Skip to content

Latest commit

 

History

History
 
 

aqua

README.md

Agent Check: Aqua

Overview

This check monitors Aqua.

The Aqua check alerts the user if total high-severity vulnerability is reached, or if a container is running inside a host not registered by Aqua. Aqua also sends data alerts regarding blocked events in runtime, and it is possible to trigger a webhook to scale infrastructure if more Aqua scanners are required.

Setup

The Aqua check is not included in the Datadog Agent package, so you need to install it.

Installation

For Agent v7.21+ / v6.21+, follow the instructions below to install the Aqua check on your host. See Use Community Integrations to install with the Docker Agent or earlier versions of the Agent.

  1. Run the following command to install the Agent integration:

    datadog-agent integration install -t datadog-aqua==<INTEGRATION_VERSION>

  2. Configure your integration similar to core integrations.

Configuration

Metric collection

  1. Edit the aqua.d/conf.yaml file in the conf.d/ folder at the root of your Agent's configuration directory to start collecting your Aqua metrics. See the sample conf.yaml for all available configuration options.:

    instances:
  - url: http://your-aqua-instance.com
    api_user: "<API_USERNAME>"
    password: "<API_USER_PASSWORD>"

    Change the api_user and password parameter values and configure them for your environment.

  2. Restart the Agent.

Log collection

There are two types of logs generated by Aqua:

  • Aqua audit logs
  • Aqua enforcer logs

To collect Aqua audit logs:

  1. Connect to your Aqua account
  2. Go to the Log Management Section of the Integration Page
  3. Activate the Webhook integration
  4. Enable it and add the following endpoint: {{< region-param key="http_endpoint" code="true" >}}/v1/input/<DATADOG_API_KEY>?ddsource=aqua

For the Aqua Enforcer logs: Available for Agent >6.0

  1. Collecting logs is disabled by default in the Datadog Agent. Enable it in your daemonset configuration:

      # (...)
  env:
    # (...)
    - name: DD_LOGS_ENABLED
        value: "true"
    - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
        value: "true"
  # (...)

    Make sure that the Docker socket is mounted to the Datadog Agent. See the Kubernetes documentation for example manifests.

  2. Restart the Agent.

Validation

Run the Agent's status subcommand and look for aqua under the Checks section.

Data Collected

Metrics

See metadata.csv for a list of metrics provided by this integration.

Events

Aqua does not include any events.

Service Checks

See service_checks.json for a list of service checks provided by this integration.

Troubleshooting

Need help? Contact Datadog support.