For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/sensitive_data_scanner/setup.md. A documentation index is available at /llms.txt.

Sensitive Data Scanner Setup

Overview

Set up Sensitive Data Scanner for each data source you want to scan. Each source uses its own setup process, so you only need to configure the sources relevant to your needs.

  • Telemetry data: Scan your logs, APM spans, RUM events, and events from Event Management. See Telemetry Data for setup instructions. To scan logs before they leave your network, use the Sensitive Data Scanner processor for Observability Pipelines.
  • Agent Observability data: Scan LLM traces, prompts, and completions. Configure scanning from the Agent Observability Settings page.
  • Cloud storage data: Scan your Amazon S3 buckets. See Cloud Storage for setup instructions.
  • Code repositories: Detect exposed secrets in your source code. See Secret Scanning for setup instructions.
  • AI Guard evaluations: Scan the conversations AI Guard evaluates for sensitive data such as credentials and PII. Configure scanning rules from the AI Guard tab of the Sensitive Data Scanner configuration page.

Further reading