {% callout %} - [PostgreSQL server infrastructure encryption disabled](postgresql-server-infrastructure-encryption-disabled.md): {% callout %} - [PostgreSQL Server threat detection policy disabled](postgresql-server-threat-detection-policy-disabled.md): {% callout %} - [PostgreSQL server without connection throttling](postgresql-server-without-connection-throttling.md): {% callout %} - [Specify origin in postMessage](postmessage-permissive-origin.md): {% callout %} - [SQL injection in SqlUtil.execQuery](potential-sql-injection.md): {% callout %} - [Power BI](powerbi.md): Datadog's Power BI integration helps data teams make changes to their data platform without breaking dashboards, and ... - [Powerpack](powerpack.md): The Powerpack endpoints allow you to: - [Scale Graphing Expertise with Powerpacks](powerpacks-best-practices.md): Powerpacks are templated groups of widgets that scale graphing expertise as reusable dashboard building blocks. They ... - [PR Gates](pr-gates.md): {% callout %} - [>-](pra-z9v-3ig.md): Classification:complianceFramework:cis-kubernetesControl:1.1.8 - [Use predicate methods over explicit comparisons with `==`](predicate-methods.md): {% callout %} - [Avoid predictable IV](predictable-iv.md): {% callout %} - [Prefer using an object spread over `Object.assign`](prefer-object-spread.md): {% callout %} - [Prefer an optional chain instead of chaining operators](prefer-optional-chain.md): {% callout %} - [Prefer using require_once or include_once](prefer-require-include-once.md): {% callout %} - [References in a static method should prefer static over self](prefer-static-reference.md): {% callout %} - [Preserve the thrown stack trace](preserve-stack-trace.md): {% callout %} - [Avoid attr](prevent-attr.md): {% callout %} - [Pricing](pricing.md): Datadog has many pricing plans to fit your needs. For more information, see the [Pricing](https://www.datadoghq.com/p... - [Do not use Printf with Sprintf](printf-sprintf.md): {% callout %} - [Connect to Datadog over AWS PrivateLink](private-link.md): {% callout %} - [Private Actions Overview](private-actions.md): {% callout %} - [Private cluster disabled](private-cluster-disabled.md): {% callout %} - [Getting Started with Private Locations](private-location.md): Private locations allow you to **monitor internal-facing applications** or private URLs that aren't accessible from t... - [Privilege escalation allowed](privilege-escalation-allowed.md): {% callout %} - [Prefer proc over Proc.new](proc-over-procnew.md): {% callout %} - [Live Processes](process.md): {% alert level="info" %} - [Processes](processes.md): The processes API allows you to query processes data for your organization. See the [Live Processes page](https://doc... - [Processing Configuration](processing.md): {% callout %} - [Product Analytics](product-analytics.md): Send server-side events to Product Analytics. Server-Side Events Ingestion allows you to collect custom events from a... - [Product Allotments](product-allotments.md): Allotments provide additional usage that comes with subscriptions to select parent products. They grant a certain amo... - [Product Analytics](product-analytics-2.md): Product Analytics helps you gain insight into user behavior and make data-driven decisions. It can help solve the fol... - [Product-Specific Search](product-specific-reference.md): Each Datadog product offers unique search capabilities optimized for its use case. This page provides a comprehensive... - [Profile Settings](profile-settings.md): {% callout %} - [Profile Types](profile-types.md): In the **Profiles** tab, you can see all profile types available for a given language. Depending on the language and ... - [Profile Visualizations](profile-visualizations.md): {% video - [Continuous Profiler](profiler.md): Find CPU, memory, and IO bottlenecks, broken down by method name, class name, and line number, to significantly reduc... - [Profiler Troubleshooting](profiler-troubleshooting.md): - [go](go) - [Profiling Flame Graph Widget](profiling-flame-graph.md): {% image - [Profiling not set to false](profiling-not-set-to-false.md): {% callout %} - [Project-wide SSH keys are enabled in VM instances](project-wide-ssh-keys-are-enabled-in-vm-instances.md): {% callout %} - [Projects](projects.md): {% callout %} - [Docker Prometheus and OpenMetrics metrics collection](prometheus.md): Collect your exposed Prometheus and OpenMetrics metrics from your application running inside your containers by using... - [Ensure you don't use promises without `await`ing them first.](promise-await.md): {% callout %} - [Property Fields](property-fields.md): Custom property fields enable you to capture important attributes unique to your organization, such as specific produ... - [Datadog Agent Proxy Configuration](proxy.md): You can configure the Datadog Agent to send traffic through an HTTP/HTTPS proxy. A proxy is typically used to send tr... - [Testing With Proxies, Firewalls, or VPNs](proxy-firewall-vpn.md): Most of the development cycle happens within private networks, which are usually inaccessible to Synthetic tests. Wit... - [Tracing a Proxy](proxy-setup.md): You can set up tracing to include collecting trace information about proxies. - [Using a Squid proxy](proxy-squid.md): [Squid](http://www.squid-cache.org/) is a forward proxy for the web supporting HTTP, HTTPS, FTP, and more. It runs on... - [Azure AD member assigned Global Administrator role](psm-gpc-pgy.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [PSP allows containers to share the host network namespace](psp-allows-containers-to-share-the-host-network-namespace.md): {% callout %} - [PSP allows privilege escalation](psp-allows-privilege-escalation.md): {% callout %} - [PSP allows sharing host IPC](psp-allows-sharing-host-ipc.md): {% callout %} - [PSP allows sharing host PID](psp-allows-sharing-host-pid.md): {% callout %} - [PodSecurityPolicy allows host network sharing](psp-containers-share-host-network-namespace.md): {% callout %} - [PSP set to privileged](psp-set-to-privileged.md): {% callout %} - [PSP with added capabilities](psp-with-added-capabilities.md): {% callout %} - [PSP with unrestricted access to host path](psp-with-unrestricted-access-to-host-path.md): {% callout %} - [IAM password policy should require at least one lowercase letter](ptg-n4i-d7q.md): Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used t... - [The API server should set up TLS connection for client authentication](ptn-ejx-ehd.md): Classification:complianceFramework:cis-kubernetesControl:1.2.31 - [Avoid using a public contructor for an abstract class](public-abstract-constructors.md): {% callout %} - [How Datadog Determines if Resources are Publicly Accessible](public-accessibility-logic.md): Datadog uses a graph processing framework to map relationships between cloud resources to determine whether they are ... - [Public and private EC2 share role](public-and-private-ec2-share-role.md): {% callout %} - [Public Lambda function via API Gateway](public-lambda-via-api-gateway.md): {% callout %} - [Public security group rule all ports or protocols](public-security-group-rule-all-ports-or-protocols.md): {% callout %} - [Public security group rule sensitive port](public-security-group-rule-sensitive-port.md): {% callout %} - [Public security group rule unknown port](public-security-group-rule-unknown-port.md): {% callout %} - [Public storage account](public-storage-account.md): {% callout %} - [Pub/Sub Topics are anonymously or publicly accessible](pubsub-topic-is-public.md): {% callout %} - [Pull Request Comments](pull-request-comments.md): {% callout %} - [Puppet](puppet.md): This module installs the Datadog Agent and sends Puppet reports to Datadog. - [Set Up Push Notifications on Mobile App](push-notification.md): {% callout %} - [The /etc/sysconfig/docker file should be owned by the root account and group](pv5-2tt-sp9.md): Classification:complianceFramework:cis-dockerControl:3.20 - [Profiling for API server should be disabled, if not needed](pv9-m3h-8wy.md): Classification:complianceFramework:cis-kubernetesControl:1.2.21 - [Python 3 Custom Check Migration](python-3.md): {% alert level="info" %} - [Tracing Python Applications](python.md): For a full list of Datadog's Python version and framework support (including legacy and maintenance versions), read t... - [Name Service Switch configuration modified](pzv-32s-1sa.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1556-modify-... - [A Kubernetes user was assigned cluster administrator permissions](q2g-reo-fw1.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-ac... - [>-](q72-h6h-g9s.md): Classification:complianceFramework:cis-kubernetesControl:1.1.20 - [The scheduler.conf file should be owned by root:root](q7w-nkp-qda.md): Classification:complianceFramework:cis-kubernetesControl:1.1.16 - [Containers should run as a non-root user](qbp-5k8-mec.md): Classification:complianceFramework:cis-dockerControl:4.1 - [The certificate authorities file should be owned by root:root](qdb-sfn-ny3.md): Classification:complianceFramework:cis-kubernetesControl:4.1.8 - [A new Microsoft Teams app or bot was observed](qdk-m4v-gw0.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1137-office-appl... - [Containers should not be allowed to share the host network namespace](qet-z9y-rwq.md): Classification:complianceFramework:cis-kubernetesControl:5.2.4 - [Azure Datadog Log Forwarder Deleted](qh4-l0f-cy9.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [The container's health should be constantly monitored](qja-9wz-744.md): Classification:complianceFramework:cis-dockerControl:5.26 - [IAM policies should adhere to least-privilege](qjy-cke-wd7.md): IAM policies define privileges granted to users, groups, or roles. Best practice recommends granting only the permiss... - [Python executed with suspicious arguments](qmh-7zh-cwn.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-s... - [IAM server certificate should be renewed 30 days before expiration](qrd-odv-n89.md): Ensure that your IAM service SSL/TLS certificates are renewed 30 days prior to their validity period ending. - [Quality Monitoring](quality-monitoring.md): Quality Monitoring detects issues such as data freshness delays, unusual data patterns, and changes in column-level m... - [Quantization of APM Data](quantization.md): During ingestion, Datadog applies *quantization* to APM data such as random globally unique IDs (GUIDs), numeric IDs,... - [Queries](queries.md): {% callout %} - [Query data to a text file, step by step](query-data-to-a-text-file-step-by-step.md): This article explains how to set up an environment to make the most of the Datadog API and includes how to pull or pu... - [Query the Infrastructure List with the API](query-the-infrastructure-list-via-the-api.md): If you're a more advanced Datadog user, you may want to use [the API](https://docs.datadoghq.com/api/) to query gener... - [Query to the Graph](query-to-the-graph.md): This page focuses on describing the steps performed by Datadog's graphing system from the query to the graph, so that... - [Exploring Query Metrics](query-metrics.md): The Query Metrics view shows historical query performance for normalized queries. Visualize performance trends by inf... - [Exploring Query Samples](query-samples.md): The [Samples page](https://app.datadoghq.com/databases/samples) helps you understand which queries were running at a ... - [Query Syntax](query-syntax.md): All search parameters are contained in the url of the page, which can be helpful for sharing your view. - [Query Value Widget](query-value.md): Query values display the current value of a given metric, APM, or log query. They come with conditional formatting (s... - [Querying](querying.md): Whether you are using metrics, logs, traces, monitors, dashboards, notebooks, etc., all graphs in Datadog have the sa... - [Quick Graphs](quick-graphs.md): You can use Quick Graphs to graph your data from anywhere in Datadog. - [Database Monitoring Quick Install for Postgres RDS](quick-install.md): Database Monitoring Quick Install for RDS enables you to quickly set up Agents to monitor your RDS Postgres instances... - [CloudPrem Quickstart](quickstart.md): {% callout %} - [IAM access keys that are inactive and older than 1 year should be removed](r1s-kud-79s.md): This rule identifies IAM access keys that are older than one year and have not been used in the past 30 days. - [IAM password policy should require at least one symbol](r88-a34-ppx.md): Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used t... - [Data Streams Monitoring for RabbitMQ](rabbitmq.md): - [Datadog Agent v7.34.0 or later](https://docs.datadoghq.com/agent) - [Setting Up Database Monitoring for Oracle RAC](rac.md): Database Monitoring provides deep visibility into your Oracle databases by exposing query samples to profile your dif... - [Specify the base to parse numbers in](radix.md): {% callout %} - [Avoid constantize](rails-avoid-constantize.md): {% callout %} - [Avoid raw, which leads to XSS](rails-avoid-raw.md): {% callout %} - [Avoid hardcoded basic auth with rails](rails-basic-auth.md): {% callout %} - [Ensure cookies are serialized using JSON](rails-cookies-serializer.md): {% callout %} - [Ensure forgery protection is enabled](rails-csrf.md): {% callout %} - [Ensure HTML entities are escaped in JSON](rails-escape-json-entities.md): {% callout %} - [Avoid manual template creation](rails-manual-template.md): {% callout %} - [Avoid path traversal for Ruby on Rails applications](rails-path-traversal.md): {% callout %} - [Avoid sending files without sanitizing user input](rails-send-file.md): {% callout %} - [Do not raise NotImplemented - it does not exists](raising-not-implemented.md): {% callout %} - [RAM account password policy max login attempts not recommended](ram-account-password-policy-max-login-attempts-unrecommended.md): {% callout %} - [RAM account password policy max password age not recommended](ram-account-password-policy-max-password-age-unrecommended.md): {% callout %} - [RAM account password policy does not enforce minimum password length](ram-account-password-policy-not-required-minimum-length.md): {% callout %} - [RAM account password policy does not require numbers](ram-account-password-policy-not-required-numbers.md): {% callout %} - [RAM account password policy does not require symbols](ram-account-password-policy-not-required-symbols.md): {% callout %} - [RAM account password policy without reuse prevention](ram-account-password-policy-without-reuse-prevention.md): {% callout %} - [RAM account password policy not require at least one lowercase character](ram-password-security-policy-not-require-at-least-one-lowercase-character.md): {% callout %} - [RAM account password policy not require at least one uppercase character](ram-password-security-policy-not-require-at-least-one-uppercase-character.md): {% callout %} - [RAM policy admin access not attached to users groups roles](ram-policy-admin-access-not-attached-to-users-groups-roles.md): {% callout %} - [RAM policy attached to user](ram-policy-attached-to-user.md): {% callout %} - [RAM security preference does not enforce MFA login](ram-security-preference-not-enforce-mfa.md): {% callout %} - [Use a randomly-generated IV](random-iv.md): {% callout %} - [Prefer using ranges for random numbers](random-numbers.md): {% callout %} - [Prevent Memory Aliasing](range-memory-aliasing.md): {% callout %} - [Enforce range operator spacing](range-spacing.md): {% callout %} - [Prefer ranges/between over of complex comparisons](ranges-or-between.md): {% callout %} - [Rank](rank.md): | Function | Description | Example | - [Rate](rate.md): | Function | Description | Example | - [Access Control](rbac.md): Datadog offers a flexible access management system that allows you to customize the level at which you control access... - [RBAC roles allow privilege escalation](rbac-roles-allow-privilege-escalation.md): {% callout %} - [RBAC roles with attach permission](rbac-roles-with-attach-permission.md): {% callout %} - [RBAC roles with exec permission](rbac-roles-with-exec-permission.md): {% callout %} - [RBAC roles with impersonate permission](rbac-roles-with-impersonate-permission.md): {% callout %} - [RBAC roles with port-forwarding permission](rbac-roles-with-portforwarding-permissions.md): {% callout %} - [RBAC roles with read secrets permissions](rbac-roles-with-read-secrets-permissions.md): {% callout %} - [RBAC wildcard in rule](rbac-wildcard-in-rule.md): {% callout %} - [Watchdog RCA](rca.md): Watchdog Root Cause Analysis (RCA) helps you reduce mean time to recovery (MTTR) by automating preliminary investigat... - [The admin.conf file should have permissions of 644 or more restrictive](rcu-ycq-7td.md): Classification:complianceFramework:cis-kubernetesControl:1.1.13 - [OGNL injection attack attempts on routes parsing OGNL](rd9-5e2-h47.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [RDP access is not restricted](rdp-access-is-not-restricted.md): {% callout %} - [RDP is exposed to the internet](rdp-is-exposed-to-the-internet.md): {% callout %} - [RDS Component](rds.md): Use the RDS component to represent relational databases from your Amazon Web Services architecture. - [RDS associated with a public subnet](rds-associated-with-public-subnet.md): {% callout %} - [Configuring Database Monitoring for Amazon RDS DB Instances](rds-autodiscovery.md): This guide assumes you have configured Database Monitoring for your Amazon RDS [Postgres](https://docs.datadoghq.com/... - [RDS cluster with backup disabled](rds-cluster-with-backup-disabled.md): {% callout %} - [RDS database cluster not encrypted](rds-database-cluster-not-encrypted.md): {% callout %} - [RDS DB instance publicly accessible](rds-db-instance-publicly-accessible.md): {% callout %} - [RDS DB instance with deletion protection disabled](rds-db-instance-with-deletion-protection-disabled.md): {% callout %} - [RDS DB instance publicly accessible](rds-instance-address-publicly-accessible.md): {% callout %} - [RDS instance events not logged](rds-instance-events-not-logged.md): {% callout %} - [RDS instance log connections disabled](rds-instance-log-connections-disabled.md): {% callout %} - [RDS instance log disconnections disabled](rds-instance-log-disconnections-disabled.md): {% callout %} - [RDS instance log duration disabled](rds-instance-log-duration-disabled.md): {% callout %} - [RDS DB instance publicly accessible](rds-instance-publicly-accessible.md): {% callout %} - [RDS instance retention period not recommended](rds-instance-retention-not-recommended.md): {% callout %} - [RDS instance SSL action disabled](rds-instance-ssl-action-disabled.md): {% callout %} - [RDS instance TDE status disabled](rds-instance-tde-status-disabled.md): {% callout %} - [RDS Multi-AZ deployment disabled](rds-multi-az-deployment-disabled.md): {% callout %} - [RDS storage encryption disabled](rds-storage-encryption-disabled.md): {% callout %} - [RDS storage not encrypted](rds-storage-not-encrypted.md): {% callout %} - [RDS using default port](rds-using-default-port.md): {% callout %} - [RDS with backup disabled](rds-with-backup-disabled.md): {% callout %} - [RDS without logging](rds-without-logging.md): {% callout %} - [SQL injection exploited](re3-xfr-z60.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Do not inject unsanitized HTML](react-dangerously-inner-html.md): {% callout %} - [React Feature Flags](react.md): {% callout %} - [React Renderer](react-renderer.md): {% callout %} - [React Native Crash Reporting and Error Tracking](reactnative.md): Enable React Native Crash Reporting and Error Tracking to get comprehensive crash reports and error trends with Real ... - [Prefer using self over read attribute](read-attribute.md): {% callout %} - [Readiness probe is not configured](readiness-probe-is-not-configured.md): {% callout %} - [Getting Started with Datadog](readme.md): title: Getting Started with Datadog - [Running the Datadog Agent with a Read-Only Root Filesystem (ROFS)](readonly-root-filesystem.md): Enabling read-only root filesystem (ROFS) has become a common container security practice to prevent unauthorized mod... - [Real-Time Costs](real-time-costs.md): {% callout %} - [Create a Real-Time Rule](real-time-rule.md): Real-time detection rules continuously monitors and analyzes incoming logs for security threats. These rules trigger ... - [RUM & Session Replay](real-user-monitoring.md): {% callout %} - [Potential NoSQL injection in Realm query](realm-nosql-injection.md): {% callout %} - [APM Recommendations](recommendations.md): {% callout %} - [Best Practices For Tagging Events](recommended-event-tags.md): Datadog recommends using [unified service tagging](https://docs.datadoghq.com/getting_started/tagging/unified_service... - [Do not redefine built-in ID](redefine-builtin-id.md): {% callout %} - [Redis cache allows non SSL connections](redis-cache-allows-non-ssl-connections.md): {% callout %} - [Redis disabled](redis-disabled.md): {% callout %} - [Redis entirely accessible](redis-entirely-accessible.md): {% callout %} - [Redis not compliant](redis-not-compliant.md): {% callout %} - [Redis not updated regularly](redis-not-updated-regularly.md): {% callout %} - [Redis publicly accessible](redis-publicly-accessible.md): {% callout %} - [Redshift Component](redshift.md): Use the Redshift component to represent data warehouses from your Amazon Web Services architecture. - [Redshift cluster logging disabled](redshift-cluster-logging-disabled.md): {% callout %} - [Redshift cluster without a KMS CMK](redshift-cluster-without-kms-cmk.md): {% callout %} - [Redshift cluster without VPC](redshift-cluster-without-vpc.md): {% callout %} - [Redshift not encrypted](redshift-not-encrypted.md): {% callout %} - [Redshift publicly accessible](redshift-publicly-accessible.md): {% callout %} - [Redshift using default port](redshift-using-default-port.md): {% callout %} - [Server fingerprinting misconfiguration](reduce-server-fingerprinting.md): {% callout %} - [Avoid redundant initialization](redundant-initializer.md): {% callout %} - [Avoid redundant modifiers](redundant-modifiers.md): {% callout %} - [Do not use redundant negation](redundant-negation.md): {% callout %} - [Avoid redundant nil check](redundant-nil-check.md): {% callout %} - [Suggest using string's indexer property over toCharArray()](redundant-tochararray.md): {% callout %} - [Omit redundant type declaration](redundant-type-var-declaration.md): {% callout %} - [Document comments should reference existing parameters](reference-documentation-comment.md): {% callout %} - [Do not use ReferenceEquals with value types](reference-equals-value-types.md): {% callout %} - [Reference Tables](reference-tables.md): View and manage Reference Tables in your organization. - [Reference Tables](reference-tables-2.md): Reference Tables allow you to combine custom metadata with information already in Datadog. You can define new entitie... - [Refresh token is exposed](refresh-token-is-exposed.md): {% callout %} - [Do not use variable for regular expressions](regexp-non-literal.md): {% callout %} - [Prevent using escapes in regular expression](regexp-raw-string.md): {% callout %} - [Regexp FindAll with n=0 returns nothing](regexp-zero-results.md): {% callout %} - [Region](region.md): Use the Region component to represent physical locations from your Amazon Web Services architecture. - [Regression](regression.md): | Function | Description | Example | - [Regression Detection](regression-detection.md): A regression refers to the unintended reappearance of a bug or issue that was previously fixed. In Datadog, resolved ... - [View a misconfiguration's related logs](related-logs.md): Datadog Cloud Security's Related Logs feature allows you to quickly identify cloud audit logs that relate to a specif... - [Migrate Indexed Logs and RUM in the Hourly Usage and Summary Usage APIs](relevant-usage-migration.md): On October 1, 2024, two API endpoints will change: - [Remapper](remapper.md): The remapper processor remaps any source attribute(s) or tags to another target attribute or tag. For example, remap ... - [Remediate issues](remediate-issues.md): {% callout %} - [Setting up Remote Configuration for Tracing](remote-config.md): {% callout %} - [Remote Configuration](remote-configuration.md): {% callout %} - [Ensure web app is not remotely debuggable](remote-debugging-enabled-app-service.md): {% callout %} - [Remote Desktop port open to the internet](remote-desktop-port-open-to-internet.md): {% callout %} - [Remote Agent Management](remote-management.md): {% callout %} - [Should use Map instead of Hashtable](replace-hashtable-with-map.md): {% callout %} - [Do not copy a slice in a for loop](replace-loop-copy.md): {% callout %} - [Replace Vector with List](replace-vector-with-list.md): {% callout %} - [Error Tracking Replay Snippets](replay-errors.md): {% callout %} - [Filter large requests](request-length.md): {% callout %} - [verify should be True](request-verify.md): {% callout %} - [Request timeout not properly set](request-timeout-not-properly-set.md): {% callout %} - [Do not make http calls without encryption](requests-http.md): {% callout %} - [no timeout was given on call to external resource](requests-timeout.md): {% callout %} - [Enforce class for returning value in render function](require-render-return.md): {% callout %} - [Require yield in generator functions](require-yield.md): {% callout %} - [Security Research Feed](research-feed.md): The Datadog Security Research Feed provides continuously updated security-related content to help organizations stay ... - [How do I reset my password?](reset-password.md): You can reset your password on the **[Reset your password](https://app.cloudcraft.co/iforgot)** page. - [Resource-based sampling](resource-based-sampling.md): {% callout %} - [Datadog Resource Catalog](resource-catalog.md): Datadog Resource Catalog is the central hub of all your infrastructure resources. It can help you manage resource com... - [Use Filters to Exclude Resources from Evaluation](resource-evaluation-filters.md): You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security.... - [Resource not using tags](resource-not-using-tags.md): {% callout %} - [Resource Page](resource-page.md): {% image - [Respond (SOAR) and Report](respond-and-report.md): {% callout %} - [Responder Types](responder-types.md): Assigning specific roles such as Incident Commander or Communications Lead allows for a more organized and structured... - [Incident Response Team](response-team.md): Form your response team by adding other users and assigning them responder types (responder roles) so they know what ... - [Do not bypass HTML escaping with ResponseWriter](responsewriter-no-fprintf.md): {% callout %} - [Send logs to CloudPrem with REST API](rest-api.md): {% callout %} - [REST API with vulnerable policy](rest-api-with-vulnerable-policy.md): {% callout %} - [Can I disable or restrict the export options?](restrict-export-options.md): Cloudcraft Enterprise customers can disable exporting to third-party services like Draw.io and Modules.tf. - [Restriction Policies](restriction-policies.md): A restriction policy defines the access control rules for a resource, mapping a set of relations (such as editor and ... - [Synthetic Monitoring & Testing Results Explorer](results-explorer.md): The [Results Explorer](https://app.datadoghq.com/synthetics/explorer/) provides visibility into all test runs and CI ... - [Retention Policy](retention.md): {% callout %} - [__bytes__ method should returns bytes, not string](return-bytes-not-string.md): {% callout %} - [Do not return internal array](return-internal-array.md): {% callout %} - [do not return outside a function](return-outside-function.md): {% callout %} - [Reusable Modules](reusable-modules.md): {% callout %} - [Prefer using reverse_each](reverse-each.md): {% callout %} - [Reverse Connection](reverse-connection.md): {% callout %} - [Review and Remediate](review-remediate.md): - [Mute Issues in Cloud Security](https://docs.datadoghq.com/security/cloud_security_management/review_remediate/mute... - [>-](rf4-zcq-5j9.md): Classification:complianceFramework:cis-kubernetesControl:3.2.1 - [Streaming connections should have timeouts enabled and not be disabled](rii-wmd-3qm.md): Classification:complianceFramework:cis-kubernetesControl:4.2.5 - [AWS WAF web access control list deleted](rkm-8xh-x8b.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Lambda function should not be accessible over the public internet](rl5-ki5-ja8.md): Identify instances where a Lambda function can be invoked by anyone, either directly or through a Lambda function URL... - [Roku Crash Reporting and Error Tracking](roku.md): Error Tracking processes errors collected from the Roku SDK. - [Role assignment not limit guest user permissions](role-assignment-not-limit-guest-users-permissions.md): {% callout %} - [Role binding to default service account](role-binding-to-default-service-account.md): {% callout %} - [Role definition allows custom role creation](role-definition-allows-custom-role-creation.md): {% callout %} - [Role with privilege escalation by actions 'glue:UpdateDevEndpoint](role-with-privilege-escalation-by-actions-glue-updatedevendpoint.md): {% callout %} - [Role with privilege escalation by actions 'iam:AddUserToGroup](role-with-privilege-escalation-by-actions-iam-addusertogroup.md): {% callout %} - [Role with privilege escalation by actions 'iam:AttachGroupPolicy](role-with-privilege-escalation-by-actions-iam-attachgrouppolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:AttachRolePolicy](role-with-privilege-escalation-by-actions-iam-attachrolepolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:AttachUserPolicy](role-with-privilege-escalation-by-actions-iam-attachuserpolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:CreateAccessKey](role-with-privilege-escalation-by-actions-iam-createaccesskey.md): {% callout %} - [Role with privilege escalation by actions 'iam:CreateLoginProfile](role-with-privilege-escalation-by-actions-iam-createloginprofile.md): {% callout %} - [Role with privilege escalation by actions 'iam:CreatePolicyVersion](role-with-privilege-escalation-by-actions-iam-createpolicyversion.md): {% callout %} - [>-](role-with-privilege-escalation-by-actions-iam-passrole-and-cloudformation-create.md): {% callout %} - [>-](role-with-privilege-escalation-by-actions-iam-passrole-and-ec2-runinstances.md): {% callout %} - [>-](role-with-privilege-escalation-by-actions-iam-passrole-and-glue-createdevendpoin.md): {% callout %} - [>-](role-with-privilege-escalation-by-actions-iam-passrole-and-lambda-createfunction.md): {% callout %} - [Role with privilege escalation by actions 'iam:PutGroupPolicy](role-with-privilege-escalation-by-actions-iam-putgrouppolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:PutRolePolicy](role-with-privilege-escalation-by-actions-iam-putrolepolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:PutUserPolicy](role-with-privilege-escalation-by-actions-iam-putuserpolicy.md): {% callout %} - [Role with privilege escalation by actions 'iam:SetDefaultPolicyVersion](role-with-privilege-escalation-by-actions-iam-setdefaultpolicyversion.md): {% callout %} - [>-](role-with-privilege-escalation-by-actions-iam-updateassumerolepolicy-and-sts-ass.md): {% callout %} - [Role with privilege escalation by actions 'iam:UpdateLoginProfile](role-with-privilege-escalation-by-actions-iam-updateloginprofile.md): {% callout %} - [Role with privilege escalation by actions 'lambda:UpdateFunctionCode](role-with-privilege-escalation-by-actions-lambda-updatefunctioncode.md): {% callout %} - [Roles and Permissions](roles-and-permissions.md): Members of a Cloudcraft team may be assigned one of three different user roles: - [Roles](roles.md): The Roles API is used to create and manage Datadog roles, what [global permissions](https://docs.datadoghq.com/accoun... - [Rollback Detection](rollbacks-detection.md): {% callout %} - [Understanding rollup function and cardinality in visualizations](rollup-cardinality-visualizations.md): Visualizations in data analysis often rely on aggregation functions to summarize data over time. One common challenge... - [Rollup](rollup.md): Every metric query is inherently aggregated. However, appending the`.rollup()`function at the end of a query allows... - [Root account has active access keys](root-account-has-active-access-keys.md): {% callout %} - [Root CA file not defined](root-ca-file-not-defined.md): {% callout %} - [Root container not mounted as read-only](root-container-not-mounted-as-read-only.md): {% callout %} - [Root containers admitted](root-containers-admitted.md): {% callout %} - [ROS stack notifications disabled](ros-stack-notifications-disabled.md): {% callout %} - [ROS stack retention disabled](ros-stack-retention-disabled.md): {% callout %} - [ROS stack without template](ros-stack-without-template.md): {% callout %} - [Rotate Kubelet server certificate not active](rotate-kubelet-server-certificate-not-active.md): {% callout %} - [Route 53 Component](route-53.md): Use the Route 53 component to represent domains using the Route 53 DNS service from your Amazon Web Services architec... - [Route53 record undefined](route53-record-undefined.md): {% callout %} - [Beta - Nifcloud router has common private network](router-has-common-private.md): {% callout %} - [Beta - Nifcloud router undefined security group to router](router-security-group-undefined.md): {% callout %} - [Route table with default routing](routertable-with-default-routing.md): {% callout %} - [Routing Rules](routing-rules.md): {% callout %} - [Azure AD brute force login](rrb-osy-cuu.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [ElastiCache clusters should be provisioned in a VPC](rrv-fo1-7oh.md): Provision your AWS EC2-VPC ElastiCache cluster within the AWS ECS-VPC platform. - [Ensure RSA keys are large enough](rsa-key-size.md): {% callout %} - [RSA should use a long key](rsa-short-key.md): {% callout %} - [Do not use insecure YAML deserialization](ruamel-unsafe-yaml.md): {% callout %} - [Tracing Ruby Applications](ruby.md): {% alert level="info" %} - [(Legacy) Tracing Ruby Applications](ruby-v1.md): {% alert level="warning" %} - [CoTerm Configuration Rules](rules.md): You can configure CoTerm to take specific actions when it intercepts certain commands by adding lints and rules to yo... - [Rum Audience Management](rum-audience-management.md): Auto-generated tag Rum Audience Management - [Rum Metrics](rum-metrics.md): Manage configuration of [rum-based metrics](https://app.datadoghq.com/rum/generate-metrics) for your organization. - [Rum Retention Filters](rum-retention-filters.md): Manage retention filters through [Manage Applications](https://app.datadoghq.com/rum/list) of RUM for your organization. - [RUM](rum.md): Manage your Real User Monitoring (RUM) applications, and search or aggregate your RUM events over HTTP. See the [RUM ... - [Maintaining and running your Datadog installation](run.md): In the [Plan](https://docs.datadoghq.com/administrators_guide/plan/) and [Build](https://docs.datadoghq.com/administr... - [Run block injection](run-block-injection.md): {% callout %} - [Run Workflow Widget](run-workflow.md): The Run Workflow widget allows you to automate critical tasks from dashboards. Trigger your workflows from a dashboar... - [Configuration at Runtime](runtime-config.md): {% callout %} - [Runtime Metrics](runtime-metrics.md): Runtime metrics monitor your application's memory usage, garbage collection, and parallelization. Datadog tracing lib... - [Tracing Rust Applications](rust.md): {% callout %} - [Default VPC security group should restrict all traffic](rx9-tkr-e6b.md): A VPC comes with a default security group that by default denies all inbound traffic, allows all outbound traffic, an... - [S3 buckets should have versioning enabled](rxi-7oi-e5x.md): Enable versioning on S3 buckets to keep multiple versions of an object in one bucket. - [>-](ryt-btw-5yf.md): Classification:complianceFramework:cis-kubernetesControl:1.1.7 - [Azure Network Security Groups or Rules Created, Modified, or Deleted](rzw-eru-lnp.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [The docker.service file permissions should be set to 644](s24-ea2-4qt.md): Classification:complianceFramework:cis-dockerControl:3.2 - [S3 Component](s3.md): Use the S3 component to represent S3 buckets from your Amazon Web Services architecture. - [S3 bucket access to any principal](s3-bucket-access-to-any-principal.md): {% callout %} - [S3 bucket ACL allows read or write to all users](s3-bucket-acl-allows-read-or-write-to-all-users.md): {% callout %} - [S3 bucket ACL allows read to all users](s3-bucket-acl-allows-read-to-all-users.md): {% callout %} - [S3 bucket ACL allows read to any authenticated user](s3-bucket-acl-allows-read-to-any-authenticated-user.md): {% callout %} - [S3 bucket ACL grants WRITE_ACP permission](s3-bucket-acl-grants-write-acp-permission.md): {% callout %} - [S3 bucket allows authenticated users access](s3-bucket-allows-access-to-all-authenticated-users.md): {% callout %} - [S3 bucket allows delete action from all principals](s3-bucket-allows-delete-action-from-all-principals.md): {% callout %} - [S3 bucket allows delete action from all principals](s3-bucket-allows-delete-actions-from-all-principals.md): {% callout %} - [S3 bucket allows get action from all principals](s3-bucket-allows-get-action-from-all-principals.md): {% callout %} - [S3 bucket allows get action from all principals](s3-bucket-allows-get-actions-from-all-principals.md): {% callout %} - [S3 bucket allows list action from all principals](s3-bucket-allows-list-action-from-all-principals.md): {% callout %} - [S3 bucket allows list action from all principals](s3-bucket-allows-list-actions-from-all-principals.md): {% callout %} - [S3 bucket allows public ACL](s3-bucket-allows-public-acl.md): {% callout %} - [S3 bucket allows put action from all principals](s3-bucket-allows-put-action-from-all-principals.md): {% callout %} - [S3 bucket allows put action from all principals](s3-bucket-allows-put-actions-from-all-principals.md): {% callout %} - [S3 bucket allows restore actions from all principals](s3-bucket-allows-restore-actions-from-all-principals.md): {% callout %} - [S3 bucket CloudTrail logging disabled](s3-bucket-cloudtrail-logging-disabled.md): {% callout %} - [S3 bucket logging disabled](s3-bucket-logging-disabled.md): {% callout %} - [S3 bucket object-level CloudTrail logging disabled](s3-bucket-object-level-cloudtrail-logging-disabled.md): {% callout %} - [S3 bucket object not encrypted](s3-bucket-object-not-encrypted.md): {% callout %} - [S3 bucket policy accepts HTTP requests](s3-bucket-policy-accepts-http-requests.md): {% callout %} - [S3 bucket public ACL overridden by public access block](s3-bucket-public-acl-overridden-by-public-access-block.md): {% callout %} - [S3 bucket should have bucket policy](s3-bucket-should-have-bucket-policy.md): {% callout %} - [S3 bucket with all permissions](s3-bucket-with-all-permissions.md): {% callout %} - [S3 bucket allows public policy](s3-bucket-with-public-policy.md): {% callout %} - [S3 bucket with unsecured CORS rule](s3-bucket-with-unsecured-cors-rule.md): {% callout %} - [S3 bucket without enabled MFA delete](s3-bucket-without-enabled-mfa-delete.md): {% callout %} - [S3 bucket without ignore public ACL](s3-bucket-without-ignore-public-acl.md): {% callout %} - [S3 bucket without restriction of public bucket](s3-bucket-without-restriction-of-public-bucket.md): {% callout %} - [S3 bucket without server-side encryption](s3-bucket-without-server-side-encryption.md): {% callout %} - [S3 bucket without SSL in write actions](s3-bucket-without-ssl-in-write-actions.md): {% callout %} - [S3 bucket without versioning](s3-bucket-without-versioning.md): {% callout %} - [S3 static website host enabled](s3-static-website-host-enabled.md): {% callout %} - [The Docker daemon log level should be set to 'info](s3q-zji-3e8.md): Classification:complianceFramework:cis-dockerControl:2.2 - [Reflected XSS attempts on routes returning HTML](s47-2lt-xv9.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [Multiple Okta push notifications denied followed by a successful login](s52-gxw-z6t.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi... - [Network utility executed with suspicious URI](s56-riu-fjj.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [Resources should be created in a non-default namespace in Kubernetes](s7h-nz8-rfi.md): Classification:complianceFramework:cis-kubernetesControl:5.7.4 - [SafeNet SAML IdP](safenet.md): Follow the [main SAML configuration instructions](https://docs.datadoghq.com/account_management/saml/#configure-saml)... - [Safety Center](safety-center.md): {% callout %} - [SageMaker data encryption disabled](sagemaker-data-encryption-disabled.md): {% callout %} - [SageMaker notebook internet access enabled](sagemaker-direct-internet-access-enabled.md): {% callout %} - [SageMaker enabling internet access](sagemaker-enabling-internet-access.md): {% callout %} - [SageMaker endpoint config should specify KmsKeyId attribute](sagemaker-endpoint-config-should-specify-kms-key-id-attribute.md): {% callout %} - [SageMaker endpoint configuration encryption disabled](sagemaker-endpoint-configuration-encryption-disabled.md): {% callout %} - [SageMaker notebook instance without KMS](sagemaker-notebook-instance-without-kms.md): {% callout %} - [SageMaker notebook not placed in VPC](sagemaker-notebook-not-placed-in-vpc.md): {% callout %} - [SaltStack](saltstack.md): The Datadog SaltStack formula is used to install the Datadog Agent and the Agent-based integrations (checks). For mor... - [Replace multiple if with a switch](same-condition.md): {% callout %} - [Single Sign On With SAML](saml.md): {% callout %} - [Sankey Widget](sankey.md): {% callout %} - [Go - Save up to 14% CPU in Production with Profile-Guided Optimization](save-cpu-in-production-with-go-pgo.md): Starting with [Go 1.21](https://tip.golang.org/doc/go1.21), the Go compiler supports profile-guided optimization (PGO). - [Save and Reuse Actions](saved-actions.md): {% callout %} - [Saved Views](saved-views.md): {% callout %} - [Do not append char as strings](sb-append-char.md): {% callout %} - [The daemon.json file should have user and group ownership set to root](sc4-qiy-6ni.md): Classification:complianceFramework:cis-dockerControl:3.17 - [Local account password modified](sc8-pjc-tut.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1098-account... - [Is the AWS China region supported?](scan-error-aws-china-region.md): No, Cloudcraft does not currently support the AWS China region, due to the region's licensing requirements. - [Scanning Rules](scanning-rules.md): {% callout %} - [Scatter Plot Widget](scatter-plot.md): A scatter plot identifies a possible relationship between changes observed in two different sets of variables. It pro... - [SCCM](sccm.md): Microsoft SCCM (Systems Center Configuration Manager) is a configuration management solution that comes packaged with... - [Scheduled Reports](scheduled-reports.md): Scheduled Cloud Cost (CCM) Reports let you automatically receive recurring cost reports through email or Slack. This ... - [Create a Scheduled Rule](scheduled-rule.md): Scheduled detection rules run at predefined intervals to analyze indexed log data and detect security threats. These ... - [Schedules](schedules.md): {% callout %} - [Exploring Database Schemas](schema-explorer.md): Schemas help you monitor performance, usage, and changes in your data models, enabling quicker issue identification a... - [Schema Tracking](schema-tracking.md): {% callout %} - [SCIM](scim.md): Provision Datadog users and teams using SCIM APIs. - [Authorization Scopes](scopes.md): Scopes are an authorization mechanism that allow you to limit and define the specific access applications have to an ... - [Screenboard API](screenboard-api-doc.md): {% alert level="warning" %} - [Screenboards](screenboards.md): This endpoint is outdated. Use the [new Dashboard endpoint](https://docs.datadoghq.com/api/latest/dashboards/) instead. - [Script block injection](script-block-injection.md): {% callout %} - [SDB domain declared as a resource](sdb-domain-declared-as-a-resource.md): {% callout %} - [App and API Protection SDK for Go](sdk.md): {% callout %} - [Avoid protected members in sealed class](sealed-class-protected-members.md): {% callout %} - [Search Results](search.md) - [Search CloudPrem Logs](search-logs.md): {% callout %} - [CD Visibility Explorer Search Syntax](search-syntax.md): {% callout %} - [Search Syntax](searching.md): Events search uses the [logs search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/). Like logs searc... - [Seccomp profile is not configured](seccomp-profile-is-not-configured.md): {% callout %} - [Writing Custom Rule Expressions](secl-auth-guide.md): This guide shows you how to write effective SECL (Security Language) rules for Datadog Workload Protection. - [Seccomp profile is not configured](secoomp-profile-is-not-configured.md): {% callout %} - [Secret expiration not set](secret-expiration-not-set.md): {% callout %} - [Secret Management](secret-management.md): For enhanced security, the Datadog Operator can retrieve Datadog credentials (API key and application key) using [Sec... - [Secret Scanning](secret-scanning.md): {% callout %} - [Secret Validation](secret-validation.md): {% callout %} - [Secrets Management](secrets-management.md): The Datadog Agent helps you securely manage your secrets by integrating with the following secrets management solutions: - [Secrets used as environment variables](secrets-as-environment-variables.md): {% callout %} - [Secrets manager should specify KmsKeyId](secrets-manager-should-specify-kms-key-id.md): {% callout %} - [Secrets Manager with vulnerable policy](secrets-manager-with-vulnerable-policy.md): {% callout %} - [Secrets Manager secret encrypted with AWS-managed key](secretsmanager-secret-encrypted-with-aws-managed-key.md): {% callout %} - [Secrets Manager secret without KMS](secretsmanager-secret-without-kms.md): {% callout %} - [Make sure cookies are safe and secure](secure-cookie.md): {% callout %} - [Avoid unsafe 'none' algorithm when creating JWTs](secure-jwt-algorithm.md): {% callout %} - [Secure ciphers disabled](secure-ciphers-disabled.md): {% callout %} - [Secure port set to zero](secure-port-set-to-zero.md): {% callout %} - [Has Cloudcraft gone through security audits?](security-audits.md): Yes, we hire an external security company every year to run penetration and security tests on our platform. - [Security Group Component](security-group.md): Use the Security Group component to represent security groups from your Amazon Web Services architecture. - [Security Monitoring](security-monitoring.md): Create and manage your security rules, signals, filters, and more. See the [Datadog Security page](https://docs.datad... - [Datadog Security](security.md): Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, a... - [Security center pricing tier is not standard](security-center-pricing-tier-is-not-standard.md): {% callout %} - [Security contact email](security-contact-email.md): {% callout %} - [Security context deny admission control plugin not set](security-context-deny-admission-control-plugin-not-set.md): {% callout %} - [Security Controls](security-controls.md): {% callout %} - [Visualize relationships with Security Graph](security-graph.md): {% callout %} - [Security group egress CIDR open to world](security-group-egress-cidr-open-to-world.md): {% callout %} - [Security group egress with all protocols](security-group-egress-with-all-protocols.md): {% callout %} - [Security group egress with port range](security-group-egress-with-port-range.md): {% callout %} - [Security group ingress has CIDR not recommended](security-group-ingress-has-cidr-not-recommended.md): {% callout %} - [Security group ingress with all protocols](security-group-ingress-with-all-protocols.md): {% callout %} - [Security group ingress with port range](security-group-ingress-with-port-range.md): {% callout %} - [Security group is not configured](security-group-is-not-configured.md): {% callout %} - [Beta - security group rule set accepts all traffic](security-group-rule-set-accepts-all-traffic.md): {% callout %} - [Security group rule without description](security-group-rule-without-description.md): {% callout %} - [Security group rule without description](security-group-rules-without-description.md): {% callout %} - [Security group with unrestricted access to SSH](security-group-with-unrestricted-access-to-ssh.md): {% callout %} - [Security group rule without description](security-group-without-description.md): {% callout %} - [Security groups allows unrestricted outbound traffic](security-groups-allows-unrestricted-outbound-traffic.md): {% callout %} - [Security group not used](security-groups-not-used.md): {% callout %} - [Security group unrestricted access to RDP](security-groups-unrestricted-access-to-rdp.md): {% callout %} - [Security groups with exposed admin ports](security-groups-with-exhibited-admin-ports.md): {% callout %} - [Security groups with meta IP](security-groups-with-meta-ip.md): {% callout %} - [Security group with unrestricted access to SSH](security-groups-with-unrestricted-access-to-ssh.md): {% callout %} - [Security groups without VPC attached](security-groups-without-vpc-attached.md): {% callout %} - [Security Inbox](security-inbox.md): Available for: - [Security Operational Metrics](security-operational-metrics.md): Cloud SIEM provides security operational metrics to help you determine the effectiveness of your team in responding t... - [Investigate Security Signals](security-signals.md): {% callout %} - [Avoid avoiding a variable to itself](self-assign.md): {% callout %} - [Prevent self-assignment of variables](self-assignment.md): {% callout %} - [Setting Up Database Monitoring for Self-Hosted MongoDB](selfhosted.md): Database Monitoring offers comprehensive insights into your MongoDB databases by providing access to critical metrics... - [Agent Flare](send-a-flare.md): A flare allows you to send necessary troubleshooting information to the Datadog support team. - [Send traces to the Agent by API](send-traces-to-agent-by-api.md): Datadog APM allows you to collect performance metrics by tracing your code to determine which parts of your applicati... - [Sensitive Data Scanner](sensitive-data-scanner.md): Create, update, delete, and retrieve sensitive data scanner groups and rules. See the [Sensitive Data Scanner page](h... - [Dynamic Instrumentation Sensitive Data Scrubbing](sensitive-data-scrubbing.md): {% callout %} - [Sensitive Data Scanner](sensitive-data-scanner-2.md): Sensitive data, such as credit card numbers, API keys, IP addresses, and personally identifiable information (PII) ar... - [Sensitive port is exposed to entire network](sensitive-port-is-exposed-to-entire-network.md): {% callout %} - [Sensitive port is exposed to small public network](sensitive-port-is-exposed-to-small-public-network.md): {% callout %} - [Sensitive port is exposed to wide private network](sensitive-port-is-exposed-to-wide-private-network.md): {% callout %} - [Sentry SDK](sentry-sdk.md): {% alert level="danger" %} - [Sequence](sequence.md): The sequence method enables you to detect multi-stage attacks by identifying ordered patterns of related events, such... - [Server-Side Feature Flags](server.md): {% callout %} - [Serverless](serverless.md): {% alert level="info" %} - [Serverless API access logging setting undefined](serverless-api-access-logging-setting-undefined.md): {% callout %} - [Serverless API cache cluster disabled](serverless-api-cache-cluster-disabled.md): {% callout %} - [Serverless API endpoint config not private](serverless-api-endpoint-config-not-private.md): {% callout %} - [Serverless API without content encoding](serverless-api-without-content-encoding.md): {% callout %} - [Serverless API X-Ray tracing disabled](serverless-api-xray-tracing-disabled.md): {% callout %} - [Enable AWS X-Ray Tracing](serverless-enable-aws-xray.md): **Prerequisite:** [Install the AWS integration](https://docs.datadoghq.com/integrations/amazon_web_services/#setup). - [Serverless function environment variables not encrypted](serverless-function-environment-variables-not-encrypted.md): {% callout %} - [Serverless function without dead-letter queue](serverless-function-without-dead-letter-queue.md): {% callout %} - [Serverless function without tags](serverless-function-without-tags.md): {% callout %} - [Serverless function without unique IAM role](serverless-function-without-unique-iam-role.md): {% callout %} - [Serverless function without X-Ray tracing](serverless-function-without-x-ray-tracing.md): {% callout %} - [Service Accounts](service-accounts.md): Create, edit, and disable service accounts. See the [Service Accounts page](https://docs.datadoghq.com/account_manage... - [Service bus namespace Component](service-bus-namespace.md): You can use the Service Bus Namespace component to represent and visualize cloud messaging as a service integrations ... - [Service bus queue Component](service-bus-queue.md): You can use the Service Bus Queue component to represent and visualize cloud messaging as a service integrations from... - [Service bus topic Component](service-bus-topic.md): You can use the Service Bus Topic component to represent and visualize cloud messaging as a service integrations from... - [Service Checks](service-checks.md): The service check endpoint allows you to post check statuses for use with monitors. Service check messages are limite... - [Service Definition](service-definition.md): API to create, update, retrieve and delete service definitions. Note: Service Catalog [v3.0 schema](https://docs.data... - [Service Dependencies](service-dependencies.md): APM Service Map API. For more information, visit the [Service Map page](https://docs.datadoghq.com/tracing/visualizat... - [Enabling App and API Protection for GCP Service Extensions](service-extensions.md): {% callout %} - [Service Level Objective Corrections](service-level-objective-corrections.md): SLO Status Corrections allow you to prevent specific time periods from negatively impacting your SLO's status and err... - [Service Level Objectives](service-level-objectives.md): [Service Level Objectives](https://docs.datadoghq.com/monitors/service_level_objectives/#configuration) (or SLOs) are... - [Service Scorecards](service-scorecards.md): API to create and update scorecard rules and outcomes. See [Service Scorecards](https://docs.datadoghq.com/service_ca... - [Avoid service with writable filesystem](service-writable-filesystem.md): {% callout %} - [Service account admission control plugin disabled](service-account-admission-control-plugin-disabled.md): {% callout %} - [ServiceAccount allows access to secrets](service-account-allows-access-secrets.md): {% callout %} - [Service account key file not properly set](service-account-key-file-not-properly-set.md): {% callout %} - [Service account lookup set to false](service-account-lookup-set-to-false.md): {% callout %} - [Service account name undefined or empty](service-account-name-undefined-or-empty.md): {% callout %} - [Service account private key file not defined](service-account-private-key-file-not-defined.md): {% callout %} - [Service account token auto-mount not disabled](service-account-token-automount-not-disabled.md): {% callout %} - [Service account with improper privileges](service-account-with-improper-privileges.md): {% callout %} - [Service Accounts](service-accounts-2.md): Service accounts are non-interactive accounts you can use to own application keys and other resources that are shared... - [Service Check](service-checks-2.md): Service checks allow you to characterize the status of a service to monitor it within Datadog. Service checks monitor... - [Service control policies disabled](service-control-policies-disabled.md): {% callout %} - [Service does not target a Pod](service-does-not-target-pod.md): {% callout %} - [There are non GCP-managed service account keys for a service account](service-has-non-gcp-managed-service-account-keys.md): {% callout %} - [Service Level Objectives](service-level-objectives-2.md): {% callout %} - [Integration Override Removal](service-override-removal.md): {% callout %} - [Overrides in APM](service-overrides.md): Both integration overrides and service overrides change the service name of spans. The initial service name is referr... - [Service Page](service-page.md): {% image - [Service Remapper](service-remapper.md): The service remapper processor assigns one or more attributes to your events as the official service. - [Service remapping rules](service-remapping-rules.md): {% callout %} - [Service Summary Widget](service-summary.md): A service is a set of processes that do the same job, for example, a web framework or database. Datadog provides out-... - [Service type is NodePort](service-type-is-nodeport.md): {% callout %} - [Service with external load balancer](service-with-external-load-balancer.md): {% callout %} - [ServiceNow Integration](servicenow-integration.md): Manage your ServiceNow Integration. ServiceNow is a cloud-based platform that helps organizations manage digital work... - [Integrate ServiceNow with Datadog Incident Management](servicenow.md): ServiceNow is an IT service management platform that provides solutions for managing digital workflows, IT operations... - [Service Observability](services.md): {% image - [Service Map](services-map.md): The Service Map decomposes your application into all its component [services](https://docs.datadoghq.com/tracing/glos... - [SES Component](ses.md): Use the SES component to represent transactional and marketing email services from your Amazon Web Services architect... - [SES policy with allowed IAM actions](ses-policy-with-allowed-iam-actions.md): {% callout %} - [Prevent XSS injection by setting HttpOnly to false](session-http-only.md): {% callout %} - [Session must be secure](session-secure.md): {% callout %} - [Session Replay](session-replay.md): Session Replay expands your user experience monitoring by allowing you to capture and visually replay the web browsin... - [Set up Two-Factor Authentication](set-up-two-factor-authentication.md): Two-factor authentication (2FA) provides an extra layer of security for your account. When you enable 2FA, your Cloud... - [Set Due Date Rules](set-due-date.md): Configure due date rules to ensure findings are addressed within your specified SLO time frames. By setting these due... - [Avoid using the initial state variable in setState](setstate-same-var.md): {% callout %} - [Setting Up Cloud SIEM for AWS](setting-up-security-monitoring-for-aws.md): With Datadog Cloud SIEM, detection rules are applied to all processed logs. AWS service logs are collected with a Dat... - [Set Primary Tags to Scope](setting-primary-tags-to-scope.md): There are several dimensions available to scope an entire Datadog APM application. These include aggregate statistics... - [Setting Up APM with C++](setting-up-apm-with-cpp.md): This guide expands on the [C++ APM docs](https://docs.datadoghq.com/tracing/setup/cpp/) to provide step-by-step instr... - [Setting up APM with Kubernetes Service](setting-up-apm-with-kubernetes-service.md): In Kubernetes, Datadog tracers can send data to the Datadog Agent in three ways: Unix Domain Socket (UDS), host IP, o... - [Continuous Testing Settings](settings.md): You can access Continuous Testing settings on the [Synthetic Monitoring & Testing Settings page](https://docs.datadog... - [Agentic Onboarding Setup](setup.md): {% callout %} - [Setting up Amazon DocumentDB](setup-documentdb.md): | Instance-based cluster | - [Set Up Your Mobile Device for the First Time](setup-mobile-device.md): The Datadog mobile app helps you maintain continuous visibility into the health and performance of your system and ta... - [Setting up MongoDB](setup-mongodb.md): | Self-hosted | MongoDB Atlas | - [Setting up MySQL](setup-mysql.md): | Self-hosted | Amazon RDS | Amazon Aurora | Google Cloud SQL with >16GB RAM | Azure | - [Setting up Oracle](setup-oracle.md): | Self-Hosted | RDS | RAC | Exadata | Autonomous Database | Automatic Storage Management | - [Setting up Postgres](setup-postgres.md): | Version | Self-hosted | Amazon RDS | Amazon Aurora | Google Cloud SQL | Google AlloyDB | Azure | Supabase | - [Remote Configuration for Fleet Automation](setup-remote-config.md): This page covers configuring and using Remote Configuration (Remote Configuration enables users to remotely configure... - [Set up SCA in your running services](setup-runtime.md): {% callout %} - [Setting up SQL Server](setup-sql-server.md): | Self-hosted | Azure | Amazon RDS ... - [Set up SCA in your repositories](setup-static.md): {% callout %} - [Severity Scoring](severity-scoring.md): Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. Thi... - [How are shared blueprint links secured?](shareable-link-security.md): A shared link should be treated as a password or secret and handled accordingly, since anyone with access to the link... - [Shared Dashboards](shared-dashboards.md): Shared dashboards in Datadog allow external users or those who prefer not to log in to view your dashboards. You can ... - [Shared host IPC namespace](shared-host-ipc-namespace.md): {% callout %} - [Shared host network namespace](shared-host-network-namespace.md): {% callout %} - [Shared host PID namespace](shared-host-pid-namespace.md): {% callout %} - [Shared service account](shared-service-account.md): {% callout %} - [Check sharing level for queries](sharing-level-for-query.md): {% callout %} - [Sharing](sharing.md): Shared visualizations allow you to display metric, trace, and log visualizations outside of Datadog. Share visualizat... - [Sheets](sheets.md): {% callout %} - [Prevent shell injection](shell-injection.md): {% callout %} - [Shield Advanced not in use](shield-advanced-not-in-use.md): {% callout %} - [Shielded GKE nodes disabled](shielded-gke-nodes-disabled.md): {% callout %} - [Shielded VM disabled](shielded-vm-disabled.md): {% callout %} - [Avoid short class names](short-class-name.md): {% callout %} - [Avoid short method names](short-method-name.md): {% callout %} - [Avoid short variable names](short-variable-name.md): {% callout %} - [Avoid short variable names](short-variable.md): {% callout %} - [Shortcut Configurations](shortcut-configurations.md): Open external links directly in the Datadog app instead of in the browser by setting the Datadog mobile app as your d... - [Sigma](sigma.md): Datadog's Sigma integration helps data teams make changes to their data platform without breaking Sigma workbooks, an... - [Invalid signal being trapped](signal-trapped.md): {% callout %} - [Simplify boolean expression](simplify-boolean-expression.md): {% callout %} - [Simplify make and avoid 0 as second argument](simplify-make.md): {% callout %} - [Simplify pointer operation](simplify-pointer-operation.md): {% callout %} - [fmt.Sprintf("%s", var) should not be used if var is a string](simplify-sprintf-with-string.md): {% callout %} - [Test assertions for booleans can be simplified](simplify-test-assertions-boolean.md): {% callout %} - [Test assertions using equals comparison can be simplified](simplify-test-assertions-equals.md): {% callout %} - [Test assertions using null comparison can be simplified](simplify-test-assertions-null.md): {% callout %} - [Test assertions using operator comparison can be simplified](simplify-test-assertions-ops.md): {% callout %} - [Avoid select statement with one case](single-case-select.md): {% callout %} - [Single Step APM Instrumentation](single-step-apm.md): Single Step Instrumentation (SSI) automatically installs the Datadog SDKs with no additional configuration required, ... - [Separate lines for each declaration](single-var-declaration.md): {% callout %} - [Enabling AAP threat detection and protection using single step instrumentation](single-step.md): {% callout %} - [Single Step Instrumentation for Backend Error Tracking](single-step-instrumentation.md): Install or update a Datadog Agent with the **Enable APM Instrumentation** and **Error Tracking Standalone** options t... - [Agent Site Issues](site.md): By default the Agent sends its data to Datadog US site:`app.datadoghq.com`. If your organization is on another site,... - [Cluster Sizing](sizing.md): {% callout %} - [Windows Net command executed to enumerate administrators](sl8-aa0-qkv.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1087-account-disco... - [Slack Integration](slack-integration.md): Configure your [Datadog-Slack integration](https://docs.datadoghq.com/integrations/slack) directly through the Datado... - [Integrate Slack with Datadog Incident Management](slack.md): Slack is a messaging and collaboration platform widely used by teams to communicate in real time. The Datadog Slack i... - [SLB policy with insecure TLS version in use](slb-policy-with-insecure-tls-version-in-use.md): {% callout %} - [SLO Widget](slo.md): SLOs (service-level objectives) are an agreed-upon target that must be achieved for each activity, function, and proc... - [Graph historical SLO data on Dashboards](slo-data-source.md): Graph Metric-based and Time Slice SLOs on dashboards and track trends over 15 months. You can also leverage the [sche... - [Scope metric-based SLO queries](slo-graph-query.md): {% alert level="info" %} - [SLO List Widget](slo-list.md): SLOs (service-level objectives) are an agreed-upon target that must be achieved for each activity, function, and proc... - [__slots__ should not be a single string](slots-no-single-string.md): {% callout %} - [Debug the slowest trace on the slowest endpoint of a web service](slowest-request-daily.md): *3 minutes to complete* - [Small activity log retention period](small-activity-log-retention-period.md): {% callout %} - [Small flow logs retention period](small-flow-logs-retention-period.md): {% callout %} - [Small MSSQL server audit retention](small-msql-server-audit-retention.md): {% callout %} - [Small MSSQL audit retention period](small-mssql-audit-retention-period.md): {% callout %} - [Small PostgreSQL DB server log retention period](small-postgresql-db-server-log-retention-period.md): {% callout %} - [API server should only authorize explicitly authorized requests](sme-jsx-2n6.md): Classification:complianceFramework:cis-kubernetesControl:1.2.7 - [Smoothing](smoothing.md): | Function | Description | Example ... - [SMTP server identify must be enforced](smtp-insecure-connection.md): {% callout %} - [Snapshots](snapshots.md): Take graph snapshots using the API. - [Snowflake](snowflake.md): The Snowflake integration connects Datadog to your Snowflake account to sync metadata, query history, and table-level... - [SNS Subscriptions Component](sns-subscriptions.md): Use the SNS Subscription component to visualize SNS subscriptions from your Amazon Web Services architecture. - [SNS Topic Component](sns-topic.md): Use the SNS Topic component to represent visualize SNS topics from your Amazon Web Services architecture. - [SNS Component (Deprecated)](sns.md): Use the SNS component to represent notification services from your Amazon Web Services architecture. - [SNS topic encrypted with AWS managed key](sns-topic-encrypted-with-aws-managed-key.md): {% callout %} - [SNS topic is publicly accessible](sns-topic-is-publicly-accessible.md): {% callout %} - [SNS topic not encrypted](sns-topic-not-encrypted.md): {% callout %} - [SNS topic publicity has Allow and NotAction simultaneously](sns-topic-publicity-has-allow-and-not-action-simultaneously.md): {% callout %} - [SNS topic without KmsMasterKeyId](sns-topic-without-kms-master-key-id.md): {% callout %} - [Do you have a SOC2 report?](soc2-report.md): Yes, we do. - [Software Catalog](software-catalog.md): API to create, update, retrieve, and delete Software Catalog entities. - [Software Composition Analysis](software-composition-analysis.md): {% callout %} - [Getting Started with Software Delivery](software-delivery.md): - [Getting Started with CI Visibility](https://docs.datadoghq.com/getting_started/ci_visibility/) - [Solve Memory Leaks with Profiling](solve-memory-leaks.md): Profiling has several datasets to help solve memory leaks, such as the Heap profile type, which is [available for mul... - [Prevent SOQL injection](soql-injection.md): {% callout %} - [Source Installation](source.md): This page outlines the basic features of the Datadog Agent. If you haven't installed the Agent yet, instructions can ... - [Spa](spa.md): SPA (Spark Pod Autosizing) API. Provides resource recommendations and cost insights to help optimize Spark job config... - [Trace and Span ID Formats](span-and-trace-id-format.md): This page details Datadog tracing library support for trace and span ID (A span ID is a numerical identifier generate... - [Span Links](span-links.md): {% image - [Span Tags, Attributes, and Facets](span-tags-attributes.md): Span metadata is composed of **attributes** and **tags**. - [Spans Metrics](spans-metrics.md): Manage configuration of [span-based metrics](https://app.datadoghq.com/apm/traces/generate-metrics) for your organiza... - [Spans](spans.md): Search and aggregate your spans from your Datadog platform over HTTP. - [ensure special methods have the correct arguments](special-methods-arguments.md): {% callout %} - [User must specify return type via ->.](specify-return-type.md): {% callout %} - [Split Graph Widget](split-graph.md): {% alert level="info" %} - [AWS ConsoleLogin without MFA triggered Impossible Travel scenario](spm-un2-i9l.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Do not disable CSRF](spring-csrf-disable.md): {% callout %} - [Spring CSRF unrestricted RequestMapping](spring-csrf-requestmapping.md): {% callout %} - [Potential code injection when using Spring Expression](spring-expression-injection.md): {% callout %} - [Avoid user-input file](spring-request-file-tainted.md): {% callout %} - [Prefer sprintf and form](sprintf.md): {% callout %} - [Azure AD member assigned built-in Administrator role](sqa-ez2-ojw.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Avoid manually built SQL queries](sql-format-string.md): {% callout %} - [SQL injection in Hibernate](sql-injection-hibernate.md): {% callout %} - [SQL injection in BasePeer](sql-injection-turbine.md): {% callout %} - [Prevent SQL queries built from strings](sql-injection.md): {% callout %} - [do not pass hardcoded credentials](sql-server-security-credentials.md): {% callout %} - [Do not build SQL queries with string concatenations](sql-string-concatenation.md): {% callout %} - [Exploring SQL Server AlwaysOn Availability Groups](sql-alwayson.md): The Database Monitoring AlwaysOn Clusters view enables you to detect data synchronization issues, understand availabi... - [SQL analysis services port 2383 (TCP) is publicly accessible](sql-analysis-services-port-2383-is-publicly-accessible.md): {% callout %} - [SQL database audit disabled](sql-database-audit-disabled.md): {% callout %} - [SQL Server cross DB ownership chaining enabled](sql-database-has-cross-db-ownership-chaining.md): {% callout %} - [Ensure SQL database instance has skip show database flag](sql-database-instance-does-not-have-skip-show-database.md): {% callout %} - [SQL DB instance backup disabled](sql-db-instance-backup-disabled.md): {% callout %} - [SQL DB instance publicly accessible](sql-db-instance-is-publicly-accessible.md): {% callout %} - [SQL DB instance with SSL disabled](sql-db-instance-with-ssl-disabled.md): {% callout %} - [Configuring Deadlock Monitoring on SQL Server](sql-deadlock.md): The Deadlock view enables you to explore deadlock events in your SQL Server database. A deadlock occurs when two or m... - [Configuring Query Completion and Query Error Capture on SQL Server](sql-extended-events.md): This feature collects query completion and query error events from your SQL Server instances using Extended Events (X... - [SQL server alert email disabled](sql-server-alert-email-disabled.md): {% callout %} - [SQL server auditing disabled](sql-server-auditing-disabled.md): {% callout %} - [Sqlserver ingress from any IP](sql-server-ingress-from-any-ip.md): {% callout %} - [SQL server predictable Active Directory admin account name](sql-server-predictable-active-directory-admin-account-name.md): {% callout %} - [SQL server predictable admin account name](sql-server-predictable-admin-account-name.md): {% callout %} - [Use of unsanitized data to issue SQL queries](sqlalchemy-injection.md): {% callout %} - [SQS Component](sqs.md): Use the SQS component to represent message queues from your Amazon Web Services architecture. - [SQS policy allows all actions](sqs-policy-allows-all-actions.md): {% callout %} - [SQS policy with public access](sqs-policy-with-public-access.md): {% callout %} - [SQS queue exposed](sqs-queue-exposed.md): {% callout %} - [SQS VPC endpoint without DNS resolution](sqs-vpc-endpoint-without-dns-resolution.md): {% callout %} - [SQS with SSE disabled](sqs-with-sse-disabled.md): {% callout %} - [Service accounts on the controller manager should have a private key file set](ssa-pgr-9y8.md): Classification:complianceFramework:cis-kubernetesControl:1.3.4 - [Do not ignore SSH host validation](ssh-ignore-keys.md): {% callout %} - [SSH access is not restricted](ssh-access-is-not-restricted.md): {% callout %} - [SSH is exposed to the Internet](ssh-is-exposed-to-the-internet.md): {% callout %} - [Do not use weak SSL context](ssl-context.md): {% callout %} - [Ensure MinVersion is defined for TLS client](ssl-min-version.md): {% callout %} - [Ensure SSL connections are verified](ssl-no-verify.md): {% callout %} - [should not bypass certificate verification](ssl-unverified-context.md): {% callout %} - [SSLv3 is not secure and should be avoided](ssl-v3-insecure.md): {% callout %} - [SSL enforce disabled](ssl-enforce-is-disabled.md): {% callout %} - [SSM session transit encryption disabled](ssm-session-transit-encryption-disabled.md): {% callout %} - [SSO identity user unsafe creation](sso-identity-user-unsafe-creation.md): {% callout %} - [SSO permission with inadequate user session duration](sso-permission-with-inadequate-user-session-duration.md): {% callout %} - [SSO policy with full privileges](sso-policy-with-full-privileges.md): {% callout %} - [Use of unsanitized data to make API calls](ssrf-requests.md): {% callout %} - [Stack notifications disabled](stack-notifications-disabled.md): {% callout %} - [Stack retention disabled](stack-retention-disabled.md): {% callout %} - [Stack without template](stack-without-template.md): {% callout %} - [Do not use stackalloc in loops](stackallow-loops.md): {% callout %} - [Stackdriver Logging disabled](stackdriver-logging-disabled.md): {% callout %} - [Stackdriver Monitoring disabled](stackdriver-monitoring-disabled.md): {% callout %} - [Set Up App and API Protection Products without using APM](standalone-application-security.md): {% callout %} - [Default Standard Attributes](standard-attributes.md): The following table lists the attributes automatically applied to data sent to Datadog by the Agent by each of the RU... - [Use StartsWith instead of IndexOf](startswith-indexof.md): {% callout %} - [Use StartsWith Instead of IndexOf](startswith-instead-of-indexof.md): {% callout %} - [StatefulSet without podAntiAffinity](statefulset-has-no-pod-anti-affinity.md): {% callout %} - [StatefulSet requests storage](statefulset-requests-storage.md): {% callout %} - [StatefulSet without PodDisruptionBudget](statefulset-without-pod-disruption-budget.md): {% callout %} - [StatefulSet without service name](statefulset-without-service-name.md): {% callout %} - [Statements should not be on same line as curly brace](statement-wrapping.md): {% callout %} - [Static Analysis](static-analysis.md): API for static analysis - [Class should be static](static-class.md): {% callout %} - [do not use self as parameter for static methods](static-method-no-self.md): {% callout %} - [Static Code Analysis (SAST)](static-analysis-2.md): {% callout %} - [SAST Rules](static-analysis-rules.md): {% callout %} - [Status Pages](status-pages.md): Manage your status pages and communicate service disruptions to stakeholders via Datadog's API. See the [Status Pages... - [Status Pages](status-pages-2.md): {% callout %} - [Status Remapper](status-remapper.md): Use the status remapper processor to assign attributes as an official status to your events. For example, add an even... - [Integrate Atlassian Statuspage with Datadog Incident Management](statuspage.md): Atlassian's Statuspage conveys real-time status of an organization's services on a webpage. Enable the integration to... - [Storage account not forcing HTTPS](storage-account-not-forcing-https.md): {% callout %} - [Storage account not using latest TLS encryption version](storage-account-not-using-latest-tls-encryption-version.md): {% callout %} - [Storage container is publicly accessible](storage-container-is-publicly-accessible.md): {% callout %} - [Storage share file allows all ACL permissions](storage-share-file-allows-all-acl-permissions.md): {% callout %} - [Storage table allows all ACL permissions](storage-table-allows-all-acl-permissions.md): {% callout %} - [Enforce the use of === and !==](strict-equals.md): {% callout %} - [Do not use StringBuffer or StringBuilder as a class field](string-buffer-field.md): {% callout %} - [Prefer string chars with empty string](string-chars.md): {% callout %} - [Avoid string concatenation](string-interpolation.md): {% callout %} - [String Builder Processor](string-builder-processor.md): Use the string builder processor to add a new attribute (without spaces or special characters) to an event with the r... - [Use StringComparison to compare strings](stringcomparison.md): {% callout %} - [Use strings.Contains instead of strings.Index with -1](strings-index-contains.md): {% callout %} - [strings.Replace with 0 does not do anything](strings-replace-zero.md): {% callout %} - [Use strings.ReplaceAll instead of strings.Replace](strings-replaceall.md): {% callout %} - [Avoid StartsWith or EndsWith with one character](strings-with-one-char.md): {% callout %} - [Assignments within subexpressions reduce code clarity](subexpression-assignment.md): {% callout %} - [Subnet Component](subnet.md): Use the Subnet component to represent subnets from your Amazon Web Services architecture. - [Command coming from incoming request](subprocess-from-request.md): {% callout %} - [shell argument leads to unnecessary privileges](subprocess-shell-true.md): {% callout %} - [XML Documentation comments should have a summary](summary-documentation-comment.md): {% callout %} - [Setting Up Database Monitoring for Supabase](supabase.md): Database Monitoring provides deep visibility into your Supabase databases by exposing query metrics, query samples, e... - [Use parentheses with 'super' with arguments](super-with-args.md): {% callout %} - [Avoid superfluous else](superfluous-else.md): {% callout %} - [Does Cloudcraft support other cloud providers?](support-other-cloud-providers.md): Yes. Cloudcraft supports both AWS and Microsoft Azure. - [Getting Started with Datadog Support](support.md): Datadog provides two primary channels for customers seeking support: - [Support has no role associated](support-has-no-role-associated.md): {% callout %} - [What AWS components are supported?](supported-aws-components.md): Cloudcraft supports the following AWS components: - [Which Azure components are supported?](supported-azure-components.md): Cloudcraft supports the following Microsoft Azure components: - [Cloud Security Supported Deployment Types](supported-deployment-types.md): {% callout %} - [Supported Features](supported-features.md): {% callout %} - [Supported Frameworks](supported-frameworks.md): Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configu... - [Workload Protection Supported Linux Distributions](supported-linux-distributions.md): Workload Protection supports the following Linux distributions: - [Supported Platforms](supported-platforms.md): The Datadog Agent is supported on a range of widely used operating systems and platforms. If your operating system is... - [Language and Library Versions for Profiler Features](supported-versions.md): The following tables summarize the features available for each language runtime. - [Suppressions](suppressions.md): Available for: - [Do not use ConfigureAwaitOptions.SuppressThrowing with Task](suppressthrowing.md): {% callout %} - [Suspect Commits](suspect-commits.md): Error Tracking can identify suspect commits, helping you pinpoint the root cause of your errors and expedite resoluti... - [Suspected Causes](suspected-causes.md): Datadog assigns a suspected cause label to issues at creation time. The suspected cause label represents the first hy... - [Custom Instrumentation for Swift](swift.md): Datadog supports custom instrumentation for Swift applications when you use the [OpenTelemetry SDK](https://opentelem... - [The default case of a switch should be first or last](switch-default-first-or-last.md): {% callout %} - [Avoid switch with very few branches](switch-few-branches.md): {% callout %} - [Switch statements must have else clause](switch-when-else.md): {% callout %} - [Use symbols instead of strings for hash keys](symbols-as-keys.md): {% callout %} - [Autocomplete and Search](symdb.md): {% callout %} - [Do not redirect using arbitrary unsanitized values](symfony-arbitrary-redirect.md): {% callout %} - [Do not disable CSRF protection](symfony-csrf-disabled.md): {% callout %} - [Avoid unsafe CORS headers in Symfony](symfony-unsafe-cors.md): {% callout %} - [Synchronize Datadog's images with a private registry](sync-container-images.md): Datadog publishes container images in multiple public container registries. While this is convenient for many users, ... - [Synthetic Testing and Monitoring](synthetics.md): {% callout %} - [System Requirements](system-requirements.md): For the ideal user experience, Cloudcraft recommends using Google Chrome or other Chromium-based browsers, like Micro... - [The Private Cluster feature for AKS should be enabled](t1g-z9a-3l8.md): The Private Cluster feature for Azure Kubernetes Service (AKS) cluster is enabled. - [TLS connections between etcd peers should not use self-signed certificates](t6p-v9r-6k8.md): Classification:complianceFramework:cis-kubernetesControl:2.6 - [Table Widget](table.md): The table visualization displays columns of aggregated data grouped by tag key. Use tables to compare values across m... - [Tableau](tableau.md): Datadog's Tableau integration helps data teams make changes to their data platform without breaking dashboards, and i... - [Tables](tables.md): {% callout %} - [Always tag the version of an image](tag-image-version.md): {% callout %} - [Docker Tag Extraction](tag.md): The Datadog Agent can create and assign tags to all metrics, traces, and logs emitted by a container based on its lab... - [Tagging SQL Statements](tag-database-statements.md): This guide assumes that you have configured [Database Monitoring](https://docs.datadoghq.com/database_monitoring/#get... - [Tag Explorer](tag-explorer.md): [Cloud Cost Management](https://docs.datadoghq.com/cloud_cost_management/) detects the sources for all of your cost-r... - [Tag Pipelines](tag-pipelines.md): Tags are the foundation for all Cloud Cost Management analysis and allocation. They enable you to break down spending... - [Getting Started with Tags](tagging.md): Tags are a way of adding dimensions to Datadog telemetries so they can be filtered, aggregated, and compared in Datad... - [Tags](tags.md): The tag endpoint allows you to assign tags to hosts, for example:`role:database`. Those tags are applied to all metr... - [Do not use tainted URL](taint-url.md): {% callout %} - [Prevent SSRF](tainted-url-host.md): {% callout %} - [Detect an XPath input from an HTTP request](tainted-xpath.md): {% callout %} - [AWS Disable Cloudtrail with event selectors](tar-dhx-0hv.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [No ConfigureAwaitOptions.SuppressThrowing with Task](task-suppress-throwing.md): {% callout %} - [Potential database port open to the world via AWS security group](tb5-gf8-kj7.md): Classification:complianceTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-imp... - [Default encryption should be enabled on S3 buckets](tcg-c9p-gh4.md): Amazon S3 provides a variety of no-cost or low-cost encryption options to protect data at rest. - [Security groups should restrict traffic to trusted IPv4 addresses](tch-c9p-gh4.md): Security groups provide stateful filtering of ingress and egress network traffic to AWS resources. Allowing unrestric... - [The kubelet service file should have permissions of 644 or stricter](tcn-3y4-mfh.md): Classification:complianceFramework:cis-kubernetesControl:4.1.1 - [TCP UDP protocol network ACL entry allows all ports](tcp-or-udp-protocol-network-acl-entry-allows-all-ports.md): {% callout %} - [Team Connections](team-connections.md): title: Team Connections - [Team label missing on GCP resource](team-label-not-present.md): {% callout %} - [Team tag missing on AWS resource](team-tag-not-present.md): {% callout %} - [TeamCity Setup for CI Visibility](teamcity.md): {% callout %} - [Teams](teams.md): View and manage teams within Datadog. See the [Teams page](https://docs.datadoghq.com/account_management/teams/) for ... - [Telemetry Data](telemetry-data.md): Sensitive Data Scanner in the Cloud scans telemetry data, such as your application logs, APM events, RUM events, and ... - [Do not use telnet without encryption](telnet-request.md): {% callout %} - [Avoid hardcoded temporary file](tempfile-creation.md): {% callout %} - [Temporary file not deleted](tempfile-delete.md): {% callout %} - [Invalid permissions for temporary file](tempfile-permissions.md): {% callout %} - [Autodiscovery Template Variables](template-variables.md): [Autodiscovery](https://docs.datadoghq.com/getting_started/containers/autodiscovery) enables you to set static config... - [Templates](templates.md): Dynamic templates offer a comprehensive framework for improving incident response and operational efficiency. Using c... - [Terminated pod garbage collector threshold not properly set](terminated-pod-garbage-collector-threshold-not-properly-set.md): {% callout %} - [Terms and Concepts](terms.md): {% callout %} - [Getting Started with Terraform](terraform.md): You can use the [Datadog Terraform provider](https://registry.terraform.io/providers/DataDog/datadog/latest/docs) to ... - [Test method name should follow conventions](test-method-names.md): {% callout %} - [Test Optimization](test-optimization.md): Search and manage flaky tests through Test Optimization. See the [Test Optimization page](https://docs.datadoghq.com/... - [Getting Started with Test Impact Analysis](test-impact-analysis.md): {% alert level="danger" %} - [Getting Started with Test Optimization](test-optimization-2.md): {% callout %} - [Test Optimization in Datadog](tests.md): {% callout %} - [Text label Component](text-label.md): The Text label component can be used to label components, icons, and areas in a diagram, increasing readability and v... - [Threat Intelligence](threat-intelligence.md): {% callout %} - [Threat Intelligence](threat-intelligence-2.md): Available for: - [Workload Protection](threats.md): Workload Protection monitors file, network, and process activity across your environment to detect real-time threats ... - [Ticketing Integrations](ticketing-integrations.md): Available for: - [Error Tracking Ticketing System Integrations](ticketing-systems.md): Datadog Error Tracking integrates with your existing ticketing workflows to streamline issue resolution. Link Error T... - [Tiller Deployment accessible within cluster](tiller-deployment-is-accessible-from-within-the-cluster.md): {% callout %} - [Tiller (Helm v2) deployed](tiller-is-deployed.md): {% callout %} - [Tiller Service present](tiller-service-is-not-deleted.md): {% callout %} - [Use Since() instead of Now().Sub()](time-now-sub.md): {% callout %} - [Prefer `Time.now` over `Time.new`](time-now.md): {% callout %} - [Avoid custom time format](time-parse-format.md): {% callout %} - [Timeboard API](timeboard-api-doc.md): {% alert level="warning" %} - [Timeboards](timeboards.md): This endpoint is outdated. Use the [new Dashboard endpoint](https://docs.datadoghq.com/api/latest/dashboards/) instead. - [Timeline](timeline.md): {% image - [Timeseries Widget](timeseries.md): The timeseries visualization allows you to display the evolution of one or more metrics, log events, or Indexed Spans... - [Timeshift](timeshift.md): Here is a set of functions performing a time shift of your data. These functions display the values from the correspo... - [Timestream Component](timestream.md): Use the Timestream component to represent visualize serverless time-series databases from your Amazon Web Services ar... - [Beta - TKE cluster encryption protection disabled](tke-cluster-encryption-protection-disabled.md): {% callout %} - [Beta - TKE cluster has public access](tke-cluster-has-public-access.md): {% callout %} - [Beta - TKE cluster log agent is not enabled](tke-cluster-log-disabled.md): {% callout %} - [Do not use insecure ciphers](tls-cipher.md): {% callout %} - [Ensure TLS verification](tls-skip-verify.md): {% callout %} - [TLS connection certificate not set up](tls-connection-certificate-not-setup.md): {% callout %} - [Token auth file is set](token-auth-file-is-set.md): {% callout %} - [do not use too many nested if conditions](too-many-nested-if.md): {% callout %} - [do not use too many nested loops and conditions](too-many-while.md): {% callout %} - [Organize methods in modules](top-level-methods.md): {% callout %} - [Top List Widget](top-list.md): The top list visualization enables you to display a list of tag values with the most or least of any metric or event ... - [Topology Map Widget](topology-map.md): The Topology Map widget displays a visualization of data sources and their relationships to help understand how data ... - [ToString() should never return `null`](tostring-not-return-null.md): {% callout %} - [The file permissions on docker.socket should be set to 644 or stricter](tpb-xvh-rnd.md): Classification:complianceFramework:cis-dockerControl:3.4 - [Installing the trace Agent from source](trace-agent-from-source.md): 1. Install`Go 1.11+`. For more information, see the steps on the [official Go website](https://golang.org/dl). - [Tracing PHP CLI Scripts](trace-php-cli-scripts.md): A short-running script typically runs for a few seconds or minutes. The expected behavior is to receive one trace eac... - [Application Instrumentation](trace-collection.md): To get started with Datadog APM, you need to follow these key steps: - [Trace Context Propagation](trace-context-propagation.md): Trace Context propagation is the mechanism of passing tracing information like Trace ID, Span ID, and sampling decisi... - [Trace Explorer](trace-explorer.md): {% image - [Ingestion volume control with APM Distributed Tracing](trace-ingestion-volume-control.md): The [Ingestion control page](https://docs.datadoghq.com/tracing/trace_pipeline/ingestion_controls) provides granular ... - [The Trace Pipeline](trace-pipeline.md): {% image - [Trace Qualification](trace-qualification.md): {% callout %} - [Trace Queries](trace-queries.md): With Trace Queries, you can find entire traces based on the properties of multiple spans and the relationships betwee... - [Trace Queries Source Data](trace-queries-dataset.md): With Trace Queries, you can find entire traces based on the properties of multiple spans and the relationships betwee... - [Trace Retention](trace-retention.md): {% image - [Trace View](trace-view.md): {% image - [Tracer Debug Logs](tracer-debug-logs.md): {% alert level="danger" %} - [Tracer Startup Logs](tracer-startup-logs.md): Tracer startup logs capture all obtainable information at startup and log it as`DATADOG TRACER CONFIGURATION`,`DATA... - [APM](tracing.md): {% callout %} - [Span Tag Semantics](tracing-naming-convention.md): [Datadog tracing libraries](https://docs.datadoghq.com/tracing/setup_overview/) provide out-of-the-box support for in... - [Track Dashboard Access and Configuration Changes](track-dashboard-access-and-configuration-changes.md): Audit Trail provides Datadog administrators visibility into who within the organization is using Datadog and how they... - [Track Monitor Access and Configuration Changes](track-monitor-access-and-configuration-changes.md): Audit Trail provides Datadog administrators visibility into who within the organization is using Datadog and how they... - [Do not use trailing underscores in destructuring assignments](trailing-underscore-variables.md): {% callout %} - [Transfer Account and Team Ownership](transfer-ownership.md): When creating a team in your Cloudcraft account, you are automatically granted owner role permissions. As an owner of... - [Transit Gateway Component](transit-gateway.md): Use the Transit Gateway component to represent transit gateway attachments from your Amazon Web Services architecture. - [Treemap Widget](treemap.md): The treemap widget allows you to display proportions of one or more datasets. This widget can display a single datase... - [Triage and Investigate](triage-and-investigate.md): Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These ... - [Triage and Notify](triage-and-notify.md): {% callout %} - [Event Management Triage Inbox](triage-inbox.md): {% callout %} - [Automation Rules](trigger.md): {% callout %} - [Trigger a Page](triggering-pages.md): {% callout %} - [Avoid triple slash in favor of ES6 import declarations](triple-slash-reference.md): {% callout %} - [APM Troubleshooting](troubleshooting.md): If you experience unexpected behavior while using Datadog APM, read the information on this page to help resolve the ... - [Enforce trust boundaries](trust-boundaries.md): {% callout %} - [Trusted Microsoft services not enabled](trusted-microsoft-services-not-enabled.md): {% callout %} - [Flag insecure TrustKit certificate pinning settings](trustkit-pinning.md): {% callout %} - [Enforce key prop for JSX elements in lists or iterators](tsx-key.md): {% callout %} - [Key props must be unique in JSX elements.](tsx-no-duplicate-key.md): {% callout %} - [Prevent target="_blank" links from security risks](tsx-no-target-blank.md): {% callout %} - [Self-signed certificates should not be used for etcd TLS](tu8-xey-mp2.md): Classification:complianceFramework:cis-kubernetesControl:2.3 - [Fine-tuning Workload Protection Security Signals](tuning-rules.md): Workload Protection monitors suspicious activity occurring at the workload level. However, in some cases, benign acti... - [Tuples should not be too large](tuples-too-large.md): {% callout %} - [Tutorial - Enabling Tracing for a Go Application on Amazon ECS with EC2](tutorial-enable-go-aws-ecs-ec2.md): This tutorial walks you through the steps for enabling tracing on a sample Go application installed in a cluster on A... - [Tutorial - Enabling Tracing for a Go Application on Amazon ECS with Fargate](tutorial-enable-go-aws-ecs-fargate.md): This tutorial walks you through the steps for enabling tracing on a sample Go application installed in a cluster on A... - [>-](tutorial-enable-go-containers.md): This tutorial walks you through the steps for enabling tracing on a sample Go application installed on a container. I... - [>-](tutorial-enable-go-host.md): This tutorial walks you through the steps for enabling tracing on a sample Go application installed on a host. In thi... - [>-](tutorial-enable-java-admission-controller.md): This tutorial walks you through the steps to enable tracing for Java Application using the Datadog Admission Controller. - [Tutorial - Enabling Tracing for a Java Application on Amazon ECS with EC2](tutorial-enable-java-aws-ecs-ec2.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a cluster on... - [Tutorial - Enabling Tracing for a Java Application on Amazon ECS with Fargate](tutorial-enable-java-aws-ecs-fargate.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a cluster on... - [>-](tutorial-enable-java-aws-eks.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a cluster on... - [>-](tutorial-enable-java-container-agent-host.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a container.... - [>-](tutorial-enable-java-containers.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a container.... - [Tutorial - Enabling Tracing for a Java Application on Google Kubernetes Engine](tutorial-enable-java-gke.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed in a cluster on... - [>-](tutorial-enable-java-host.md): This tutorial walks you through the steps for enabling tracing on a sample Java application installed on a host. In t... - [>-](tutorial-enable-python-container-agent-host.md): This tutorial walks you through the steps for enabling tracing on a sample Python application installed in a containe... - [>-](tutorial-enable-python-containers.md): This tutorial walks you through the steps for enabling tracing on a sample Python application installed in a containe... - [>-](tutorial-enable-python-host.md): This tutorial walks you through the steps for enabling tracing on a sample Python application installed on a host. In... - [Static Code Analysis Custom Rule Creation Tutorial](tutorial.md): {% callout %} - [Using TV mode for Dashboards](tv-mode.md): TV mode is designed to display Datadog dashboards on large screens by ensuring that all widgets are visible without r... - [The kube-proxy configuration file should be owned by root:root](twq-bfg-rvn.md): Classification:complianceFramework:cis-kubernetesControl:4.1.4 - [Enforce comment placement in type argument](type-argument-comment.md): {% callout %} - [use isinstance instead of type](type-check-isinstance.md): {% callout %} - [Avoid comments directly within Kotlin type parameters](type-parameter-comment.md): {% callout %} - [Widget Types](types.md): - [Bar Chart](https://docs.datadoghq.com/dashboards/widgets/bar_chart) - [System authentication files modified](tz1-6vg-1yz.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1556-modify-... - [Blob Containers anonymous access should be restricted](tzw-4b4-bz5.md): Ensures that Azure Storage Blob Containers are not publicly accessible. - [The network security group should allow specific port rules](u2p-1da-83i.md): Azure Network Security Group (NSG) is configured to allow specific ports rather than all ports or port ranges. - [The kubelet.conf file should be owned by root](u9w-ibn-93s.md): Classification:complianceFramework:cis-kubernetesControl:4.1.6 - [Ensure that UDP services are restricted from the Internet](udp-services-not-restricted-from-internet.md): {% callout %} - [New user seen executing a command in an ECS task](ugx-lde-wnu.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1651-cl... - [Shell process created by Java application](uho-muk-xqy.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1190-exploit-publi... - [Mongo injections attempts](um5-ks6-4uq.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [>-](umr-s7e-j9c.md): Classification:complianceFramework:cis-dockerControl:5.25 - [The read-only port should be disabled in Kubelet](un9-i5i-b9s.md): Classification:complianceFramework:cis-kubernetesControl:4.2.4 - [Why am I unable to iFrame certain HTTPS URLs?](unable-to-iframe.md): The issue most likely has to do with the headers set on the URL page, specifically`X-Frame-Options:`. - [Enforce unary operator spacing](unary-operator-spacing.md): {% callout %} - [Avoid using undefined exceptions](undefined-exception.md): {% callout %} - [Use of socket on HTTP port](unencrypted-socket.md): {% callout %} - [Avoid formatted string in templates](unescape-template-data-js.md): {% callout %} - [Unified Tagging Advanced Usage Guide](unified-tagging-advanced-usage.md): This guide shows ways to configure and migrate to [unified service tagging](https://docs.datadoghq.com/getting_starte... - [Unified Service Tagging](unified-service-tagging.md): Unified service tagging ties Datadog telemetry together by using three [reserved tags](https://docs.datadoghq.com/get... - [Function argument names should be unique](unique-function-arguments.md): {% callout %} - [Customize your visualizations with unit override](unit-override.md): The unit override feature in visualizations allows you to customize how your data is labeled. This guide covers the c... - [Unity Crash Reporting and Error Tracking](unity.md): Enable Crash Reporting and Error Tracking to get comprehensive crash reports and error trends with Real User Monitoring. - [Universal Service Monitoring](universal-service-monitoring.md): {% callout %} - [DogStatsD over Unix Domain Socket](unix-socket.md): Starting with version 6.0, the Agent can ingest metrics with a Unix Domain Socket (UDS) as an alternative to UDP tran... - [Unknown port exposed to internet](unknown-port-exposed-to-internet.md): {% callout %} - [Remove unnecessary blank identifiers](unnecessary-blank-identifier.md): {% callout %} - [Checks for always-true expressions on collections and arrays](unnecessary-length-count-check.md): {% callout %} - [Use str_replace when a regex is unnecessary](unnecessary-preg-replace.md): {% callout %} - [Unpinned actions full length commit SHA](unpinned-actions-full-length-commit-sha.md): {% callout %} - [AWS EC2 new event for application](unr-9hi-6ng.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1580-cloud-infrast... - [avoid unreachable code](unreachable-code.md): {% callout %} - [Beta - unrestricted Databricks ACL](unrestricted-acl.md): {% callout %} - [Unrestricted security group ingress](unrestricted-security-group-ingress.md): {% callout %} - [Unrestricted SQL server access](unrestricted-sql-server-access.md): {% callout %} - [Avoid unsafe CORS headers](unsafe-cors.md): {% callout %} - [Do not use unsafe deserialization](unsafe-deserialization.md): {% callout %} - [Avoid enabling entity loader](unsafe-entity-loader.md): {% callout %} - [A rule against functions that may have vulnerabilities.](unsafe-functions.md): {% callout %} - [Unsafe reflection](unsafe-reflection.md): {% callout %} - [Avoid unsafe temporary file creation](unsafe-temp-file.md): {% callout %} - [Unscanned ECR image](unscanned-ecr-image.md): {% callout %} - [Unsecured commands](unsecured-commands.md): {% callout %} - [Ensure loop references are unset after the loop](unset-loop-references.md): {% callout %} - [Unspecified Workflows Level Permissions](unspecified-workflows-permissions.md): {% callout %} - [Do not define env vars from user input](untrusted-env-var.md): {% callout %} - [Avoid unused parameters](unused-parameters.md): {% callout %} - [Do not use unvalidated request](unvalidated-redirect.md): {% callout %} - [Upgrade to Datadog Agent 7](upgrade.md): {% alert level="info" %} - [Upgrade your Datadog Agent](upgrade-agent-fleet-automation.md): Datadog recommends you update your Datadog Agent with every [minor and patch](https://github.com/DataDog/datadog-agen... - [>-](ur9-gbd-pl9.md): Create an activity log alert for the Create or Update SQL Server Firewall Rule event. - [Use of unsanitized data to open API](urlopen-unsanitized-data.md): {% callout %} - [Migrating to Hourly and Monthly Usage Attribution APIs](usage-attribution-migration.md): This guide provides instructions for migrating from the v1 usage attribution APIs to the v2 APIs. The v1 APIs are dep... - [Usage Metering](usage-metering.md): The usage metering API allows you to get hourly, daily, and monthly usage across multiple facets of Datadog. This API... - [New CSV headers for Cost Chargebacks](usage-trends.md): CSV header changes take effect the week of February 19, 2024. Below is an example of the new CSV structure. Use this ... - [Using Datadog CoTerm](usage.md): At the beginning and end of every recorded terminal session, CoTerm displays a link to view the session in Datadog. Y... - [Usage Attribution](usage-attribution.md): Administrators or users with the Usage Read permission can access the Usage Attribution tab from the Plan & Usage sec... - [Usage Details](usage-details.md): Administrators can access the [Usage](https://app.datadoghq.com/account/usage/hourly) page by hovering over their use... - [Estimated Usage Metrics](usage-metrics.md): tbody code{word-break:break-word!important} - [View and Alert on APM Usage](usage-monitor-apm.md): Datadog has many pricing plans to fit your needs. For more information, see the [Pricing page](https://www.datadoghq.... - [Use absolute paths or. use WORKDIR to switch directories](use-absolute-paths.md): {% callout %} - [Use Assembly.Load](use-assembly-load.md): {% callout %} - [do not use hasattr to check if a value is callable](use-callable-not-hasattr.md): {% callout %} - [Use Community and Marketplace Integrations](use-community-integrations.md): Community developed integrations for the Datadog Agent are stored in the Datadog [integrations-extra](https://github.... - [use convenience imports whenever possible](use-convenience-imports.md): {% callout %} - [Using Filters to Create Better Diagrams](use-filters-to-create-better-diagrams.md): The number of components rendered at once for large environment diagrams can introduce performance and readability is... - [Avoid direct comparison with NaN](use-isnan.md): {% callout %} - [use jsonify instead of json.dumps for JSON output](use-jsonify.md): {% callout %} - [Enforce Guid parameter initialization](use-proper-new-guid.md): {% callout %} - [prefer read_csv to read_table](use-read-csv-not-read-table.md): {% callout %} - [Do not throw generic exceptions](use-specific-exceptions.md): {% callout %} - [Use standard crypto algorithms](use-standard-crypto.md): {% callout %} - [Use StringBuffer to concatenate strings](use-stringbuffer.md): {% callout %} - [Prefer StringBuilder when building string in a loop](use-stringbuilder.md): {% callout %} - [Prefer using `warn` over `$stderr.puts`](use-warn.md): {% callout %} - [Use Datastores with Apps and Workflows](use.md): {% callout %} - [Use CI jobs failure analysis to identify root causes in failed jobs](use-ci-jobs-failure-analysis.md): {% callout %} - [Beta - Databricks cluster uses non-LTS Spark version](use-lts-spark-version.md): {% callout %} - [Use service account credentials not set to true](use-service-account-credentials-not-set-to-true.md): {% callout %} - [Beta - job's task is legacy (spark_submit_task)](use-spark-submit-task.md): {% callout %} - [Avoid useless bit operations](useless-bitwise-operation.md): {% callout %} - [Avoid useless null checks on guaranteed non-null values.](useless-null.md): {% callout %} - [Avoid useless statements in code](useless-statement.md): {% callout %} - [User data contains encoded private key](user-data-contains-encoded-private-key.md): {% callout %} - [IAM user without password reset](user-iam-missing-password-reset-required.md): {% callout %} - [User with IAM role](user-with-iam-role.md): {% callout %} - [User with privilege escalation by actions 'glue:UpdateDevEndpoint](user-with-privilege-escalation-by-actions-glue-updatedevendpoint.md): {% callout %} - [User with privilege escalation by actions 'iam:AddUserToGroup](user-with-privilege-escalation-by-actions-iam-addusertogroup.md): {% callout %} - [User with privilege escalation by actions 'iam:AttachGroupPolicy](user-with-privilege-escalation-by-actions-iam-attachgrouppolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:AttachRolePolicy](user-with-privilege-escalation-by-actions-iam-attachrolepolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:AttachUserPolicy](user-with-privilege-escalation-by-actions-iam-attachuserpolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:CreateAccessKey](user-with-privilege-escalation-by-actions-iam-createaccesskey.md): {% callout %} - [User with privilege escalation by actions 'iam:CreateLoginProfile](user-with-privilege-escalation-by-actions-iam-createloginprofile.md): {% callout %} - [User with privilege escalation by actions 'iam:CreatePolicyVersion](user-with-privilege-escalation-by-actions-iam-createpolicyversion.md): {% callout %} - [>-](user-with-privilege-escalation-by-actions-iam-passrole-and-cloudformation-create.md): {% callout %} - [>-](user-with-privilege-escalation-by-actions-iam-passrole-and-ec2-runinstances.md): {% callout %} - [>-](user-with-privilege-escalation-by-actions-iam-passrole-and-glue-createdevendpoin.md): {% callout %} - [>-](user-with-privilege-escalation-by-actions-iam-passrole-and-lambda-createfunction.md): {% callout %} - [User with privilege escalation by actions 'iam:PutGroupPolicy](user-with-privilege-escalation-by-actions-iam-putgrouppolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:PutRolePolicy](user-with-privilege-escalation-by-actions-iam-putrolepolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:PutUserPolicy](user-with-privilege-escalation-by-actions-iam-putuserpolicy.md): {% callout %} - [User with privilege escalation by actions 'iam:SetDefaultPolicyVersion](user-with-privilege-escalation-by-actions-iam-setdefaultpolicyversion.md): {% callout %} - [>-](user-with-privilege-escalation-by-actions-iam-updateassumerolepolicy-and-sts-ass.md): {% callout %} - [User with privilege escalation by actions 'iam:UpdateLoginProfile](user-with-privilege-escalation-by-actions-iam-updateloginprofile.md): {% callout %} - [User with privilege escalation by actions 'lambda:UpdateFunctionCode](user-with-privilege-escalation-by-actions-lambda-updatefunctioncode.md): {% callout %} - [Use -l with useradd](useradd-l-flag.md): {% callout %} - [Setting and Querying User and Account Information in Traces](users-accounts.md): Getting visibility into users and accounts in APM helps you understand which users are affected by performance issues... - [Users](users.md): Create, edit, and disable users. - [Users Explorer](users-explorer.md): {% callout %} - [React's useState should not be directly called](usestate-direct-usage.md): {% callout %} - [Using the Bits menu](using-bits-menu.md): Using Cloudcraft's Bits menu, you can seamlessly move from any resource within Cloudcraft to the most relevant views ... - [Prevents the return of an IDisposable from a using statement](using-idisposable-return.md): {% callout %} - [Using the API](using-the-api.md): Use the Datadog HTTP API to access the Datadog platform programmatically. You can use the API to send data to Datadog... - [Using default namespace](using-default-namespace.md): {% callout %} - [Using default service account](using-default-service-account.md): {% callout %} - [Using Kubernetes native secret management](using-kubernetes-native-secret-management.md): {% callout %} - [Using Tags](using-tags.md): After [assigning tags](https://docs.datadoghq.com/getting_started/tagging/assigning_tags/), start using them to filte... - [Using unrecommended namespace](using-unrecommended-namespace.md): {% callout %} - [Using Vega-Lite with Wildcard Widgets in Datadog](using-vega-lite-in-wildcard-widgets.md): When using Vega-Lite with Wildcard widgets in Datadog, you'll find extensions to the Vega-Lite specification which ar... - [Migrate DatadogAgent CRDs to v2alpha1](v2alpha1-migration.md): This page discusses how to convert your DatadogAgent Custom Resources Definitions (CRDs) from`v1alpha1`to version`... - [Migrate to dd-trace-py v3](v3.md): Version 3.0.0 of`dd-trace-py`drops support for Python 3.7 and removes previously deprecated APIs. This guide provid... - [Containers should not be generally permitted to run with hostIPC flag](v32-b38-9yc.md): Classification:complianceFramework:cis-kubernetesControl:5.2.3 - [Migrate to dd-trace-py v4](v4.md): Version 4.0.0 of`dd-trace-py`drops support for older Python versions, removes deprecated APIs, and creates new defa... - [Okta MFA reset for user](v47-nhm-752.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1556-modif... - [Brute forced ConsoleLogin event correlates with an assumed role event](v5u-24i-koa.md): Classification:attack - [>-](v5z-8zy-27i.md): Classification:complianceFramework:cis-dockerControl:5.7 - [The 'root' account should not be used for daily tasks](v9v-uhp-uk5.md): With the creation of an AWS account, a root user is established that cannot be disabled or deleted. This user has unr... - [Avoid invalid regular expression](valid-regular-expression.md): {% callout %} - [Compare typeof expressions against valid strings](valid-typeof.md): {% callout %} - [Enforce comment placement in value argument](value-argument-comment.md): {% callout %} - [Check variable names for wording issues](var-definition.md): {% callout %} - [Check variable assignment language](variable-assignment.md): {% callout %} - [check variable names for wording issues](variable-name.md): {% callout %} - [Avoid keywords as variables names](variable-names.md): {% callout %} - [Follow variable naming conventions](variable-naming-conventions.md): {% callout %} - [Avoid SQL injections](variable-sql-statement-injection.md): {% callout %} - [Variable without description](variable-without-description.md): {% callout %} - [Variable without type](variable-without-type.md): {% callout %} - [State Variables](variables.md): {% callout %} - [Vault auditing disabled](vault-auditing-disabled.md): {% callout %} - [Google Cloud BigQuery - query results saved to cloud storage](vbn-7w6-qqu.md): Classification:attackTactic:[TA0010-exfiltration](https://attack.mitre.org/tactics/TA0010)Technique:[T1537-transfer-d... - [Kubelet client certificate rotation should be enabled](vc8-r6d-eye.md): Classification:complianceFramework:cis-kubernetesControl:4.2.11 - [Sleep is in nanoseconds by default; verify short sleep](verify-short-sleep.md): {% callout %} - [Always validate SSL/TLS certificates](verify-ssl-certificates.md): {% callout %} - [Always verify SSL/TLS hostnames when validating certificates](verify-ssl-hostname.md): {% callout %} - [Version History](version-history.md): Version history allows users to track changes in their architecture diagrams over time, allowing them to review and r... - [Agent Version differences](version-differences.md): {% alert level="info" %} - [Version History for Dashboards](version-history-2.md): Version History automatically tracks changes made to your dashboards and saves previous versions so you can see exact... - [View Continuous Testing Test Runs in Test Optimization](view-continuous-testing-test-runs-in-test-optimization.md): {% callout %} - [View and Manage Cases](view-and-manage.md): {% callout %} - [Virtual machine Component](virtual-machine.md): You can use the Virtual Machine component to represent and visualize virtual machines from your Azure environment. - [Virtual network with DDoS protection plan disabled](virtual-network-with-ddos-protection-plan-disabled.md): {% callout %} - [Span Visualizations](visualize.md): Visualizations define how the queried span data is displayed. Select relevant visualizations to surface valuable info... - [VM not attached to network](vm-not-attached-to-network.md): {% callout %} - [Serial ports are enabled for VM instances](vm-serial-ports-are-enabled-for-vm-instances.md): {% callout %} - [VM with full cloud access](vm-with-full-cloud-access.md): {% callout %} - [Load Balancers should use the latest security policy](vn4-vpi-u7q.md): Secure your Amazon Application Load Balancer (ALB) with the latest predefined AWS security policy. - [Volume mount with OS directory write permissions](volume-mount-with-os-directory-write-permissions.md): {% callout %} - [VPC Endpoint Component](vpc-endpoint.md): Use the VPC Endpoint component to visualize VPC endpoints from your Amazon Web Services architecture. - [VPC Component](vpc.md): Use the VPC component to represent isolated virtual network from your Amazon Web Services architecture. - [VPC attached with too many gateways](vpc-attached-with-too-many-gateways.md): {% callout %} - [VPC default security group accepts all traffic](vpc-default-security-group-accepts-all-traffic.md): {% callout %} - [Beta - VPC flow logs disabled](vpc-flow-log-disabled.md): {% callout %} - [VPC flow logs disabled](vpc-flow-logs-disabled.md): {% callout %} - [VPC Flow Logs disabled](vpc-flowlogs-disabled.md): {% callout %} - [VPC peering route table with unrestricted CIDR](vpc-peering-route-table-with-unrestricted-cidr.md): {% callout %} - [VPC subnet assigns public IP](vpc-subnet-assigns-public-ip.md): {% callout %} - [VPC without attached subnet](vpc-without-attached-subnet.md): {% callout %} - [VPC without Network Firewall](vpc-without-network-firewall.md): {% callout %} - [VPN Gateway Component](vpn-gateway.md): Use the VPN Gateway component to represent site-to-site VPN connections in your Amazon Web Services architecture. - [Beta - Nifcloud VPN gateway undefined security group to VPN gateway](vpn-gateway-security-group-undefined.md): {% callout %} - [Datadog Extension for VS Code & Cursor](vscode.md): {% callout %} - [vSphere Integration Billing](vsphere.md): Datadog bills for each Agent installed on a vCenter server and each VM and ESXi host monitored. - [Cloud Security Vulnerabilities](vulnerabilities.md): Cloud Security Vulnerabilities helps you improve your security posture and achieve compliance, by continuously scanni... - [Vulnerable default SSL certificate](vulnerable-default-ssl-certificate.md): {% callout %} - [ConsoleLogin event correlates privileged policy applying to a role](vur-0bv-k08.md): Classification:attack - [An AWS S3 bucket mfaDelete is disabled](vvv-5pb-z59.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Pwnkit privilege escalation attempt](vw5-94j-nr5.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1068-ex... - [Azure Login Explicitly Denied MFA](w6m-rmy-hra.md): Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1110-brute... - [S3 bucket contents should only be accessible by authorized principals](w95-9o2-mw0.md): Update your bucket policy as the contents of your Amazon S3 bucket are publicly accessible. - [WAF Integrations](waf-integration.md): {% callout %} - [WAF Component](waf.md): Use the WAF component to represent visualize web application firewalls from your Amazon Web Services architecture. - [WAF is disabled for Azure application gateway](waf-is-disabled-for-azure-application-gateway.md): {% callout %} - [Datadog Watchdog™](watchdog.md): Watchdog is Datadog's AI engine, providing you with automated alerts, insights, and root cause analyses that draw fro... - [Watchdog Explains](watchdog-explains.md): Watchdog Explains is an investigation assistant that detects anomalies on timeseries graphs and identifies which tags... - [/var/lib/docker should be audited](wbd-dbk-yf8.md): Classification:complianceFramework:cis-dockerControl:1.2.4 - [The daemon.json file should have permissions set to 644 or stricter](wc9-677-7id.md): Classification:complianceFramework:cis-dockerControl:3.18 - [AWS GuardDuty finding](we5-t9i-qng.md): Detect when an [AWS GuardDuty finding](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html) has b... - [Do not use weak ciphers](weak-cipher.md): {% callout %} - [Do not use a weak hash algorithm](weak-hash-algorithm.md): {% callout %} - [Avoid weak hash algorithms](weak-hash-algorithms.md): {% callout %} - [Weak keychain, allowing an attacker to get secret data](weak-keychain.md): {% callout %} - [MD2, MD4, and MD5 are weak hash functions](weak-message-digest-md5.md): {% callout %} - [SHA-1 is a weak hash function](weak-message-digest-sha1.md): {% callout %} - [Use of cryptographically weak Pseudo-Random Number Generator](weak-random.md): {% callout %} - [Do not use weak SSL protocols](weak-ssl-protocols.md): {% callout %} - [Weak TLS cipher suites](weak-tls-cipher-suites.md): {% callout %} - [Web app Component](web-app.md): You can use the Web App component to represent and visualize web applications from your Azure environment. - [Web app accepting traffic other than HTTPS](web-app-accepting-traffic-other-than-https.md): {% callout %} - [Permissive Web ACL default action](webacl-allow-defaultaction.md): {% callout %} - [Webhooks Integration](webhooks-integration.md): Configure your Datadog-Webhooks integration directly through the Datadog API. See the [Webhooks integration page](htt... - [Allowing javascript to open windows is dangerous](webview-config.md): {% callout %} - [Compare a Service's latency to the previous week](week-over-week-p50-comparison.md): *2 minutes to complete* - [AWS Route 53 VPC disassociated from query logging configuration](wem-cvg-42m.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](wgm-8ss-pvn.md): Classification:complianceFramework:cis-kubernetesControl:1.1.15 - [What best practices are recommended for naming metrics and tags?](what-best-practices-are-recommended-for-naming-metrics-and-tags.md): Naming convention is an art and possibly one of the most difficult decisions to agree on. Defining a naming conventio... - [Will I lose my diagrams if I downgrade?](what-happens-downgrade.md): No, you will not lose access to your diagrams when downgrading your account to Cloudcraft's free tier. You can contin... - [Loops can be simplified or removed](while-loop-with-literal-boolean.md): {% callout %} - [Prefer until over while for negative conditions](while-with-negatives.md): {% callout %} - [Why can't I export diagrams as Terraform code anymore?](why-cant-export-diagram-to-terraform.md): The **Export to Terraform** feature relied on a third-party provider, which limited our ability to support and improv... - [Why should I install the Datadog Agent on my cloud instances?](why-should-i-install-the-agent-on-my-cloud-instances.md): The Datadog Agent is software that runs on your hosts. It collects events and metrics from hosts and sends them to Da... - [Selecting the right colors for your graphs](widget-colors.md): In Datadog graphs, color is the primary method by which you can distinguish between series of data. Selecting the rig... - [Widgets](widgets.md): Dashboard widgets are visual representations of data. They serve as the building blocks for your [dashboards](https:/... - [Wildcard Widget](wildcard.md): The Wildcard widget in Datadog extends the flexibility of the [open-source Vega-Lite](https://vega.github.io/vega-lit... - [Wildcard Widget Examples](wildcard-examples.md): The Wildcard widget provides a powerful way to create custom visualizations in Datadog dashboards using Vega-Lite, a ... - [Wildcard in ACM certificate domain name](wildcard-in-acm-certificate-domain-name.md): {% callout %} - [Datadog Windows Agent User](windows-agent-ddagent-user.md): By default, the Windows Agent uses the`ddagentuser`account created at install time. The account is assigned to the ... - [Single Step APM Instrumentation on Windows](windows.md): With Single Step Instrumentation (SSI), you can enable APM for your Java and .NET applications on Windows VMs using a... - [Windows Containers Issues](windows-containers.md): This page describes known and open issues for Containerized Windows Applications Monitoring. - [Windows Agent attributes and helpers](windows-expressions.md): This documentation describes Windows attributes and helpers of the [Datadog's Security Language (SECL)](https://docs.... - [Setting Up Cloud Security without Infrastructure Monitoring](without-infrastructure-monitoring.md): In addition to setting up Cloud Security with or without an Agent, you can also set it up without Infrastructure Moni... - [Okta policy rule deleted](wiz-kf3-3yo.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Shell command history modified](wn5-psv-go1.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1070-indicat... - [SSL certificate tampering](wnt-129-8hr.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1553-subvert... - [I can't create IAM roles in AWS. How can I add an AWS account?](workaround-add-aws-account-without-permission.md): Connecting your AWS account with Cloudcraft requires an AWS user with permissions to create IAM roles. - [Workflow Automation](workflow-automation.md): {% callout %} - [Workflow Automation](workflow-automation-2.md): Datadog [Workflow Automation](https://docs.datadoghq.com/actions/workflows/) billing is based on the number of **work... - [Workflow Automation](workflows.md): {% callout %} - [Workload host port not specified](workload-host-port-not-specified.md): {% callout %} - [Workload mounting with sensitive OS directory](workload-mounting-with-sensitive-os-directory.md): {% callout %} - [Workload Protection](workload-protection.md): Workload Protection monitors file, network, and process activity across your environment to detect real-time threats ... - [Workload Protection Detection Rules](workload-security-rules.md): This topic explains how Workload Protection actively monitors system activity and evaluates it against a set of out-o... - [Workspace without encryption](workspace-without-encryption.md): {% callout %} - [Workspaces workspace volume not encrypted](workspaces-workspace-volume-not-encrypted.md): {% callout %} - [A new Kubernetes admission controller was created](wpm-g1s-8yx.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1578-modify-... - [Prefer using self over write attribute](write-attribute.md): {% callout %} - [Do not create a file with too much permissions](write-file-permissions.md): {% callout %} - [Writing a Custom Agent Check](write-agent-check.md): This page takes you through the process of building a basic "Hello world!" custom Agent check. It also shows you how ... - [Writing Custom Rules with Rego](writing-rego-rules.md): Open Policy Agent (OPA) provides [Rego](https://www.openpolicyagent.org/docs/latest/#rego), an open source policy lan... - [Unfamiliar process created by web application](wub-i7c-72x.md): Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1190-exploit-publi... - [AWS GuardDuty publishing destination deleted](wv9-wm3-v0s.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [Docker-related files should be audited in /etc/docker](wvt-2gh-pmt.md): Classification:complianceFramework:cis-dockerControl:1.2.5 - [The critical containers should be configured to remain responsive](wys-u76-jdp.md): Classification:complianceFramework:cis-dockerControl:5.11 - [OneLogin user viewed secure note](xbm-10x-93a.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1526-cloud-service... - [The Docker instance should not use AUFS as its storage driver](xci-3xk-aim.md): Classification:complianceFramework:cis-dockerControl:2.5 - [The default Docker configuration file should be audited on RHEL](xci-6f7-aip.md): Classification:complianceFramework:cis-dockerControl:1.2.9 - [The API server should verify the kubelet's certificate before connecting](xck-irw-85e.md): Classification:complianceFramework:cis-kubernetesControl:1.2.6 - [Do not use external XML entities](xml-no-external-entities.md): {% callout %} - [XML parsing vulnerable to XEE](xml-parsing-xee.md): {% callout %} - [XML parsing vulnerable to XXE for SAX Parsers](xml-parsing-xxe-saxparser.md): {% callout %} - [XML parsing vulnerable to XXE for TransformerFactory](xml-parsing-xxe-transformer.md): {% callout %} - [XML parsing vulnerable to XXE for XML Reader](xml-parsing-xxe-xmlreader.md): {% callout %} - [XML parsing vulnerable to XXE for XPath](xml-parsing-xxe-xpath.md): {% callout %} - [Avoid using unsafe flags in XML parsers](xml-unsafe-parser-flags.md): {% callout %} - [The default Docker configuration file should be audited, if applicable](xne-zp2-ari.md): Classification:complianceFramework:cis-dockerControl:1.2.8 - [Detect an XPath input from an HTTP request](xpath-injection.md): {% callout %} - [User created interactively](xr0-7mh-a47.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1136-create-acco... - [Prevent XSS attacks](xss-protection.md): {% callout %} - [Avoid sending unsanitized user input in response](xss-vulnerability.md): {% callout %} - [Containers should not be run with allowPrivilegeEscalation flag set to true](xt2-taa-c27.md): Classification:complianceFramework:cis-kubernetesControl:5.2.5 - [Critical system binary modified](xt5-0xp-nsj.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1036-masqueradin... - [Potential XXE attack](xxe-injection.md): {% callout %} - [Avoid XXE vulnerabilities](xxe-nokogiri.md): {% callout %} - [Parser should not resolve external entiries](xxe-parser.md): {% callout %} - [Google Compute Engine project metadata SSH key added or modified](xyy-l4x-zf2.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [The Azure PostgreSQL Database Server should use the current major version](y5a-7ta-747.md): Utilizing the most recent major version of PostgreSQL ensures that your systems leverage the latest security enhancem... - [Kubelet server certificate rotation should be enabled](y83-hk2-g3c.md): Classification:complianceFramework:cis-kubernetesControl:4.2.12 - [Jumpcloud admin triggered impossible travel scenario](y9g-1vn-tcd.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [avoid deserializing untrusted YAML](yaml-load.md): {% callout %} - [Run yarn clean after yarn install](yarn-clean.md): {% callout %} - [The default service account should not be used](yc2-j8a-xtk.md): Classification:complianceFramework:cis-kubernetesControl:5.1.5 - [Crypto miner process observed](ydy-xer-rzi.md): Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1496-resource-hijacki... - [CloudTrail logs should be encrypted at rest using KMS CMKs](yg4-3in-tkd.md): AWS CloudTrail records AWS API calls, and configuring it to use AWS Key Management Service (KMS) for server-side encr... - [Incoming system calls should be filtered using enabled Seccomp profiles](yha-436-t3b.md): Classification:complianceFramework:cis-dockerControl:5.21 - [Prefer using then over yield_self](yield-self-to-then.md): {% callout %} - [etcd should use TLS encryption for client connections](yp7-hhy-s2z.md): Classification:complianceFramework:cis-kubernetesControl:1.2.32 - [Azure new owner added for service principal](ypa-4t4-zo4.md): Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-man... - [Spring RCE post-exploitation activity attempted](ypt-ydt-obj.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-... - [Impossible travel observed on IAM User access key](yqe-gyj-js8.md): Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1078-valid-ac... - [Always use -y with yum install](yum-use-y.md): {% callout %} - [Google Cloud IAM Role updated](yvc-dgl-9nb.md): Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1078-va... - [The Kubernetes PKI directory should be owned by root](ywu-bzc-zzf.md): Classification:complianceFramework:cis-kubernetesControl:1.1.19 - [The docker.socket file should be audited, if applicable](yxa-i75-xdr.md): Classification:complianceFramework:cis-dockerControl:1.2.7 - [Password policy should prevent password reuse](z23-f9p-six.md): IAM password policies can prevent the reuse of a given password by the same user. Datadog recommends that the passwor... - [Scheduler profiling should be disabled](z7x-m3r-pb8.md): Classification:complianceFramework:cis-kubernetesControl:1.4.1 - [Azure user viewed CosmosDB connection string](zax-6ov-em2.md): Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1580-cloud-infrast... - [Google Workspace user forwarding email out of non Google Workspace domain](zb7-axd-ee5.md): Classification:attackTactic:[TA0009-collection](https://attack.mitre.org/tactics/TA0009)Technique:[T1114-email-collec... - [Lambda function should use the latest runtime environment version](zbs-gp9-gp2.md): This control ensures that your Amazon Lambda Function is updated to the most recent runtime environment version. Regu... - [An AWS S3 bucket lifecycle policy expiration is set to < 90 days](zhb-369-800.md): Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-... - [>-](zhd-4ik-ifx.md): Classification:complianceFramework:cis-kubernetesControl:4.2.3 - [Virtual machines in Azure should use SSH authentication keys for security](zib-w32-e2z.md): Use SSH authentication keys to secure Linux virtual machines. - [CQL injections attempts](zih-1e3-b12.md): Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-applica... - [IAM password policy should require uppercase characters](ziw-w2v-e6z.md): Password policies are, in part, used to enforce password complexity requirements. Use IAM password policies to ensure... - [Private registry should use TLS encryption for a secure Docker environment](znn-2vq-c2x.md): Classification:complianceFramework:cis-dockerControl:2.4 - [The IPC namespace on the host should remain isolated from containers](zpv-fua-5jx.md): Classification:complianceFramework:cis-dockerControl:5.16 - [The API server should only bind to secure, known ports](zqy-4jm-w98.md): Classification:complianceFramework:cis-kubernetesControl:1.2.19 - [>-](ztr-rnu-ycv.md): Classification:complianceFramework:cis-dockerControl:3.12 - [Network utility executed](zwp-j22-2l2.md): Classification:attackTactic:[TA0011-command-and-control](https://attack.mitre.org/tactics/TA0011)Technique:[T1105-ing... - [Always use -y with zypper install](zypper-use-y.md): {% callout %}