diff --git a/content/en/security/_index.md b/content/en/security/_index.md index ee08fed501794..21ade1d7df1f4 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -148,9 +148,9 @@ Datadog [App and API Protection (AAP)][1] provides observability into applicatio [Sensitive Data Scanner][24] can help prevent sensitive data leaks and limit non-compliance risks by discovering, classifying, and optionally redacting sensitive data. It can scan for sensitive data in your telemetry data, such as application logs, APM spans, RUM events, and events from Event Management. It can also scan for sensitive information within your cloud storage resources. -After you [set up Sensitive Data Scanner][25], use the Summary page to see details of sensitive data issues that have been identified, so that you can triage, investigate, and remediate the issues. +After you [set up Sensitive Data Scanner][25], use the Findings page to see details of sensitive data findings that have been identified, so that you can triage, investigate, and remediate the findings. -{{< img src="sensitive_data_scanner/sds_summary_20250203.png" alt="The summary page showing an overview of sensitive issues broken down by priority" style="width:100%;" >}} +{{< img src="sensitive_data_scanner/sds_summary_20250203.png" alt="The summary page showing an overview of sensitive findings broken down by priority" style="width:100%;" >}} ## Further Reading diff --git a/content/en/security/sensitive_data_scanner/_index.md b/content/en/security/sensitive_data_scanner/_index.md index 3bf91639314ab..54f2766a0f0d5 100644 --- a/content/en/security/sensitive_data_scanner/_index.md +++ b/content/en/security/sensitive_data_scanner/_index.md @@ -51,7 +51,7 @@ Sensitive data, such as credit card numbers, API keys, IP addresses, and persona ## Scan telemetry data -{{< img src="sensitive_data_scanner/telemetry_data_issues.png" alt="Five different sensitive issues detected where two have critical priority, one has medium priority, and two are info." style="width:100%;" >}} +{{< img src="sensitive_data_scanner/telemetry_data_issues.png" alt="Five different sensitive findings detected where two have critical priority, one has medium priority, and two are info." style="width:100%;" >}} Sensitive Data Scanner can scan your data [in the cloud](#in-the-cloud) or [within your environment](#in-your-environment). @@ -91,7 +91,7 @@ See [Set Up Pipelines][7] for more information. Scanning support for Amazon S3 buckets and RDS instances is in Limited Availability. To enroll, click Request Access. {{< /callout >}} -{{< img src="sensitive_data_scanner/cloud_storage_issues.png" alt="The Summary page's datastore section with three Amazon S3 issues" style="width:100%;" >}} +{{< img src="sensitive_data_scanner/cloud_storage_issues.png" alt="The Findings page's datastore section with three Amazon S3 findings" style="width:100%;" >}} If you have Sensitive Data Scanner enabled, you can catalog and classify sensitive data in your Amazon S3 buckets and RDS instances. **Note**: Sensitive Data Scanner does not redact sensitive data in your cloud storage resources. @@ -103,25 +103,25 @@ Along with displaying sensitive data matches, Sensitive Data Scanner surfaces an See [Set up Sensitive Data Scanner for Cloud Storage][12] for setup details. -## Investigate sensitive data issues +## Investigate sensitive data findings -{{< img src="sensitive_data_scanner/sds_summary_20250203.png" alt="The summary page showing an overview of sensitive issues broken down by priority" style="width:100%;" >}} +{{< img src="sensitive_data_scanner/findings_20251014.png" alt="The Findings page showing an overview of sensitive findings broken down by priority" style="width:100%;" >}} -Use the [Summary page][13] to see details of sensitive data issues identified by your scanning rules. These details include: +Use the [Findings page][13] to see details of sensitive data findings identified by your scanning rules. These details include: - The specific scanning rule that detected the matches, so that you can determine which rules to modify as needed. -- The scanning group in which the issue has occurred, so that you can determine the blast radius of any leaks. -- The number of events associated with the issue to help you gauge its scope and severity. -- A graph of the events associated with the issue to help you pinpoint when an issue started and see how it has progressed. -- Related cases created for the issue. +- The scanning group in which the finding has occurred, so that you can determine the blast radius of any leaks. +- The number of events associated with the finding to help you gauge its scope and severity. +- A graph of the events associated with the finding to help you pinpoint when a finding started and see how it has progressed. +- Related cases created for the finding. -See [Investigate Sensitive Data Issues][14] for more information on how to use the Summary page to triage your sensitive data issues. +See [Investigate Sensitive Data Findings][14] for more information on triaging sensitive data using the Findings page. ## Review sensitive data trends {{Sensitive Data Scanner Overview dashboard}} -When Sensitive Data Scanner is enabled, an [out-of-the-box dashboard][15] summarizing sensitive data issues is automatically installed in your account. To access this dashboard, navigate to **Dashboards** > **Dashboards List** and search for "Sensitive Data Scanner Overview". +When Sensitive Data Scanner is enabled, an [out-of-the-box dashboard][15] summarizing sensitive data findings is automatically installed in your account. To access this dashboard, navigate to **Dashboards** > **Dashboards List** and search for "Sensitive Data Scanner Overview". ## Further reading @@ -140,7 +140,7 @@ When Sensitive Data Scanner is enabled, an [out-of-the-box dashboard][15] summar [11]: /security/cloud_security_management [12]: /security/sensitive_data_scanner/setup/cloud_storage/ [13]: https://app.datadoghq.com/organization-settings/sensitive-data-scanner -[14]: /security/sensitive_data_scanner/guide/investigate_sensitive_data_issues/ +[14]: /security/sensitive_data_scanner/guide/investigate_sensitive_data_findings/ [15]: https://app.datadoghq.com/dash/integration/sensitive_data_scanner [16]: /security/sensitive_data_scanner/setup/telemetry_data/?tab=logs#mask-action [17]: /security/sensitive_data_scanner/scanning_rules/ \ No newline at end of file diff --git a/content/en/security/sensitive_data_scanner/guide/_index.md b/content/en/security/sensitive_data_scanner/guide/_index.md index 786e4dcd9f068..3e93a09a04340 100644 --- a/content/en/security/sensitive_data_scanner/guide/_index.md +++ b/content/en/security/sensitive_data_scanner/guide/_index.md @@ -6,7 +6,7 @@ aliases: --- {{< whatsnext desc="Guides:" >}} - {{< nextlink href="security/sensitive_data_scanner/guide/investigate_sensitive_data_issues" >}}Investigate Sensitive Data Issues{{< /nextlink >}} + {{< nextlink href="security/sensitive_data_scanner/guide/investigate_sensitive_data_findings" >}}Investigate Sensitive Data Findings{{< /nextlink >}} {{< nextlink href="security/sensitive_data_scanner/guide/best_practices_for_creating_custom_rules" >}}Best Practices for Creating Custom Rules{{< /nextlink >}} {{< nextlink href="security/sensitive_data_scanner/guide/redact_all_emails_except_from_specific_domain_logs" >}}Redact all emails except ones from a specific domain in your logs{{< /nextlink >}} {{< nextlink href="security/sensitive_data_scanner/guide/redact_uuids_in_logs" >}}Redact Universal Unique IDs (UUIDs) in your logs{{< /nextlink >}} diff --git a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_findings.md similarity index 63% rename from content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md rename to content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_findings.md index f2a623dff0e86..bb0e443f3d27f 100644 --- a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md +++ b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_findings.md @@ -1,8 +1,9 @@ --- -title: Investigate Sensitive Data Issues +title: Investigate Sensitive Data Findings aliases: - /sensitive_data_scanner/investigate_sensitive_data_issues/ - /sensitive_data_scanner/guide/investigate_sensitive_data_issues/ + - /security/sensitive_data_scanner/guide/investigate_sensitive_data_issues/ further_reading: - link: "sensitive_data_scanner/setup/telemetry_data/" tag: "Documentation" @@ -17,49 +18,49 @@ further_reading: ## Overview -Datadog's Sensitive Data Scanner can help prevent sensitive data leaks and limit non-compliance risks by identifying, classifying, and optionally redacting sensitive data. When a sensitive data issue is found, you might have the following questions: +Datadog's Sensitive Data Scanner can help prevent sensitive data leaks and limit non-compliance risks by identifying, classifying, and optionally redacting sensitive data. When a sensitive data finding is found, you might have the following questions: - What sensitive data has been exposed? - What is the priority of the sensitive data exposure? -- How severe is the issue in terms of spread and volume? +- How severe is the finding in terms of spread and volume? - Where did the sensitive data come from? -The Sensitive Data Scanner's [Summary][1] page categorizes and prioritizes sensitive data issues so that you can investigate, collaborate, and document your findings, and answer those questions. +The Sensitive Data Scanner's [Findings][1] page categorizes and prioritizes sensitive data findings so that you can investigate, collaborate, and document your findings, and answer those questions. -{{< img src="sensitive_data_scanner/sds_summary_20250203.png" alt="The summary page showing an overview of sensitive issues broken down by priority" style="width:100%;" >}} +{{< img src="sensitive_data_scanner/findings_20251014.png" alt="The Findings page showing an overview of sensitive findings broken down by priority" style="width:100%;" >}} -## Triage sensitive data issues +## Triage sensitive data findings -Navigate to the [Summary][1] page to see all sensitive data issues within the selected time frame and start investigating issues. +Navigate to the [Findings][1] page to see all sensitive data findings within the selected time frame and start investigating them. {{< tabs >}} {{% tab "Telemetry Data" %}} -In the **Sensitive Data Issues** section, filter by a priority level to see only issues with that priority level in the **Issues Overview** section. In the **Cases** section, filter by a case status to see issues associated to cases with that status in the **Issues Overview** section. +In the **Sensitive Data Rule Findings** tab, you can filter your sensitive data findings by priority status, case status, and domain. -To investigate an issue: +To investigate a finding: -1. Click on the issue in the **Issues Overview**. -2. In the issue panel, click **View Recent Changes** to navigate to [Audit Trail][3] and see if there are any recent configuration changes that caused the sensitive data issue. +1. Click on the finding in the list. +2. In the finding panel, click **View Recent Changes** to navigate to [Audit Trail][3] and see if there are any recent configuration changes that caused the sensitive data finding. 3. Use the following options to explore different types of data matching the query: a. To view all logs related to the query in Log Explorer, click **View All Logs**.
b. To view all traces matching the query in Trace Explorer, click **View All APM Spans**.
c. To view all RUM events matching the query, click **View All RUM Events**.
d. To view all events matching the query, click **View All Events**. - {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/issues_panel_02_01_2024.png" alt="The issues panel showing a critical visa card scanner issue" style="width:50%;">}} + {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/findings_panel_20251015.png" alt="The findings panel showing a critical visa card scanner finding" style="width:50%;">}} 4. In the **Blast Radius** section:
- a. View the Top 10 services, hosts, and environments impacted by this sensitive data issue.
+ a. View the Top 10 services, hosts, and environments impacted by this sensitive data findings.
b. Click on a service to see more information about the service in the **Software Catalog**.
c. Click on a host to see more information about the host in the Infrastructure List page. - {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/blast_radius_02_01_2024.png" alt="The issues panel showing the top 10 impacted services" style="width:50%;">}} -If you want to modify the Scanning Rule that was used to detect the sensitive data issue, click **Modify Rule** at the top of the panel. + {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/blast_radius_02_01_2024.png" alt="The findings panel showing the top 10 impacted services" style="width:50%;">}} +If you want to modify the Scanning Rule that was used to detect the sensitive data finding, click **Modify Rule** at the top of the panel. Additionally, you can also: -- Use [Case Management][1] to track, triage, and investigate the issue, click **Create Case** at the top of the panel. Associated cases are surfaced in the Summary page. -- Use [Incident Management][2] to create an incident, you can add the issue to an existing incident or declare a new incident. Click the **Declare Incident** dropdown menu to add the issue to an existing incident. Click **Declare Incident** to declare a new incident. +- Use [Case Management][1] to track, triage, and investigate the finding, click **Create Case** at the top of the panel. Associated cases are surfaced in the Findings page. +- Use [Incident Management][2] to create an incident, you can add the finding to an existing incident or declare a new incident. Click the **Declare Incident** dropdown menu to add the finding to an existing incident. Click **Declare Incident** to declare a new incident. - Use [Audit Trail][3] to see who may have accessed this sensitive data within Datadog, **View in Audit Trail** in the **Users who accessed these events** section. -{{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/case_mgmt_02_01_2024.png" alt="The case page showing information about the security issue, the assignee and creator of the case, and a timeline of events" style="width:60%;">}} +{{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/case_mgmt_02_01_2024.png" alt="The case page showing information about the security finding, the assignee and creator of the case, and a timeline of events" style="width:60%;">}} [1]: /service_management/case_management/ [2]: /service_management/incident_management/ @@ -68,9 +69,7 @@ Additionally, you can also: {{% /tab %}} {{% tab "Cloud Storage" %}} -Click the **Datastores with Sensitive Data** tab to see all sensitive data issues for Cloud Storage. - -In the **xxx Datastores with Sensitive section**, click on any of the dropdown menus to filter on datastores based on the type of sensitive data, account, region, team and so on. +Click the **Datastores with Sensitive Data** tab to see all sensitive data findings for Cloud Storage. To investigate a datastore: @@ -86,12 +85,12 @@ To investigate a datastore: 1. In the **Next Steps** section: 1. Under **Triage**, click the dropdown to change the triage status of the signal. The default status is `OPEN`. 1. Click **Assign Signal** to assign a signal to yourself or another Datadog user. - 1. Click **See remediation** to see more information on how to remediate the issue. + 1. Click **See remediation** to see more information on how to remediate the finding. 1. Under **More Actions**, you can add a Jira issue, run workflows, or add a comment. To run a workflow, select **Run Workflow** and then in the workflow browser, search and select a workflow to run. See [Automate Security Workflows with Workflow Automation][1] for more information. - 1. Click on the different tabs to see the severity breakdown, related logs, and timeline of the issue. + 1. Click on the different tabs to see the severity breakdown, related logs, and timeline of the finding. - {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/datastore_side_panel.png" alt="The datastore issue side panel showing the S3 buckets should have Block Public Access enabled misconfiguration" style="width:90%;">}} + {{< img src="sensitive_data_scanner/investigate_sensitive_data_issues/datastore_side_panel.png" alt="The datastore finding side panel showing the S3 buckets should have Block Public Access enabled misconfiguration" style="width:90%;">}} [1]: /security/cloud_security_management/review_remediate/workflows/ @@ -102,5 +101,5 @@ To investigate a datastore: {{< partial name="whats-next/whats-next.html" >}} -[1]: https://app.datadoghq.com/organization-settings/sensitive-data-scanner/summary +[1]: https://app.datadoghq.com/sensitive-data-scanner/telemetry diff --git a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md index 0b78710663c19..22c58a8685d31 100644 --- a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md +++ b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md @@ -22,7 +22,7 @@ Deploy Datadog Agentless scanners in your environment to scan for sensitive info When an Agentless scanner finds a match with any of the [SDS library rules][2], the scanning instance sends the rule type and location of the match to Datadog. **Note**: Cloud storage resources and their files are only read in your environment - no sensitive data that was scanned is sent back to Datadog. -In the Sensitive Data Scanner [Summary page][3], you can see what cloud storage resources have been scanned and any matches found, including the rules that matched them. +In the Sensitive Data Scanner [Findings page][3], you can see what cloud storage resources have been scanned and any matches found, including the rules that matched them. This document walks you through: - [Enabling Remote Configuration](#enable-remote-configuration) to use Sensitive Data Scanner for Cloud Storage diff --git a/content/en/security/sensitive_data_scanner/setup/telemetry_data.md b/content/en/security/sensitive_data_scanner/setup/telemetry_data.md index af9416475d691..cad54699b6c56 100644 --- a/content/en/security/sensitive_data_scanner/setup/telemetry_data.md +++ b/content/en/security/sensitive_data_scanner/setup/telemetry_data.md @@ -148,7 +148,7 @@ You can create custom scanning rules using regex patterns to scan for sensitive - After rules are added, ensure that the toggles for your scanning groups are enabled to begin scanning. - When you add rules to a scanning group with sampling enabled, you will not be able to select the **redact**, **partially redact**, or **hash** actions. For complete obfuscation, disable sampling in your scanning group settings. -See [Investigate Sensitive Data Issues][7] for details on how to use the [Summary][8] page to triage your sensitive data issues. +See [Investigate Sensitive Data Findings][7] for details on triaging sensitive data using the [Findings][8] page. #### Excluded namespaces @@ -311,8 +311,8 @@ To turn off Sensitive Data Scanner entirely, set the toggle to **off** for each [4]: https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/sensitive_data_scanner_group [5]: https://app.datadoghq.com/organization-settings/sensitive-data-scanner/configuration [6]: https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/sensitive_data_scanner_rule -[7]: /security/sensitive_data_scanner/guide/investigate_sensitive_data_issues/ -[8]: https://app.datadoghq.com/organization-settings/sensitive-data-scanner/summary +[7]: /security/sensitive_data_scanner/guide/investigate_sensitive_data_findings/ +[8]: https://app.datadoghq.com/sensitive-data-scanner/telemetry [9]: /logs/guide/logs-rbac/ [10]: /logs/log_configuration/processors/?tab=ui#remapper [11]: https://app.datadoghq.com/logs/pipelines diff --git a/static/images/sensitive_data_scanner/findings_20251014.png b/static/images/sensitive_data_scanner/findings_20251014.png new file mode 100644 index 0000000000000..175b056a10d14 Binary files /dev/null and b/static/images/sensitive_data_scanner/findings_20251014.png differ diff --git a/static/images/sensitive_data_scanner/investigate_sensitive_data_issues/findings_panel_20251015.png b/static/images/sensitive_data_scanner/investigate_sensitive_data_issues/findings_panel_20251015.png new file mode 100644 index 0000000000000..7ab2c30cb3bb5 Binary files /dev/null and b/static/images/sensitive_data_scanner/investigate_sensitive_data_issues/findings_panel_20251015.png differ