Skip to content

The 28 Datadog security checks Black Cat runs

Black Cat SSPM evaluates 28 security policies against your Datadog configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highSSO Disabled

Enable SAML SSO in Datadog organization settings

highSSO Not Enforced

Enable SAML strict mode to require SSO for all users

highAdmin Redundancy

Assign the Datadog Admin role to at least two users for redundancy

mediumExcessive Admins

Reduce the number of admin users to limit blast radius of compromised accounts

highExternal Admin

Remove admin privileges from users outside the organization's email domain

mediumUnverified User

Ensure all active users have completed email verification or re-send the invitation

lowDisabled User Present

Remove disabled users from the organization directory to reduce attack surface

lowExternal User Access

Review and justify external user accounts or remove those no longer required

mediumDashboard Permissions Open

Restrict dashboard access by limiting edit permissions to specific roles

lowDashboard Read-Only Without Role Restriction

Add role-based restrictions to read-only dashboards that may contain sensitive data

highExternal Admin Service Account

Remove admin privileges from service accounts with external email domains

highService Account Admin Privileges

Remove admin privileges from service accounts and assign a least-privilege role

lowService Account Custom Role

Review service account custom roles and replace with least-privilege built-in roles where possible

lowApplication Key Write Scopes

Restrict application key scopes to read-only permissions where write access is not required

mediumApplication Key Has No Scopes

Add explicit scopes to application keys to prevent implicit full-permission inheritance from the key owner

mediumExternal Service Account

Review and justify external service accounts or remove those no longer required

criticalAdmin User Not Verified

Ensure admin users complete email verification or remove unverified admin accounts

mediumDisabled Admin User

Remove the admin role from disabled users or delete the account entirely

mediumApplication Key Excessive Scopes

Reduce application key scopes to the minimum required set

highAPI Key Critical Age

Immediately rotate API keys older than two years

audit

highAudit Logging Disabled

Enable Audit Trail to capture user activity and configuration changes

mediumAudit Log Retention Period

Increase audit log retention to at least 90 days

highAudit Retention Below Critical Threshold

Increase audit log retention to at least 30 days to meet the minimum regulatory floor

data leakage

highDashboard Public Sharing

Disable public dashboard widget sharing at the organization level

mediumDashboard Public URL

Revoke the public URL for the flagged dashboard to prevent unauthenticated access

key management

lowUnused API Key

Revoke or rotate API keys that have not been used recently

mediumAPI Key Exceeds Maximum Age

Rotate API keys older than 365 days to reduce the risk of long-lived credential exposure

sharing

highDashboard Publicly Shared and Writable

Set publicly shared dashboards to read-only or revoke the public URL

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial