Onboard a Datadog App to SSPM
Table of Contents
Onboard a Datadog App to SSPM
Connect a Datadog instance to SSPM to detect posture
risks.
For SSPM to detect posture risks in your Datadog instance, you must onboard your Datadog instance
to SSPM. Through the onboarding process, SSPM connects to a Datadog API and, through
the API, scans your Datadog instance for misconfigured settings. If there are
misconfigured settings, SSPM suggests a remediation action based on best
practices.
SSPM gets access to your Datadog instance through an API access key. During the onboarding
process, SSPM prompts you for the API access key and related information for your
Datadog instance.
To onboard your Datadog instance, you complete the following actions:
Collect Information for Accessing Your Datadog Instance
To access your Datadog instance, SSPM requires
the following information, which you will specify during the onboarding process.
| Item | Description |
|---|---|
| Region | Datadog manages a number of independent sites in separate geographic areas around the world. Because these sites are separate from each other, you must specify which regional Datadog site you are using. |
| API Key | A generated character string that uniquely identifies your organization to the Datadog API. SSPM requires this API key to authenticate to the Datadog API. |
| Application Key | A generated character string that the Datadog API uses to determine the access permissions of a calling application. The application key is associated with the administrator who generates the key. |
As you complete the following steps, make note
of the values of the items described in the preceding table. You
will need to enter these values during onboarding to access your
Datadog instance from SSPM.
- Identify the Datadog administrator account that will generate the API Key and Application Key.Required Permissions: To generate the necessary keys, the administrator must have the Datadog Admin role with the following permissions:
- Org Management
- User App Keys
- API Keys Read
- API Keys Write
Identify your Datadog region.- Open a web browser and go to the Datadog login page that you use to access your Datadog instance.
- Make a note of the regional Datadog site that your organization is
using. The Datadog login page shows your regional Datadog site. You
can also determine your regional Datadog site from the site URL. Use
the following table to determine your region based on the site URL.
URL Region https://app.datadoghq.com US1 https://us3.datadoghq.com US3 https://us5.datadoghq.com US5 https://app.datadoghq.eu EU1 https://app.ddog-gov.com US1-FED Do not continue to the next step unless you have recorded the region information. You must provide this information to SSPM during the onboarding process.
Log in to the administrator account.Generate an API key for your organization.- Click your Datadog account icon in the top-right corner, and select Organization Settings.
- On the Organization Settings page, select API
Keys.
![]()
- On the API Keys page, click New Key.
- In the New API Key dialog, enter a name for the key and click
Create Key. Datadog generates and displays your new key.
- Copy Key and paste the key into a text file. Do not continue to the next step unless you have copied the API Key. You must provide this key to SSPM during the onboarding process.
Generate an Application key to grant SSPM access permissions.- On the Organization Settings page, select Application
Keys.
![]()
- On the Application Keys page, click New Key.
- In the New Key dialog, enter a name for the key and click
Create Key. Datadog generates and displays your new key.
- Copy Key and paste the key into a text file. Do not continue to the next step unless you have copied the Application Key. You must provide this key to SSPM during the onboarding process.
Connect SSPM to Your Datadog Instance
By adding a Datadog app in SSPM, you enable SSPM to connect to your Datadog instance.- From the Add Application Page ( ), click the Datadog tile.Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.Enter the API Key, Application Key, and Region information for your Datadog instance and Connect.
