Monitor Twistlock With Datadog | Datadog

Monitor Twistlock with Datadog

Author Paul Gottschling

Published: 4月 22, 2019

Twistlock is a platform for managing security and compliance within various environments, including virtual machines, containers, and serverless functions. Ensuring legal and technical security is just as valuable as preventing outages and errors, which is why Datadog is delighted to announce a new integration with Twistlock. With this integration, you can track security and compliance risks within the same platform as the metrics, traces, and logs you already collect with Datadog.

Datadog's out-of-the-box dashboard for Twistlock gives you an overview of vulnerabilities for hosts and container images.
Datadog's out-of-the-box dashboard for Twistlock gives you an overview of vulnerabilities for hosts and container images.

How Twistlock works

Twistlock scans your system for common vulnerabilities and exposures (CVEs) as well as for compliance with external standards and in-house policies. You can then prevent vulnerable applications from reaching production by making CI deployments contingent on passing Twistlock scans. Twistlock can also use machine learning to build a model of typical application behavior and prevent anomalous activity.

Monitor security and compliance risks in context

Knowing which security risks affect your system is the first step toward addressing them. Datadog’s Twistlock integration comes with an out-of-the-box dashboard that shows you the number of vulnerable hosts and container images over time, as well as lists of CVEs, letting you know where your environment is weakest and where to prioritize your security efforts.

The integration allows you to track CVEs by container image (both in a registry and on your system) and host, and compliance risks by container image, host, and container. Twistlock data is tagged by severity, making it possible to focus on the level of risk that matters to your system.

You can then create custom dashboards that display Twistlock metrics alongside metrics, traces, and logs from other integrations, giving you visibility into the health, performance, and security of your system. The custom Twistlock dashboard below shows a summary of CVEs by severity and by container image. Next to these, a container map visualizes each container in your environment. Since the container map is grouped by Docker image, you can compare it to the list of CVEs and understand which parts of your system are vulnerable.


Stay abreast of vulnerability status

Twistlock publishes logs to report new CVEs and CVE fixes, and you can use these to stay abreast of changes in vulnerability status. Datadog enriches your Twistlock logs with attributes automatically (using a built-in log-processing pipeline), letting you analyze trends in your vulnerabilities over time and filter logs to CVEs that impact specific parts of your infrastructure.

Datadog automatically enriches your Twistlock logs with attributes.
Datadog automatically enriches your Twistlock logs with attributes.

For example, you can filter logs to only those containing “fixed” or “open” vulnerabilities, and group the count of these logs by affected image name (as shown below). This lets you know which images to upgrade or downgrade to keep your system safe.


Know when you miss a scan

Datadog checks the last time a scan has taken place and, depending on the interval since the scan, returns a warning or critical status. You can set alerts to notify you that Twistlock has failed to carry out a scan when expected, allowing you to correct any misconfigurations as soon as possible.


Security meets observability

Now that Datadog integrates with Twistlock, you can monitor the security, health, and performance of your applications and infrastructure, all in one place. If you haven’t given Datadog a try, see how you can get metrics, traces, and logs from over 700 vendor-supported integrations with a .

We wish to thank the Twistlock team for their review of this post.