diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index 20fd05efda0ac..5b9c45d180510 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -155,12 +155,12 @@ menu: url: getting_started/security/ parent: getting_started weight: 17 - - name: Application Security Management + - name: App and API Protection identifier: getting_started_application_security url: getting_started/security/application_security parent: getting_started_security weight: 1701 - - name: Cloud Security Management + - name: Cloud Security identifier: getting_started_cloud_security_management url: getting_started/security/cloud_security_management/ parent: getting_started_security @@ -2034,7 +2034,7 @@ menu: parent: software_catalog_use_cases identifier: software_catalog_use_cases_cloud_cost_management weight: 402 - - name: Application Security Management + - name: App and API Protection url: software_catalog/use_cases/appsec_management parent: software_catalog_use_cases identifier: software_catalog_use_cases_appsec_management @@ -6132,7 +6132,7 @@ menu: parent: cloud_siem identifier: siem_guides weight: 10 - - name: Cloud Security Management + - name: Cloud Security url: security/cloud_security_management parent: security_platform_heading pre: cloud-security-management @@ -6203,7 +6203,7 @@ menu: parent: csm_setup identifier: csm_setup_cloud_integrations weight: 107 - - name: Threats + - name: Workload Protection url: security/threats/ parent: csm identifier: cloud_workload_security @@ -6358,7 +6358,7 @@ menu: parent: csm_troubleshooting identifier: csm_troubleshooting_vulnerabilities weight: 1202 - - name: Application Security Management + - name: App and API Protection url: security/application_security/ parent: security_platform_heading pre: app-sec diff --git a/content/en/account_management/audit_trail/events.md b/content/en/account_management/audit_trail/events.md index 7605cf86d29f3..27d2ed5d41a43 100644 --- a/content/en/account_management/audit_trail/events.md +++ b/content/en/account_management/audit_trail/events.md @@ -29,7 +29,7 @@ further_reading: #### Product-Specific Events - [App Builder](#app-builder-events) - [Application Performance Monitoring (APM)](#application-performance-monitoring-apm-events) -- [Application Security Management (ASM)](#application-security-management) +- [App and API Protection (AAP)](#app-and-api-protection) - [Audit Trail](#audit-trail-events) - [CI Visibility](#ci-visibility-events) - [Quality Gates](#quality-gates-events) @@ -111,7 +111,7 @@ See the [Audit Trail documentation][2] for more information on setting up and co | [Sampling rates remotely configured][27] | A user remotely configured the APM sampling rates. | `@evt.name:APM @asset.type:samplerconfig` | | [Saved view][112] | A user created, modified, or deleted a saved view. | `@evt.name:APM @action:(created OR modified OR deleted) @asset.type:saved_view` | -### Application Security Management +### App and API Protection {{% audit-trail-asm %}} diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index bdc0c748f2b62..4bc0a47b4a908 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Cloud Security Management (CSM) | N/A | Sum | +| Cloud Security Enterprise Containers | Cloud Security | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | @@ -150,7 +150,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | APM Ingested Spans | APM, APM Pro, APM Enterprise
Serverless APM, Legacy - Serverless Invocations
Legacy - Serverless Functions
Fargate Task (APM Pro), Fargate Task (APM Enterprise) | Sum | Sum | | DBM Normalized Queries | Database Monitoring (DBM) | Average | Average | | Data Streams Monitoring | APM Pro, APM Enterprise | HWMP | Sum | -| CSPM Workflow Executions | Cloud Security Management Pro, Cloud Security Management Enterprise | Sum | Sum | +| CSPM Workflow Executions | Cloud Security Pro, Cloud Security Enterprise | Sum | Sum | | Fargate Task (Continuous Profiler) | Fargate Task (APM Enterprise) | Average | N/A | [1]: https://www.datadoghq.com/pricing/list/ diff --git a/content/en/account_management/billing/usage_metrics.md b/content/en/account_management/billing/usage_metrics.md index 6000952bcc54f..8fe17051f1cf2 100644 --- a/content/en/account_management/billing/usage_metrics.md +++ b/content/en/account_management/billing/usage_metrics.md @@ -56,8 +56,8 @@ Estimated usage metrics are generally available for the following usage types: | CWS Hosts | `datadog.estimated_usage.cws.hosts`, `datadog.estimated_usage.cws.hosts.by_tag` | Unique CWS hosts seen in the last hour. | | CWS Containers | `datadog.estimated_usage.cws.containers`, `datadog.estimated_usage.cws.containers.by_tag` | Unique CWS containers seen in the last 5 minutes. | | Database Hosts | `datadog.estimated_usage.dbm.hosts`, `datadog.estimated_usage.dbm.hosts.by_tag` | Unique DBM hosts seen in the last hour. | -| ASM Hosts | `datadog.estimated_usage.asm.hosts`, `datadog.estimated_usage.asm.hosts.by_tag` | Unique ASM hosts seen in the last hour. | -| ASM Tasks | `datadog.estimated_usage.asm.tasks`, `datadog.estimated_usage.asm.tasks.by_tag` | Unique ASM Fargate Tasks seen in the last 5 minutes. | +| AAP Hosts | `datadog.estimated_usage.asm.hosts`, `datadog.estimated_usage.asm.hosts.by_tag` | Unique AAP hosts seen in the last hour. | +| AAP Tasks | `datadog.estimated_usage.asm.tasks`, `datadog.estimated_usage.asm.tasks.by_tag` | Unique AAP Fargate Tasks seen in the last 5 minutes. | | Incident Management (Active Users) | `datadog.estimated_usage.incident_management.active_users` | Active IM users seen from (calendar) month-to-date. | | CI Visibility Pipeline Committers | `datadog.estimated_usage.ci_visibility.pipeline.committers` | Pipeline committers seen from (calendar) month-to-date. | | CI Visibility Test Committers | `datadog.estimated_usage.ci_visibility.test.committers` | Test committers seen from (calendar) month-to-date. | diff --git a/content/en/agent/configuration/dual-shipping.md b/content/en/agent/configuration/dual-shipping.md index 61655031be72a..165cca63a7f81 100644 --- a/content/en/agent/configuration/dual-shipping.md +++ b/content/en/agent/configuration/dual-shipping.md @@ -361,7 +361,7 @@ DD_NETWORK_PATH_FORWARDER_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", \"Ho {{% agent-dual-shipping %}} -## Cloud Security Management Misconfigurations +## Cloud Security Misconfigurations ### YAML configuration @@ -386,7 +386,7 @@ DD_COMPLIANCE_CONFIG_ENDPOINTS_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", {{% agent-dual-shipping %}} -## Cloud Security Management Threats +## Workload Protection ### YAML configuration In `datadog.yaml`: diff --git a/content/en/agent/remote_config/_index.md b/content/en/agent/remote_config/_index.md index 323f456b7f2ac..441c74b2927b4 100644 --- a/content/en/agent/remote_config/_index.md +++ b/content/en/agent/remote_config/_index.md @@ -12,7 +12,7 @@ further_reading: text: "Dynamic Instrumentation" - link: "/security/threats/setup" tag: "Documentation" - text: "Setting Up CSM Threats" + text: "Setting Up Workload Protection" - link: "https://www.datadoghq.com/blog/compliance-governance-transparency-with-datadog-audit-trail/" tag: "Blog" text: "Using Datadog Audit Trail" @@ -30,7 +30,7 @@ algolia: ## Overview Remote Configuration is a Datadog capability that allows you to remotely configure and change the behavior of Datadog components (for example, Agents, tracing libraries, and Observability Pipelines Worker) deployed in your infrastructure, for select product features. Use Remote Configuration to apply configurations to Datadog components in your environment on demand, decreasing management costs, reducing friction between teams, and accelerating issue resolution times. -For Datadog security products, Application Security Management and Cloud Security Management Threats (CSM Threats), Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. +For Datadog security products, App and API Protection and Workload Protection, Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. ## How it works When Remote Configuration is enabled on the Datadog Agent, it periodically polls the configured [Datadog site][1], to determine whether there are configuration changes to apply to your Remote Configuration-enabled Agents or tracing libraries. @@ -68,11 +68,11 @@ The following products and features are supported with Remote Configuration: ### Fleet Automation **[Send flares][27] directly from the Datadog site**. Seamlessly troubleshoot the Datadog Agent without directly accessing the host. -### Application Security Management (ASM) +### App and API Protection (AAP) -- **1-click ASM activation**: Enable ASM in 1-click from the Datadog UI. +- **1-click AAP activation**: Enable AAP in 1-click from the Datadog UI. - **In-App attack patterns updates**: Receive the newest Web Application Firewall (WAF) attack patterns automatically as Datadog releases them, following newly disclosed vulnerabilities or attack vectors. -- **Protect**: Block attackers' IPs, authenticated users, and suspicious requests that are flagged in ASM Security Signals and Traces temporarily or permanently through the Datadog UI. +- **Protect**: Block attackers' IPs, authenticated users, and suspicious requests that are flagged in AAP Security Signals and Traces temporarily or permanently through the Datadog UI. ### Application Performance Monitoring (APM) @@ -84,9 +84,9 @@ The following products and features are supported with Remote Configuration: - Send critical metrics, traces, and logs from your live applications with no code changes. -### CSM Threats +### Workload Protection -- **Automatic default Agent rule updates**: Automatically receive and update the default Agent rules maintained by Datadog as new Agent detections and enhancements are released. See [Setting Up CSM Threats][3] for more information. +- **Automatic default Agent rule updates**: Automatically receive and update the default Agent rules maintained by Datadog as new Agent detections and enhancements are released. See [Setting Up Workload Protection][3] for more information. - **Automatic deployment of custom Agent rules**: Automatically deploy your custom Agent rules to designated hosts (all hosts or a defined subset of hosts). ### Observability Pipelines @@ -113,7 +113,7 @@ Datadog implements the following safeguards to protect the confidentiality, inte ### Prerequisites - Datadog Agent version `7.41.1` (`7.42.0` for APM sampling rate, `7.43.0` for APM Remote Instrumentation) or higher installed on your hosts or containers. -- For Datadog products that use tracing libraries, you also need to upgrade your tracing libraries to a Remote Configuration-compatible version. For ASM Protection capabilities and ASM 1-click activation, see [ASM compatibility requirements][6]. For Dynamic Instrumentation, see [Dynamic Instrumentation prerequisites][20]. +- For Datadog products that use tracing libraries, you also need to upgrade your tracing libraries to a Remote Configuration-compatible version. For AAP Protection capabilities and AAP 1-click activation, see [AAP compatibility requirements][6]. For Dynamic Instrumentation, see [Dynamic Instrumentation prerequisites][20]. ### Setup @@ -174,10 +174,10 @@ To enable Remote Configuration: 6. Restart your Agent for the changes to take effect. After you perform these steps, your Agent requests its configuration from Datadog, and the features that use remote configuration are enabled: -- [CSM Threats default agent rules][9] update automatically as released. +- [Workload Protection default Agent rules][9] update automatically as released. - [APM Agent-level sampling rates][10] are applied. - [Dynamic Instrumentation][11] is enabled. -- [ASM 1-Click enablement, IP blocking, and attack pattern updates][12] are enabled. +- [AAP 1-Click enablement, IP blocking, and attack pattern updates][12] are enabled. ## Best practices diff --git a/content/en/all_guides.md b/content/en/all_guides.md index dcc8093de201a..e7fa4fc2339af 100644 --- a/content/en/all_guides.md +++ b/content/en/all_guides.md @@ -44,8 +44,8 @@ Guides in the Datadog documentation are pages that provide background knowledge, {{< whatsnext desc="Security:">}} {{< nextlink href="/security/cloud_siem/guide" >}}    Cloud SIEM{{< /nextlink >}} -{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security Management{{< /nextlink >}} -{{< nextlink href="/security/application_security/guide" >}}    Application Security Management{{< /nextlink >}} +{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security{{< /nextlink >}} +{{< nextlink href="/security/application_security/guide" >}}    App and API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Digital Experience:">}} diff --git a/content/en/containers/kubernetes/installation.md b/content/en/containers/kubernetes/installation.md index 3faaf564f6c99..94f5e222a6fe8 100644 --- a/content/en/containers/kubernetes/installation.md +++ b/content/en/containers/kubernetes/installation.md @@ -293,7 +293,7 @@ helm uninstall datadog-agent ### Monitor your infrastructure in Datadog Use the [Containers][13] page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see [Containers View][14]. -Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security Management][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. +Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security][19]. For information on how to use the Container Images page, see the [Containers Images View][20]. The [Kubernetes][21] section features an overview of all your Kubernetes resources. [Orchestrator Explorer][22] allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The [Resource Utilization][23] page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see [Orchestrator Explorer][24] and [Kubernetes Resource Utilization][25]. diff --git a/content/en/data_security/_index.md b/content/en/data_security/_index.md index bb276d720c66f..9bfd659dcecfc 100644 --- a/content/en/data_security/_index.md +++ b/content/en/data_security/_index.md @@ -86,7 +86,7 @@ The Datadog tracing libraries are used to instrument your applications, services - Application Performance Monitoring (APM) - Continuous Profiler - CI Visibility -- Application Security Management +- App and API Protection For detailed information about how tracing-library sourced data is managed, default basic security settings, and custom obfuscating, scrubbing, excluding, and modifying of trace-related elements, read [Configuring Agent and Tracer for trace data security][18]. diff --git a/content/en/data_security/data_retention_periods.md b/content/en/data_security/data_retention_periods.md index 80c6999f6a245..579ea09a5c35b 100644 --- a/content/en/data_security/data_retention_periods.md +++ b/content/en/data_security/data_retention_periods.md @@ -18,7 +18,7 @@ attributes: - **Indexed spans**: 15 or 30 days, determined by customer plan - **Services/resources statistics**: 30 days - **Viewed traces**: 15 months - - product: Application Security Management + - product: App and API Protection data_type: | - **Security signals**: 15 months - **Spans**: 90 days @@ -40,14 +40,14 @@ attributes: - product: Cloud Cost Management data_type: | - **Recommendations**: 90 days - - product: Cloud Security Management + - product: Cloud Security data_type: | - **Findings and resolved vulnerabilities**: 15 months - product: Cloud SIEM data_type: | - **Signals**: 15 months - **Detections, notifications, suppressions**: Retained for the duration of the account - - product: Cloud Workload Security + - product: Workload Protection data_type: | - **Events**: 90 days - **Security signals**: 15 months diff --git a/content/en/datadog_cloudcraft/_index.md b/content/en/datadog_cloudcraft/_index.md index cf8e241aba0f1..12a0a12ddde86 100644 --- a/content/en/datadog_cloudcraft/_index.md +++ b/content/en/datadog_cloudcraft/_index.md @@ -32,7 +32,7 @@ Cloudcraft's core functionality is its ability to generate detailed architecture - [Resource collection][2] must be enabled for your AWS accounts. - For the best experience, Datadog strongly recommends using the AWS-managed [`SecurityAudit`][5] policy, or the more permissive [`ReadOnlyAccess`][6] policy. -- To view security misconfigurations on the [Security findings overlay](#security-findings), [CSM][3] must be enabled. +- To view security misconfigurations on the [Security findings overlay](#security-findings), [Cloud Security][3] must be enabled. **Note**: Cloudcraft adapts to restrictive permissions by excluding inaccessible resources. For example, if you opt to not grant permission to list S3 buckets, the diagram will simply exclude those buckets. If permissions block certain resources, an alert is displayed in the UI. @@ -125,7 +125,7 @@ Cloudcraft supports overlays that integrate various data sources and display the ### Security findings -The security findings overlay in Cloudcraft provides an overlay from CSM misconfigurations, allowing you to quickly identify CSM findings. This allows you to: +The security findings overlay in Cloudcraft provides an overlay from Cloud Security misconfigurations, allowing you to quickly identify Cloud Security findings. This allows you to: - Identify security issues in infrastructure diagrams. - View misconfigurations in context to analyze their impact and prioritize remediation. @@ -133,7 +133,7 @@ The security findings overlay in Cloudcraft provides an overlay from CSM misconf By default, the security overlay shows Critical, High, and Medium misconfigurations, but can be filtered at the bottom of the screen: -{{< img src="datadog_cloudcraft/csm_misconfigurations.png" alt="Screenshot of the CSM Misconfigurations hover in the Cloudcraft overlay section" width="50%" >}} +{{< img src="datadog_cloudcraft/csm_misconfigurations.png" alt="Screenshot of the Cloud Security Misconfigurations hover in the Cloudcraft overlay section" width="50%" >}} ### Agent Overlay diff --git a/content/en/developers/guide/data-collection-resolution.md b/content/en/developers/guide/data-collection-resolution.md index b148595e8dc82..75bcb09cfa924 100644 --- a/content/en/developers/guide/data-collection-resolution.md +++ b/content/en/developers/guide/data-collection-resolution.md @@ -11,60 +11,60 @@ algolia: Find below a summary of Datadog data [collection][1] and [resolution][2]. See information on [Data Retention Periods][8]. -| Product category | Source | Collection Methods | Collection interval | Minimum Resolution | -|------------------------|-------------------------|--------------------------|------------------------------|----------------------| -| APM | Profiles | Datadog Agent + tracing library | 60 seconds | 60 seconds | -| APM | Profile metrics | Datadog Agent + tracing library | 60 seconds | 60 seconds | -| APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | -| APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | -| APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | -| ASM | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | -| Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | -| CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | -| CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | -| Cloud | Alibaba | API crawler | 10 minutes ([default][4]) | 1 minute | -| Cloud | AWS | API crawler | 10 minutes ([default][4]) | 1 minute | -| Cloud | Azure | API crawler | 2 minutes ([default][4]) | 1 minute | -| Cloud | Google Cloud | API crawler | 5 minutes ([default][4]) | 1 minute | -| Cloud | Oracle Cloud Infrastructure | Metric collector | Real-time | 1 minute | -| Cloud Cost Management | AWS | Cost and Usage Report | 1 hour | 1 day | -| Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | -| Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | -| Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | -| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | -| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 millisecond | -| Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | -| Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | -| DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | -| DORA Metrics | Deployment Frequency, Change Lead Time, Change Failure Rate, Mean time to restore | API, Datadog products | Data source-dependent | 1 millisecond | -| Error Tracking | Error Tracking | Datadog products | Data source-dependent | 1 millisecond | -| Incident Management | Incident Management | Incident data | n/a | n/a | ∞ | -| Infrastructure | Agent integrations | Datadog Agent + enabled integrations | 15 seconds | 1 second | -| Infrastructure | Custom metrics (Agent check) | Datadog Agent + custom Agent check | 15 seconds | 1 second | -| Infrastructure | Custom metrics (API) | POST directly to Datadog's API | Real time | 1 second | -| Infrastructure | Custom metrics (StatsD) | Datadog Agent (built-in statsD collector) | 15 seconds | 1 second | -| Infrastructure | Events | Datadog Agent, integrations, or API | Real time | 1 second | -| Infrastructure | Orchestrator Explorer (Kubernetes) | Datadog Agent | 15 seconds | 15 seconds | 15 minutes | -| Infrastructure | Live containers | Datadog Agent + enabled Docker integration or Datadog container Agent | 2 seconds | 1 second | 36 hours | -| Infrastructure | Live processes | Datadog Agent + Process Agent | 2 seconds | 1 second | 36 hours | -| Infrastructure | Cloud Network Monitoring | System Probe | 30 seconds | 1 minute | -| Infrastructure | Network Device Monitoring | Datadog Agent | 15 seconds | 1 second | -| Infrastructure | NetFlow Monitoring | Datadog Agent | Real time | Aggregated over 5-minute interval | -| Infrastructure | System metrics | Datadog Agent | 15 seconds | 1 second | -| Logs | Logs | Datadog Agent + Logs, third-party log collectors, or API | Real time | 1 millisecond | Plan | -| Real User Monitoring | Real User Monitoring | RUM SDK | Real time | 1 millisecond | -| Real User Monitoring | Session Replays | RUM SDK | Real time | 1 millisecond | -| Service Management | Workflow Automation | Workflow executions | User-defined | n/a | -| Service Management | Service Level Objectives | Datadog monitors, Datadog Synthetic monitoring, or metrics (infrastructure, APM trace, custom) | Data source-dependent | Data source-dependent | -| Software Composition Analysis (SCA) | GitHub App | Source code | n/a | n/a | -| Synthetic Monitoring | API Test metrics | Datadog Synthetic Monitoring application | User-defined | 1 minute | -| Synthetic Monitoring | API Test results | Datadog Synthetic Monitoring application | User-defined | 1 minute | -| Synthetic Monitoring | Browser Test metrics | Datadog Synthetic Monitoring application | User-defined | 5 minutes | | -| Synthetic Monitoring | Browser Test results | Datadog Synthetic Monitoring application | User-defined | 5 minutes | -| Synthetic Monitoring | Batches | Datadog Synthetic Monitoring application (through calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7]) | Depending on calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7] | n/a | -| Test Optimization | Flaky test | Test Optimization Test spans | Data source-dependent | 1 millisecond | -| Test Optimization | Test span | Datadog Agent + tracing library | 60 seconds | 1 millisecond | -| USM | RED metrics | Datadog Agent | 30 seconds | 30 second | +| Product category | Source | Collection Methods | Collection interval | Minimum Resolution | +|-------------------------------------|-----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|-----------------------------------| +| APM | Profiles | Datadog Agent + tracing library | 60 seconds | 60 seconds | +| APM | Profile metrics | Datadog Agent + tracing library | 60 seconds | 60 seconds | +| APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | +| APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | +| APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | +| AAP | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | +| Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | +| CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | +| CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | +| Cloud | Alibaba | API crawler | 10 minutes ([default][4]) | 1 minute | +| Cloud | AWS | API crawler | 10 minutes ([default][4]) | 1 minute | +| Cloud | Azure | API crawler | 2 minutes ([default][4]) | 1 minute | +| Cloud | Google Cloud | API crawler | 5 minutes ([default][4]) | 1 minute | +| Cloud | Oracle Cloud Infrastructure | Metric collector | Real-time | 1 minute | +| Cloud Cost Management | AWS | Cost and Usage Report | 1 hour | 1 day | +| Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | +| Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | +| Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | +| Cloud Security | Findings | Datadog Cloud Security Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | +| Workload Protection | Signals | Datadog Workload Protection | Real time | 1 millisecond | +| Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | +| Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | +| DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | +| DORA Metrics | Deployment Frequency, Change Lead Time, Change Failure Rate, Mean time to restore | API, Datadog products | Data source-dependent | 1 millisecond | +| Error Tracking | Error Tracking | Datadog products | Data source-dependent | 1 millisecond | +| Incident Management | Incident Management | Incident data | n/a | n/a | +| Infrastructure | Agent integrations | Datadog Agent + enabled integrations | 15 seconds | 1 second | +| Infrastructure | Custom metrics (Agent check) | Datadog Agent + custom Agent check | 15 seconds | 1 second | +| Infrastructure | Custom metrics (API) | POST directly to Datadog's API | Real time | 1 second | +| Infrastructure | Custom metrics (StatsD) | Datadog Agent (built-in statsD collector) | 15 seconds | 1 second | +| Infrastructure | Events | Datadog Agent, integrations, or API | Real time | 1 second | +| Infrastructure | Orchestrator Explorer (Kubernetes) | Datadog Agent | 15 seconds | 15 seconds | +| Infrastructure | Live containers | Datadog Agent + enabled Docker integration or Datadog container Agent | 2 seconds | 1 second | +| Infrastructure | Live processes | Datadog Agent + Process Agent | 2 seconds | 1 second | +| Infrastructure | Cloud Network Monitoring | System Probe | 30 seconds | 1 minute | +| Infrastructure | Network Device Monitoring | Datadog Agent | 15 seconds | 1 second | +| Infrastructure | NetFlow Monitoring | Datadog Agent | Real time | Aggregated over 5-minute interval | +| Infrastructure | System metrics | Datadog Agent | 15 seconds | 1 second | +| Logs | Logs | Datadog Agent + Logs, third-party log collectors, or API | Real time | 1 millisecond | +| Real User Monitoring | Real User Monitoring | RUM SDK | Real time | 1 millisecond | +| Real User Monitoring | Session Replays | RUM SDK | Real time | 1 millisecond | +| Service Management | Workflow Automation | Workflow executions | User-defined | n/a | +| Service Management | Service Level Objectives | Datadog monitors, Datadog Synthetic monitoring, or metrics (infrastructure, APM trace, custom) | Data source-dependent | Data source-dependent | +| Software Composition Analysis (SCA) | GitHub App | Source code | n/a | n/a | +| Synthetic Monitoring | API Test metrics | Datadog Synthetic Monitoring application | User-defined | 1 minute | +| Synthetic Monitoring | API Test results | Datadog Synthetic Monitoring application | User-defined | 1 minute | +| Synthetic Monitoring | Browser Test metrics | Datadog Synthetic Monitoring application | User-defined | 5 minutes | +| Synthetic Monitoring | Browser Test results | Datadog Synthetic Monitoring application | User-defined | 5 minutes | +| Synthetic Monitoring | Batches | Datadog Synthetic Monitoring application (through calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7]) | Depending on calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7] | n/a | +| Test Optimization | Flaky test | Test Optimization Test spans | Data source-dependent | 1 millisecond | +| Test Optimization | Test span | Datadog Agent + tracing library | 60 seconds | 1 millisecond | +| USM | RED metrics | Datadog Agent | 30 seconds | 30 second | ## Further reading diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index 2fca7185e5b99..f2d5010f80bf8 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -120,8 +120,8 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/synthetics" >}}Synthetic Monitoring: Start testing and monitoring your API endpoints and key business journeys with Synthetic tests.{{< /nextlink >}} {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} -{{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} -{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security Management: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} +{{< nextlink href="/getting_started/application_security" >}}App and API Protection: Discover best practices for getting your team up and running with AAP.{{< /nextlink >}} +{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security: Discover best practices for getting your team up and running with Cloud Security.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} {{< nextlink href="/getting_started/ci_visibility" >}}CI Visibility: Collect CI pipeline data by setting up integrations with your CI providers.{{< /nextlink >}} diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index d6b5339508aab..78ab4db870c42 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -6,12 +6,12 @@ This guide introduces the Infrastructure Monitoring DevSecOps bundles, with link ## Infrastructure DevSecOps -The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security Management (CSM)][3]. +The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security][3]. {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} -Infrastructure DevSecOps Pro includes [Containers][1], [Serverless][2], and [CSM Pro][3]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][4]. +Infrastructure DevSecOps Pro includes [Containers][1], [Serverless][2], and [Cloud Security Pro][3]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][4]. ### Setup @@ -21,9 +21,9 @@ To get started with Infrastructure DevSecOps Pro, [install and configure the Dat - [Serverless][2] - [Integrations][4] -After you install the Agent, configure CSM Pro for your environment. +After you install the Agent, configure Cloud Security Pro for your environment. -- [Cloud Security Management Pro][6] +- [Cloud Security Pro][6] ### Next steps @@ -34,7 +34,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: - [Host and Container Maps][9]: Visualize your hosts and containers - [Live Containers][10]: Gain real-time visibility into all containers across your environment - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless applications -- [Cloud Security Management][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ @@ -51,7 +51,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: {{% /tab %}} {{% tab "Infrastructure DevSecOps Enterprise" %}} -Infrastructure DevSecOps Enterprise includes [Containers][1], [Serverless][2], [Live Processes][3], and [CSM Enterprise][4]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][5]. +Infrastructure DevSecOps Enterprise includes [Containers][1], [Serverless][2], [Live Processes][3], and [Cloud Security Enterprise][4]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][5]. ### Setup @@ -62,9 +62,9 @@ To get started with Infrastructure DevSecOps Enterprise, [install and configure - [Live Processes][7] - [Integrations][5] -After you install the Agent, configure CSM Enterprise for your environment. +After you install the Agent, configure Cloud Security Enterprise for your environment. -- [Cloud Security Management Enterprise][8] +- [Cloud Security Enterprise][8] ### Next steps @@ -78,7 +78,7 @@ Learn more about the features included with Infrastructure DevSecOps Enterprise: - [Live Processes][14]: Gain real-time visibility into the process running on your infrastructure - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless - [Watchdog][15]: Automatically detect potential application and infrastructure issues -- [Cloud Security Management][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ diff --git a/content/en/getting_started/integrations/aws.md b/content/en/getting_started/integrations/aws.md index 9dfdb5f22c452..27a85d78ecf93 100644 --- a/content/en/getting_started/integrations/aws.md +++ b/content/en/getting_started/integrations/aws.md @@ -114,7 +114,7 @@ Before getting started, ensure you have the following prerequisites: a. Select the AWS regions to integrate with. b. Add your Datadog [API key][9]. c. Optionally, send logs and other data to Datadog with the [Datadog Forwarder Lambda][1]. - d. Optionally, enable [Cloud Security Management Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + d. Optionally, enable [Cloud Security Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. 5. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack. All the parameters are filled in based on your selections in the prior Datadog form, so you do not need to edit those unless desired. **Note:** The `DatadogAppKey` parameter enables the CloudFormation stack to make API calls to Datadog to add and edit the Datadog configuration for this AWS account. The key is automatically generated and tied to your Datadog account. @@ -208,9 +208,9 @@ Additionally, you can use [Watchdog][49], an algorithmic feature for APM perform Review [Getting Started with Cloud SIEM][50] to evaluate your logs against the out-of-the-box [Log Detection Rules][51]. These rules are customizable, and when threats are detected, they generate security signals which can be accessed on the [Security Signals Explorer][52]. To ensure that the correct team is notified, use [Notification Rules][53] to configure notification preferences across multiple rules. -#### Cloud Security Management Misconfigurations +#### Cloud Security Misconfigurations -Use the [Setting Up CSM Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. +Use the [Setting Up Cloud Security Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. ### Troubleshooting diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index 967240d379d7e..49096c9e80fc4 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -272,12 +272,12 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo {{< img src="integrations/google_cloud_platform/security_findings.png" alt="The security findings tab in the Google Cloud integration tile" style="width:90%;" >}} -### Cloud Security Management +### Cloud Security -Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. -Check out the [Setting up Cloud Security Management guide][49] to get started. +Datadog Cloud Security delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. +Check out the [Setting up Cloud Security guide][49] to get started. -After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. +After setting up Cloud Security, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and Cloud Security. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. {{< img src="integrations/google_cloud_platform/resource_collection.png" alt="The resource collection tab in the Google Cloud integration tile" style="width:100%;" >}} diff --git a/content/en/getting_started/security/_index.md b/content/en/getting_started/security/_index.md index 72ea4a0d562e4..f448d59c59e2a 100644 --- a/content/en/getting_started/security/_index.md +++ b/content/en/getting_started/security/_index.md @@ -4,7 +4,7 @@ title: Getting Started with Security {{< whatsnext desc=" " >}} {{< nextlink href="getting_started/security/application_security" tag="documentation" >}}Getting Started with Application Security{{< /nextlink >}} - {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security{{< /nextlink >}} {{< nextlink href="getting_started/security/cloud_siem" tag="documentation" >}}Getting Started with Cloud SIEM{{< /nextlink >}} {{< nextlink href="getting_started/code_security" tag="documentation" >}}Getting Started with Code Security{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/getting_started/security/application_security.md b/content/en/getting_started/security/application_security.md index 4930ded86c752..42ab607f37d4a 100644 --- a/content/en/getting_started/security/application_security.md +++ b/content/en/getting_started/security/application_security.md @@ -1,5 +1,5 @@ --- -title: Getting Started with Application Security Management +title: Getting Started with App and API Protection aliases: - /security/security_monitoring/getting_started/ - /getting_started/application_security @@ -9,7 +9,7 @@ further_reading: text: "Application Security terms and concepts" - link: "/security/application_security/how-appsec-works" tag: "Documentation" - text: "How Application Security Management works" + text: "How App and API Protection works" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -20,20 +20,20 @@ further_reading: ## Overview -Datadog Application Security Management (ASM) helps secure your web applications and APIs in production. +Datadog App and API Protection (AAP) helps secure your web applications and APIs in production. - With threat detection, Datadog provides real-time protection against attacks and attackers targeting code-level vulnerabilities. - With [Code Security][28], Datadog detects code and library vulnerabilities in your repositories and your running services, providing end-to-end visibility from development to production. -This guide walks you through best practices for getting your team up and running with ASM. +This guide walks you through best practices for getting your team up and running with AAP. ## Identify services that have security risk -**Identify services vulnerable or exposed to attacks** that would benefit from ASM. On the [**Software Catalog > Security page**,][1] view and select the services you wish to enable. +**Identify services vulnerable or exposed to attacks** that would benefit from AAP. On the [**Software Catalog > Security page**,][1] view and select the services you wish to enable. -{{< img src="getting_started/appsec/ASM_activation_service_selection_v2.png" alt="ASM Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} +{{< img src="getting_started/appsec/ASM_activation_service_selection_v2.png" alt="AAP Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} -These security insights are detected from data reported by APM. The insights help prioritize your security efforts. ASM identifies, prioritizes, and helps remediate all security risks on your services. +These security insights are detected from data reported by APM. The insights help prioritize your security efforts. AAP identifies, prioritizes, and helps remediate all security risks on your services. **Note**: If no vulnerabilities or suspicious requests are reported, ensure your services are using a recent Datadog tracing library version. From the [Security Software Catalog][2], open any service's side panel and look at its **Tracing Configuration**. @@ -41,26 +41,26 @@ These security insights are detected from data reported by APM. The insights hel {{< img src="getting_started/appsec/ASM_Tracing_Configuration.png" alt="Tracer Configuration tab in APM Software Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services." style="width:100%;" >}} -## Enable ASM +## Enable AAP -### Enable ASM with in-app instructions +### Enable AAP with in-app instructions - To enable Threat Management in-app, navigate to [**Application Security > Setup**][29]. - To enable Code Security in-app, navigate to [**Code Security > Setup**][29]. - -### Enable ASM with Remote Configuration +### Enable AAP with Remote Configuration #### Prerequisites: - Datadog Agent versions 7.42.0 or higher installed on your hosts or containers. - Datadog Tracer versions are [compatible with Remote Configuration][17]. @@ -73,8 +73,8 @@ These security insights are detected from data reported by APM. The insights hel See [Setting up Remote Configuration][21] for more information. -### Test ASM -Once enabled, ASM immediately identifies application vulnerabilities and detects attacks and attackers targeting your services. +### Test AAP +Once enabled, AAP immediately identifies application vulnerabilities and detects attacks and attackers targeting your services. 1. **Validate vulnerabilities**: Navigate to the [Vulnerabilities tab][14], triage and remediate your vulnerabilities. 2. **Validate attacks**: Send attack patterns to trigger a test detection rule. From your terminal, run the following script: @@ -91,9 +91,9 @@ Once enabled, ASM immediately identifies application vulnerabilities and detects 3. Go to [Security Signals Explorer][6] to see the signal that is generated after a few seconds. -## Disable ASM +## Disable AAP -For information on disabling ASM or its related capabilities, see the following: +For information on disabling AAP or its related capabilities, see the following: - [Disabling threat management and protection][24] - [Disabling Code Security (SAST, SCA, or IAST)][27] diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 6a141f0d53b39..95203e409eb8f 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -1,29 +1,20 @@ --- -title: Getting Started with Cloud Security Management +title: Getting Started with Cloud Security aliases: - /getting_started/cloud_security_management further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Cloud Security Management" + text: "Cloud Security" - link: "/infrastructure/resource_catalog/schema/" tag: "Documentation" text: "Cloud Resources Schema Reference" - link: "https://www.datadoghq.com/blog/automate-end-to-end-processes-with-datadog-workflows/" tag: "Blog" text: "Automate end-to-end processes with Datadog Workflows" -- link: "https://www.datadoghq.com/blog/csm-at-datadog/" - tag: "Blog" - text: "How we use Datadog CSM to improve security posture in our cloud infrastructure" - link: "https://www.datadoghq.com/blog/detecting-leaked-credentials/" tag: "Blog" text: "How we detect and notify users about leaked Datadog credentials" -- link: "https://www.datadoghq.com/blog/security-posture-csm/" - tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" -- link: "https://www.datadoghq.com/blog/agentless-scanning/" - tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -34,28 +25,28 @@ further_reading: ## Overview -[Datadog Cloud Security Management][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +[Datadog Cloud Security][1] delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. -With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. +With Cloud Security, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with Cloud Security. ## Phase 1: Deployment -1. Using [Agentless][34] and/or the [Datadog Agent (version 7.46 or above)][4], [enable CSM for your cloud resources and infrastructure][5]: +1. Using [Agentless][34] and/or the [Datadog Agent (version 7.46 or above)][4], [enable Cloud Security for your cloud resources and infrastructure][5]: - **[Threats][3]**: Kubernetes, Docker, and host-based installations. - **[Misconfigurations][2]**: AWS, Azure, GCP, Kubernetes, and Docker instructions. - **[Identity Risks][28]**: Enable AWS resource collection and Cloudtrail logs forwarding. - **[Vulnerabilities][6]**: Container image scanning and host scanning instructions for AWS, Azure, Kubernetes, ECS EC2 instances, and host-based installations. -1. Check out the [CSM homepage][13] to get an overview of your organization's risks and threats. +1. Check out the [Cloud Security homepage][13] to get an overview of your organization's risks and threats. 1. Review [500+ out-of-the-box Threats and Misconfigurations detection rules][14]. -1. Explore [security signals][15] and review [CSM Misconfigurations findings][16]. +1. Explore [security signals][15] and review [Cloud Security Misconfigurations findings][16]. 1. Review and remediate identity risks on the [Identity Risks][29] page. 1. Review container vulnerabilities on the [Container Images][25] page, and a consolidated list of vulnerabilities on the [Infrastructure Vulnerability][30] page. 1. Set up [notification rules][17] and receive alerts using Slack, Jira, email, and more. ## Phase 2: Customization -1. Set up [CSM Threats suppression rules][18] to reduce noise. -2. Create custom detection rules for [CSM Misconfigurations][19] and [CSM Threats][20]. +1. Set up [Workload Protection suppression rules][18] to reduce noise. +2. Create custom detection rules for [Cloud Security Misconfigurations][19] and [Workload Protection][20]. ## Phase 3: Reports and dashboards @@ -63,12 +54,12 @@ With CSM, Security and DevOps teams can act on the shared context of observabili 2. Use out-of-the-box dashboards or [create your own][22] for faster investigations, reporting, and monitoring. 3. Subscribe to the weekly [security digest][31] reports to begin investigation and remediation of the most important new security issues discovered in the last seven days. -## Disable CSM +## Disable Cloud Security -For information on disabling CSM, see the following: +For information on disabling Cloud Security, see the following: -- [Disable CSM Vulnerabilities][32] -- [Disable CSM Threats][33] +- [Disable Cloud Security Vulnerabilities][32] +- [Disable Workload Protection][33] ## Further reading @@ -97,6 +88,6 @@ For information on disabling CSM, see the following: [29]: https://app.datadoghq.com/security/identities [30]: https://app.datadoghq.com/security/infra-vulnerability [31]: https://app.datadoghq.com/security/configuration/reports -[32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities +[32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities [33]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats [34]: /security/cloud_security_management/setup/cloud_integrations \ No newline at end of file diff --git a/content/en/glossary/terms/resource.md b/content/en/glossary/terms/resource.md index e18414965a8c0..198e16aa5642a 100644 --- a/content/en/glossary/terms/resource.md +++ b/content/en/glossary/terms/resource.md @@ -6,4 +6,4 @@ core_product: --- 1. In APM, a resource is a particular domain of an application, typically an instrumented web endpoint, database query, or background job. 2. In RUM, a resource is a type of event. A resource event is generated for images, XHR, Fetch, CSS, or JS libraries loaded on a page. -3. In Cloud Security Management Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file +3. In Cloud Security Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file diff --git a/content/en/glossary/terms/security_posture_score.md b/content/en/glossary/terms/security_posture_score.md index 0ea060ace1d06..772b27726204e 100644 --- a/content/en/glossary/terms/security_posture_score.md +++ b/content/en/glossary/terms/security_posture_score.md @@ -10,7 +10,7 @@ core_product: {{< jqmath-vanilla >}} -Available for [Cloud Security Management Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. +Available for [Cloud Security Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. **Formula**: diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index 334b251b2f817..d2af777771bf8 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -6,18 +6,18 @@ further_reading: text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" - link: "/security/cloud_security_management/vulnerabilities" tag: "Documentation" - text: "Cloud Security Management Vulnerabilities" + text: "Cloud Security Vulnerabilities" - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities/" tag: "Documentation" - text: "Troubleshooting Cloud Security Management Vulnerabilities" + text: "Troubleshooting Cloud Security Vulnerabilities" --- ## Overview -The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security Management][2] (CSM) to help you streamline your security efforts. +The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security][2] to help you streamline your security efforts. {{< img src="security/vulnerabilities/container_images.png" alt="The container images view highlighting vulnerabilities and container column sort feature" width="100%">}} @@ -35,7 +35,7 @@ To enable live container collection, see the [containers][3] documentation. It p ### Image collection -Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security Management][8] (CSM) vulnerabilities. +Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security][8] vulnerabilities. #### Enable container image collection @@ -101,10 +101,10 @@ container_image: #### Enable SBOM collection -The following instructions turn on [Software Bill of Materials][5] (SBOM) collection for CSM Vulnerabilities. SBOM collection enables automatic detection of container image vulnerabilities. Vulnerabilities are evaluated and scanned against your containers every hour. Vulnerability management for container images is included in [CSM Pro and Enterprise plans][10]. +The following instructions turn on [Software Bill of Materials][5] (SBOM) collection for Cloud Security Vulnerabilities. SBOM collection enables automatic detection of container image vulnerabilities. Vulnerabilities are evaluated and scanned against your containers every hour. Vulnerability management for container images is included in [Cloud Security Pro and Enterprise plans][10]. **Notes**: -- The CSM Vulnerabilities feature is not available for AWS Fargate or Windows environments. +- The Cloud Security Vulnerabilities feature is not available for AWS Fargate or Windows environments. - SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the [Disable Image streaming][11] section of the GKE docs. {{< tabs >}} diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 0d59b14b7922d..c992386b10272 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -8,10 +8,10 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Cloud Security Management Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/threats/" tag: "Documentation" - text: "Cloud Security Management Threats" + text: "Workload Protection" - link: "https://www.datadoghq.com/blog/datadog-resource-catalog/" tag: "Blog" text: "Govern your infrastructure resources with the Datadog Resource Catalog" @@ -54,13 +54,13 @@ Resource Catalog leverages Datadog cloud integrations and the Datadog Agent to g ## Setup -By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security Management][1] for each cloud account. +By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security][1] for each cloud account. {{< img src="/infrastructure/resource_catalog/resource-catalog-doc-img-2.png" alt="The Resource Catalog configuration page for extending resource collection" width="100%">}} **Note**: - Extending resource collection does _not_ incur additional costs. The Resource Catalog is a free product for Infrastructure Monitoring customers. -- Enabling Cloud Security Management automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. +- Enabling Cloud Security automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the Cloud Security product. ## Browse the Resource Catalog diff --git a/content/en/infrastructure/resource_catalog/schema.md b/content/en/infrastructure/resource_catalog/schema.md index 1b2cc3d0b0bf9..ed700fab56a5b 100644 --- a/content/en/infrastructure/resource_catalog/schema.md +++ b/content/en/infrastructure/resource_catalog/schema.md @@ -14,12 +14,12 @@ list_section: {{< site-region region="gov" >}}
-CSM Misconfigurations is not available in the selected site. +Cloud Security Misconfigurations is not available in the selected site.
{{< /site-region >}} The following resource types are available within [Resource catalog][2] for filtering. -See [custom rules in CSM Misconfigurations][1] for more information. +See [custom rules in Cloud Security Misconfigurations][1] for more information. [1]: /security/cloud_security_management/misconfigurations/custom_rules/ [2]: /infrastructure/resource_catalog diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index 27fc1425d96fd..8cada2cd2470c 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -32,8 +32,8 @@ The Datadog CloudFormation StackSet performs the following steps: 1. Deploys the Datadog AWS CloudFormation Stack in every account under an AWS Organization or Organizational Unit. 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. -4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Management Misconfigurations (CSM Misconfigurations) specific use cases. -5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. +4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Misconfigurations specific use cases. +5. Optionally configures Cloud Security Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -60,8 +60,8 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - Select your Datadog APP key on Datadog AWS integration configuration page and use it in the `DatadogAppKey` parameter in the StackSet. - *Optionally:* - a. Enable [Cloud Security Management Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. - b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. + a. Enable [Cloud Security Misconfigurations][5] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [Cloud Security Misconfigurations][5] specific use cases. 3. **Configure StackSet options** Keep the **Execution configuration** option as `Inactive` so the StackSet performs one operation at a time. diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index 463c1fb4dceb7..d378d69037ec6 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -117,12 +117,12 @@ The implications of restricting access below the Monitoring Reader role are: - Partial or total loss of monitoring data - Partial or total loss of metadata in the form of tags on your resource metrics - - Partial or total loss of data for [Cloud Security Management Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] + - Partial or total loss of data for [Cloud Security Misconfigurations][3] or [Resource Catalog][4] - Partial or total loss of Datadog-generated metrics The implications of restricting or omitting the Azure AD roles are: - - Partial or total loss of metadata for Azure AD resources in CSM Misconfigurations + - Partial or total loss of metadata for Azure AD resources in Cloud Security Misconfigurations - Partial or total loss of credential expiration monitoring for Azure AD resources [1]: /getting_started/site/ diff --git a/content/en/integrations/guide/azure-manual-setup.md b/content/en/integrations/guide/azure-manual-setup.md index 968ea1f3cafb5..8b645c98459ca 100644 --- a/content/en/integrations/guide/azure-manual-setup.md +++ b/content/en/integrations/guide/azure-manual-setup.md @@ -172,7 +172,7 @@ A form to create a new app registration is displayed: **Note**: If you've selected to monitor individual subscriptions rather than a management group, select the subscriptions to monitor from the **Subscriptions to monitor** dropdown. -13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security Management][17]. +13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security][17]. 14. Click **Review + create**, then click **Create**. diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index f3161c2c7d145..09408c4ef846e 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -298,11 +298,11 @@ The Azure portal provides a read-only view of the API keys. To manage the keys, The Azure Datadog integration allows you to install the Datadog Agent on a VM or app service. If there is no default key selected, a Datadog Agent installation fails. -### Cloud Security Management Misconfigurations +### Cloud Security Misconfigurations -Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Management Misconfigurations (CSM Misconfigurations)][8]. +Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Misconfigurations][8]. -By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. +By default, Cloud Security Misconfigurations is not enabled. To enable Cloud Security Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog Cloud Security Misconfigurations for any subscriptions associated with the Datadog resource. To disable, uncheck the box and click **Save**. diff --git a/content/en/metrics/summary.md b/content/en/metrics/summary.md index f311bcaa2e6ca..5285918f5196c 100644 --- a/content/en/metrics/summary.md +++ b/content/en/metrics/summary.md @@ -203,7 +203,7 @@ This table shows the mapping between the metric origin as seen in the facet and | API Catalog | Timeseries sent by the Datadog [Software Catalog][13] product from the APIM Endpoint. | APM | Timeseries sent by the Datadog APM product for metrics generated from traces and span metrics. | Agent | Timeseries sent by the Datadog Agent, collected from [Agent integrations][10], [built-in integrations][9], [DogStatsD][32], or [custom Agent checks][33]. -| CSM | Timeseries sent by the Datadog [Cloud Security Monitoring][14] product. +| Cloud Security | Timeseries sent by the Datadog [Cloud Security][14] product. | Cloud Integrations | Timeseries collected from cloud providers like AWS, Azure, and Google Cloud etc. from their respective integrations. | DBM | Timeseries sent by the Datadog [Database Monitoring][15] product, including insights into MySQL, Oracle, and Postgres activities/queries/locks. | DSM | Timeseries sent by the Datadog [Data Streams Monitoring][16] product, for metrics generated from the DSM spans and traces. diff --git a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md index e6c3f69b790b5..221e900c8a16c 100644 --- a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md +++ b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md @@ -380,7 +380,7 @@ The top of the sidepanel displays common client and server tags shared by the in ### Security -The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. +The **Security** tab highlights potential network threats and findings detected by [Workload Protection][6] and [Cloud Security Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. ## Further Reading diff --git a/content/en/opentelemetry/agent/install_agent_with_collector.md b/content/en/opentelemetry/agent/install_agent_with_collector.md index 831f84dd8cae2..9ee7c15b777b5 100644 --- a/content/en/opentelemetry/agent/install_agent_with_collector.md +++ b/content/en/opentelemetry/agent/install_agent_with_collector.md @@ -164,7 +164,7 @@ To explicitly override the default ports, use `features.otelCollector.ports` par 4. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-agent.yaml" collapsible="true" >}} # Enable Features @@ -312,7 +312,7 @@ If you don't want to expose the port, you can use the Agent service instead: 5. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-values.yaml" collapsible="true" >}} datadog: diff --git a/content/en/opentelemetry/agent/migration.md b/content/en/opentelemetry/agent/migration.md index dff600b177f65..8cb0f70d375a5 100644 --- a/content/en/opentelemetry/agent/migration.md +++ b/content/en/opentelemetry/agent/migration.md @@ -228,7 +228,7 @@ datadog: ``` 1. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-values.yaml" collapsible="true" >}} datadog: ... diff --git a/content/en/opentelemetry/compatibility.md b/content/en/opentelemetry/compatibility.md index 679b8a0b9b771..1cf0c53fb207e 100644 --- a/content/en/opentelemetry/compatibility.md +++ b/content/en/opentelemetry/compatibility.md @@ -46,7 +46,7 @@ The following table shows Datadog feature compatibility across different setups: | [Live Container Monitoring/Kubernetes Explorer][20] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Live Processes][16] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Universal Service Monitoring][17] (USM) | |{{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | -| [Application Security Management][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | +| [App and API Protection][11] (AAP) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Continuous Profiler][12] | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Jobs Monitoring][13] (DJM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Streams Monitoring][15] (DSM) | {{< tooltip text="N/A" tooltip="OTel does not offer DSM functionality" >}}| | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | diff --git a/content/en/opentelemetry/instrument/api_support/_index.md b/content/en/opentelemetry/instrument/api_support/_index.md index d29280e2e9bc7..778ace53f4b34 100644 --- a/content/en/opentelemetry/instrument/api_support/_index.md +++ b/content/en/opentelemetry/instrument/api_support/_index.md @@ -31,7 +31,7 @@ By [instrumenting your code with OpenTelemetry APIs][2], your code: - Remains free of vendor-specific API calls. - Does not depend on Datadog tracing libraries at compile time (only runtime). -Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [Application Security Management][5], and [Live Processes][6]. +Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [App and API Protection][5], and [Live Processes][6]. To learn more, follow the link for your language: diff --git a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md index da98290ea1920..dcbd4a95724a7 100644 --- a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md +++ b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md @@ -21,7 +21,7 @@ further_reading: OTLP Ingest in the Agent is a way to send telemetry data directly from applications instrumented with [OpenTelemetry SDKs][1] to Datadog Agent. Since versions 6.32.0 and 7.32.0, the Datadog Agent can ingest OTLP traces and [OTLP metrics][2] through gRPC or HTTP. Since versions 6.48.0 and 7.48.0, the Datadog Agent can ingest OTLP logs through gRPC or HTTP. -OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as Application Security Management, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. +OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as App and API Protection, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. {{< img src="/opentelemetry/setup/dd-agent-otlp-ingest.png" alt="Diagram: OpenTelemetry SDK sends data through OTLP protocol to a Collector with Datadog Exporter, which forwards to Datadog's platform." style="width:100%;" >}} diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 777940865836a..a7d6bb497142e 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -23,10 +23,10 @@ further_reading: text: "Begin detecting threats with Cloud SIEM" - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" - text: "Uncover kernel-level threats with CSM Threats" + text: "Uncover kernel-level threats with Workload Protection" - link: "https://securitylabs.datadoghq.com/" tag: "Security Labs" text: "Read about security-related topics on Datadog's Security Labs blog" @@ -87,11 +87,11 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security Management](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [App and API Protection](#app-and-api-protection), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security). To learn more, check out the [30-second Product Guided Tour][14]. -## Application Security +## App and API Protection -Datadog [Application Security][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). ASM leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. +Datadog [App and API Protection (AAP)][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. In addition to threat detection, Datadog provides end-to-end code and library vulnerability detection from development to production with [Code Security][20], which includes the following capabilities: - [Static Code Analysis (SAST)][21] for identifying security and quality issues in your first-party code @@ -106,13 +106,13 @@ In addition to threat detection, Datadog provides end-to-end code and library vu {{< img src="security/security_monitoring/cloud_siem_overview_2.png" alt="The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends" width="100%">}} -## Cloud Security Management +## Cloud Security -[Cloud Security Management (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. +[Cloud Security][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. -CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. +Cloud Security includes [Workload Protection][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues" width="100%">}} To get started with Datadog Security, navigate to the [**Security** > **Setup**][9] page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform. diff --git a/content/en/security/access_control.md b/content/en/security/access_control.md index 0bc804e995a3f..d68b7b1ec4879 100644 --- a/content/en/security/access_control.md +++ b/content/en/security/access_control.md @@ -5,10 +5,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec further_reading: diff --git a/content/en/security/account_takeover_protection.md b/content/en/security/account_takeover_protection.md index d8e072482231c..de764501b0ff6 100644 --- a/content/en/security/account_takeover_protection.md +++ b/content/en/security/account_takeover_protection.md @@ -4,16 +4,16 @@ disable_toc: false further_reading: - link: "security/application_security/terms/" tag: "Documentation" - text: "ASM Terms and Concepts" + text: "AAP Terms and Concepts" - link: "security/application_security/threats/add-user-info/?tab=set_user" tag: "Documentation" text: "User Monitoring and Protection" - link: "security/application_security/guide/" tag: "Documentation" - text: "Application Security Management Guides" + text: "App and API Protection Guides" --- -ASM provides account takeover (ATO) protection to detect and mitigate account takeover attacks. +App and API Protection (AAP) provides account takeover (ATO) protection to detect and mitigate account takeover attacks. ATO protection has the following benefits: @@ -54,11 +54,11 @@ Brute force ## Setting up ATO detection and prevention -ASM provides managed detections of ATO attacks. +AAP provides managed detections of ATO attacks. Effective ATO detection and prevention requires the following: -1. Instrumenting your production login endpoints. This enables detection with ASM-managed rules. +1. Instrumenting your production login endpoints. This enables detection with AAP-managed rules. 2. Remote configuration. This enables blocking attacks and pushing remote instrumentation from the Datadog user interface. 3. Notifications. Ensures you are notified of compromised accounts. 4. Reviewing your first detection. Understand how automated protection fits in with your attacks and escalation requirements. @@ -86,7 +86,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Remote Configuration -[Remote Configuration][4] enables ASM users to instrument apps with custom [business logic][5] data in near real time. +[Remote Configuration][4] enables AAP users to instrument apps with custom [business logic][5] data in near real time. ## Notifications @@ -95,7 +95,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Review your first detection -ASM highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. +AAP highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. {{An Account Takeover signal showing different highlighted areas of interest}} @@ -166,11 +166,11 @@ Blocking advanced distributed attacks is often a business decision because attac Here are three critical components for success in mitigating these attacks: -1. Proper onboarding: Are you configured for blocking with ASM? +1. Proper onboarding: Are you configured for blocking with AAP? 2. Proper configuration: Ensure you have correctly set client IPs and X-Forwarded-For (XFF) HTTP headers. 3. Internal communication plans: Communication with security teams, service owners, and product leads is critical to understanding the impact of mitigating large scale attacks. -
Responders can identify service owners using the tags in all ASM signals.
+
Responders can identify service owners using the tags in all AAP signals.
### Know your trends @@ -197,7 +197,7 @@ Many consumer applications have low occurrences of user authentication from data #### Proxies -Datadog uses [Spur][8] to determine if an IP is a proxy. Datadog correlates indicators of compromise (IOCs) with account takeover attacks for faster detection with the ASM-managed account takeover rules. +Datadog uses [Spur][8] to determine if an IP is a proxy. Datadog correlates indicators of compromise (IOCs) with account takeover attacks for faster detection with the AAP-managed account takeover rules. Datadog recommends never blocking IP addresses solely based on threat intelligence IOCs for IP addresses. See our threat intelligence [best practices][9] for details. @@ -242,7 +242,7 @@ Develop an incident response plan using the following post compromise steps: 1. Monitoring compromised user accounts. 2. Plan to invalidate credentials and contact users to update credentials. -3. Consider blocking users using ASM. +3. Consider blocking users using AAP. Attack motivation can influence post-compromise activity. Attackers wanting to resell accounts are unlikely to use accounts immediately after a compromise. Attackers attempting to access stored funds will use accounts immediately after compromise. diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md index 4811cff838d5e..5861c3002f7cb 100644 --- a/content/en/security/application_security/_index.md +++ b/content/en/security/application_security/_index.md @@ -1,5 +1,5 @@ --- -title: Application Security Management +title: App and API Protection description: Monitor threats targeting production system, leveraging the execution context provided by distributed traces. aliases: - /security_platform/application_security @@ -10,7 +10,7 @@ aliases: further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App and API Protection Works" - link: "/security/application_security/threats/" tag: "Documentation" text: "Threat Management" @@ -19,19 +19,10 @@ further_reading: text: "Software Composition Analysis" - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/" tag: "Product Page" - text: "Datadog Application Security Management" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog ASM" + text: "Datadog App and API Protection" - link: "https://www.datadoghq.com/blog/apm-security-view/" tag: "Blog" text: "Gain visibility into risks, vulnerabilities, and attacks with APM Security View" -- link: "https://www.datadoghq.com/blog/block-attackers-application-security-management-datadog/" - tag: "Blog" - text: "Block attackers in your apps and APIs with Datadog Application Security Management" -- link: "https://www.datadoghq.com/blog/threat-modeling-datadog-application-security-management/" - tag: "Blog" - text: "Threat modeling with Datadog Application Security Management" - link: "https://www.datadoghq.com/blog/aws-waf-datadog/" tag: "Blog" text: "Monitor AWS WAF activity with Datadog" @@ -46,39 +37,39 @@ algolia: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}} -Datadog Application Security Management (ASM) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. +Datadog App and API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. -ASM leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. +AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, AAP leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats. -Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by ASM and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel. +Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by AAP and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel. -With ASM, you can cut through the noise of continuous trace data to focus on securing and protecting your environment. +With AAP, you can cut through the noise of continuous trace data to focus on securing and protecting your environment. -Until you fully remediate the potential vulnerabilities in your application code, ASM enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click. +Until you fully remediate the potential vulnerabilities in your application code, AAP enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click. ## Understanding how application security is implemented in Datadog -If you're curious how Application Security Management is structured and how it uses tracing data to identify security problems, read [How Application Security Management Works][3]. +If you're curious how App and API Protection is structured and how it uses tracing data to identify security problems, read [How App and API Protection Works][3]. ## Configure your environment -Powered by provided [out-of-the-box rules][4], ASM detects threats without manual configuration. If you already have Datadog [APM][1] configured on a physical or virtual host, setup only requires setting one environment variable to get started. +Powered by provided [out-of-the-box rules][4], AAP detects threats without manual configuration. If you already have Datadog [APM][1] configured on a physical or virtual host, setup only requires setting one environment variable to get started. -To start configuring your environment to detect and protect threats with ASM, follow the enabling documentation for each product. Once ASM is configured, you can begin investigating and remediating security signals in the [Security Signals Explorer][6]. +To start configuring your environment to detect and protect threats with AAP, follow the enabling documentation for each product. Once AAP is configured, you can begin investigating and remediating security signals in the [Security Signals Explorer][6]. ## Investigate and remediate security signals In the [Security Signals Explorer][6], click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context. -## Disable ASM -For information on disabling ASM or its features, see the following: +## Disable AAP +For information on disabling AAP or its features, see the following: - [Disabling threat management and protection][10] diff --git a/content/en/security/application_security/api-inventory/_index.md b/content/en/security/application_security/api-inventory/_index.md index 2d7444b657f00..70369020b6213 100644 --- a/content/en/security/application_security/api-inventory/_index.md +++ b/content/en/security/application_security/api-inventory/_index.md @@ -30,7 +30,7 @@ Using the API Security Inventory you can: ## Configuration -To use API Security on your services, **you must have ASM Threats Protection enabled**. The following library versions are compatible with API Security Inventory. [Remote Configuration][1] is required. +To use API Security on your services, **you must have AAP Threats Protection enabled**. The following library versions are compatible with API Security Inventory. [Remote Configuration][1] is required. |Technology|Minimum tracer version| Support for sensitive data scanning | |----------|----------|----------| @@ -47,7 +47,7 @@ To use API Security on your services, **you must have ASM Threats Protection ena ## How it works -API Inventory leverages the Datadog tracing library with ASM enabled to gather security metadata about API traffic, including the API schema, types of sensitive data processed, and the authentication scheme. API information is evaluated per endpoint, every 30 seconds, which should ensure minimal performance impact. +API Inventory leverages the Datadog tracing library with AAP enabled to gather security metadata about API traffic, including the API schema, types of sensitive data processed, and the authentication scheme. API information is evaluated per endpoint, every 30 seconds, which should ensure minimal performance impact. API Inventory Security uses [Remote Configuration][4] to manage and configure scanning rules that detect sensitive data and authentication. @@ -59,7 +59,7 @@ See the number of [attacks][2] your API experienced within the last week. ### Processing sensitive data -[ASM][2] matches known patterns for sensitive data in API requests. If it finds a match, the endpoint is tagged with the type of sensitive data processed. +[AAP][2] matches known patterns for sensitive data in API requests. If it finds a match, the endpoint is tagged with the type of sensitive data processed. The matching occurs within your application, and none of the sensitive data is sent to Datadog. diff --git a/content/en/security/application_security/guide/_index.md b/content/en/security/application_security/guide/_index.md index 797fde0fafce7..14630099354cc 100644 --- a/content/en/security/application_security/guide/_index.md +++ b/content/en/security/application_security/guide/_index.md @@ -1,14 +1,14 @@ --- -title: Application Security Management Guides +title: App and API Protection Guides private: true disable_toc: true --- {{< whatsnext desc="Getting Started" >}} - {{< nextlink href="/getting_started/application_security/" >}}First steps with Application Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/application_security/" >}}First steps with App and API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Advanced Topics" >}} {{< nextlink href="/security/application_security/guide/standalone_application_security/" >}}Standalone Application Security{{< /nextlink >}} - {{< nextlink href="/security/application_security/guide/manage_account_theft_appsec/" >}}Managing account theft with ASM{{< /nextlink >}} + {{< nextlink href="/security/application_security/guide/manage_account_theft_appsec/" >}}Managing account theft with AAP{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md index d51550b47138e..e6f4f8746509e 100644 --- a/content/en/security/application_security/guide/manage_account_theft_appsec.md +++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md @@ -1,20 +1,20 @@ --- -title: Managing Account Theft with ASM +title: Managing Account Theft with AAP disable_toc: false --- Users are trusted entities in your systems with access to sensitive information and the ability to perform sensitive actions. Malicious actors have identified users as an opportunity to target websites and steal valuable data and resources. -Datadog Application Security Management (ASM) provides [built-in][1] detection and protection capabilities to help you manage this threat. +Datadog App and API Protection (AAP) provides [built-in][1] detection and protection capabilities to help you manage this threat. -This guide describes how to use ASM to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: +This guide describes how to use AAP to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: 1. [Collecting login information](#phase-1-collecting-login-information): - - Enable and verify login activity collection in Datadog ASM using automatic or manual instrumentation methods. + - Enable and verify login activity collection in Datadog AAP using automatic or manual instrumentation methods. - Use remote configuration options if you cannot modify your service code. - Troubleshoot missing or incorrect data. 2. [Preparing for account takeover campaigns](#phase-2-preparing-for-ato-campaigns): - - Prepare for ATO campaigns detected by ASM. + - Prepare for ATO campaigns detected by AAP. - Configure notifications for attack alerts. - Validate proper data propagation for accurate attacker identification. - Set up automatic IP blocking for immediate mitigation. @@ -24,58 +24,58 @@ This guide describes how to use ASM to prepare for and respond to account takeov ## Phase 1: Collecting login information -To detect malicious patterns, ASM requires visibility into your users' login activity. This phase describes how to enable and validate this visibility. +To detect malicious patterns, AAP requires visibility into your users' login activity. This phase describes how to enable and validate this visibility. -### Step 1.1: Ensure ASM is enabled on your identity service +### Step 1.1: Ensure AAP is enabled on your identity service -This step describes how to set up your service to use ASM. +This step describes how to set up your service to use AAP. -
If your service is already using ASM, you can go to Step 1.3: Validating whether login information is automatically collected.
+
If your service is already using AAP, you can go to Step 1.3: Validating whether login information is automatically collected.
1. Go to [**Software Catalog**][2], click the **Security** lens, and search for your login service name. -2. Click on the service to open its details. If the **Threat management** pill is green, ASM is enabled and you may move to [Step 1.3: Validating whether login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). +2. Click on the service to open its details. If the **Threat management** pill is green, AAP is enabled and you may move to [Step 1.3: Validating whether login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). - If ASM isn't enabled, the panel displays the **Discover ASM** button. + If AAP isn't enabled, the panel displays the **Discover AAP** button. - To set up ASM, move to [Step 1.2: Enabling ASM on login service](#step-12-enabling-asm-on-your-login-service). + To set up AAP, move to [Step 1.2: Enabling AAP on login service](#step-12-enabling-aap-on-your-login-service). -### Step 1.2: Enabling ASM on your login service +### Step 1.2: Enabling AAP on your login service -To enable ASM on your login service, ensure you meet the following requirements: +To enable AAP on your login service, ensure you meet the following requirements: -* Similarly to Datadog APM, ASM requires a library integration in your services and a running Datadog Agent. -* ASM generally benefits from using the newest library possible; however, minimum supported versions are documented in [Compatibility Requirements][3]. +* Similarly to Datadog APM, AAP requires a library integration in your services and a running Datadog Agent. +* AAP generally benefits from using the newest library possible; however, minimum supported versions are documented in [Compatibility Requirements][3]. * At a minimum, **Threat Detection** must be enabled. Ideally, **Automatic user activity event tracking** should be enabled as well. -To enable ASM using a new deployment, use the `APPSEC_ENABLED` environment variable/library configuration or [Remote Configuration][11]. You can use either method, but Remote Configuration can be set up using the Datadog UI. +To enable AAP using a new deployment, use the `APPSEC_ENABLED` environment variable/library configuration or [Remote Configuration][11]. You can use either method, but Remote Configuration can be set up using the Datadog UI. -**To enable ASM using Remote Configuration**, and without having to restart your services, do the following: +**To enable AAP using Remote Configuration**, and without having to restart your services, do the following: -1. Go to [ASM onboarding][5]. -2. Click **Get Started with ASM**. +1. Go to [AAP onboarding][5]. +2. Click **Get Started with AAP**. 3. In **Activate on services already monitored by Datadog**, click **Select Services.** 4. Select your service(s), and then click **Next** and proceed with the setup instructions. -When you see traces from your service in [ASM Traces][6], move to [Step 1.3: Validating login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). +When you see traces from your service in [AAP Traces][6], move to [Step 1.3: Validating login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). -For more detailed instructions on using a new deployment, see [Enabling ASM Threat Detection using Datadog Tracing Libraries][7]. +For more detailed instructions on using a new deployment, see [Enabling AAP Threat Detection using Datadog Tracing Libraries][7]. ### Step 1.3: Validating login information is automatically collected -After you have enabled ASM, you can validate that login information is collected by Datadog. +After you have enabled AAP, you can validate that login information is collected by Datadog. -**Note:** After ASM is enabled on a service, wait a few minutes for users to log into the service or log into the service yourself. +**Note:** After AAP is enabled on a service, wait a few minutes for users to log into the service or log into the service yourself. To validate login information is collected, do the following: -1. Go to [Traces][8] in ASM. +1. Go to [Traces][8] in AAP. 2. Look for traces tagged with login activity from your login service. For example, in **Search for**, you might have `@appsec.security\activity:business\logic.users.login.*`. 3. Check if all your login services are reporting login activity. You can see this in the **Service** facet. @@ -87,7 +87,7 @@ To validate login information is collected, do the following: To validate that login metadata is collected, do the following: -1. Go to [Traces][8] in ASM. +1. Go to [Traces][8] in AAP. 2. Look for traces tagged with successful and failed login activity from your login service. You can update the search query in **Search for** to filter `business_logic.users.login.success` or `business_logic.users.login.failure`. 3. Open a trace. 4. On the **Security** tab, review the **Business Logic Event**. @@ -108,7 +108,7 @@ In the event of a **false** user (`usr.exists:false`), look for the following is ### Step 1.5: Manually instrumenting your services -ASM collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained. +AAP collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained.
For an alternative to modifying the service's code, go to Step 1.6: Remote instrumentation of your services.
@@ -124,7 +124,7 @@ To manually instrument your services, do the following: ### Step 1.6: Remote instrumentation of your services -ASM can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. +AAP can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. This approach requires that [Remote Configuration][11] is enabled and working. Verify Remote Configuration is running for this service in [Remote Configuration][12]. @@ -148,11 +148,11 @@ For more details, see [Tracking business logic information without modifying the ## Phase 2: Preparing for ATO campaigns -After setting up instrumentation for your services, ASM monitors for attack campaigns. You can review the traffic in the [Attacks overview][14] **Business logic** section. +After setting up instrumentation for your services, AAP monitors for attack campaigns. You can review the traffic in the [Attacks overview][14] **Business logic** section. -ASM detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. +AAP detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. The severity of the signal is set based on the urgency of the threat: from **Low** in case of unsuccessful attacks to **Critical** in case of successful account compromises. @@ -176,7 +176,7 @@ The actions covered in the next sections help you to identify and leverage detec In microservice environments, services are generally reached by internal hosts running other services. This internal environment makes it challenging to identify the unique traits of the original attacker's request, such as IP, user agent, fingerprint, etc. -[ASM Traces][20] can help you validate that the login event is properly tagged with the source IPs, user agent, etc. To validate, review login traces in [Traces][21] and check for the following: +[AAP Traces][20] can help you validate that the login event is properly tagged with the source IPs, user agent, etc. To validate, review login traces in [Traces][21] and check for the following: * Source IPs (`@http.client_ip`) are varied and public IPs. * **Problem:** If login attempts are coming from a few IPs only, this might be a proxy that you can't block without risking availability. @@ -192,19 +192,19 @@ In microservice environments, services are generally reached by internal hosts r
Before you begin: Verify that the IP addresses are properly configured, as described in Step 2.2: Validate proper data propagation.
-ASM automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. +AAP automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. You can configure automatic blocking to block IPs identified as part of an attack. This is only a partial remediation because attackers can change IPs; however, it can give you more time to implement comprehensive remediation. To configure automatic blocking, do the following: -1. Go to **ASM** > **Protection** > [Detection Rules][23]. +1. Go to **AAP** > **Protection** > [Detection Rules][23]. 2. In **Search**, enter `tag:"category:account_takeover"`. 3. Open the rules where you want to turn on blocking. Datadog recommends turning IP blocking on for **High** or **Critical** severity. 4. In the rule, in **Define Conditions**, in **Security Responses**, enable **IP automated blocking**. You may also enable **User automated blocking**. You can control the blocking behavior per condition. Each rule can have multiple conditions based on your confidence and the attack success. -**Datadog does not recommend permanent blocking of IP addresses**. Attackers are unlikely to reuse IPs and permanent blocking could result in blocking users. Moreover, ASM has a limit of how many IPs it can block (`~10000`), and this could fill this list with unnecessary IPs. +**Datadog does not recommend permanent blocking of IP addresses**. Attackers are unlikely to reuse IPs and permanent blocking could result in blocking users. Moreover, AAP has a limit of how many IPs it can block (`~10000`), and this could fill this list with unnecessary IPs. @@ -279,7 +279,7 @@ Datadog tries to identify common attributes between the login failures in your s If accurate, the activity of the cluster should closely match the increase in login failures while also being low/nonexistent before. If no cluster is available, click **Investigate in full screen** and review the targeted users/IPs for outliers. -If the list is truncated, click **View in ASM Protection Trace Explorer** and run the investigation with the Traces explorer. For additional tools, see [Step 3.3: Investigation](#step-33-investigation). +If the list is truncated, click **View in AAP Protection Trace Explorer** and run the investigation with the Traces explorer. For additional tools, see [Step 3.3: Investigation](#step-33-investigation). {{% /tab %}} {{< /tabs >}} @@ -344,7 +344,7 @@ Those are two important indicators: Click an indicator to see further information about the cluster traffic. -In **Cluster Activity**, there is a visualization of the volume of the overall APM traffic matching this cluster. While comparing it to the ASM data, beware the scale, since APM data may be sampled while ASM's isn't. +In **Cluster Activity**, there is a visualization of the volume of the overall APM traffic matching this cluster. While comparing it to the AAP data, beware the scale, since APM data may be sampled while AAP's isn't. In the following example, a lot of traffic comes from before the attack. This means a legitimate activity matches this cluster in normal traffic and it would get blocked if you were to take action. You don't need to escalate or click **Block All Attacking IPs** in the signal. @@ -356,7 +356,7 @@ After confirming that the traits match the attackers, you can push an In-App WAF To create the rule, do the following: -1. Go to **ASM** > **In-App WAF** > [Custom Rules](https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules). +1. Go to **AAP** > **In-App WAF** > [Custom Rules](https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules). 2. Click **Create New Rule** and complete the configuration. 3. Select your login service (or a service where you want to block the requests). You can target blocking to the login route also. 4. Configure the conditions of the rule. In this example, the user agent is used. If you want to block a specific user agent, you can paste it with the operator `matches value in list`. If you want more flexibility, you can also use a regex. @@ -434,7 +434,7 @@ In the diffuse attacks case, attacker attributes are available in the signal. 1. After opening the signal in the side panel, click **Investigate in full screen**. -2. In **Attacker Attributes**, select the cluster and click on **Filter this signal by selection**, then, in **Traces**, click **View in ASM Protection Trace Explorer**. +2. In **Attacker Attributes**, select the cluster and click on **Filter this signal by selection**, then, in **Traces**, click **View in AAP Protection Trace Explorer**. This gets you to the trace explorer with filters set to the flagged attributes. You can start the investigation with the current query, but you should expand it to also match login successes on top of the failures. You can do that by replacing `@appsec.security_activity:business_logic.users.login.failure` with `@appsec.security_activity:business_logic.users.login.*`. Review the exhaustiveness and accuracy of the filter using [the technique described above](#isolate-attacker-activity). @@ -518,13 +518,13 @@ If the signal wasn't accurate, you can extract the list or users or IPs and add #### In-App WAF rules -If the Denylist isn't sufficient, you can create a WAF rule. A WAF rule evaluates slower than the Denylist, but it is more flexible. To create the rule, go to **ASM** > **Protection** > **In-App WAF** > [Custom Rules][28]. +If the Denylist isn't sufficient, you can create a WAF rule. A WAF rule evaluates slower than the Denylist, but it is more flexible. To create the rule, go to **AAP** > **Protection** > **In-App WAF** > [Custom Rules][28]. To create a new rule, do the following: -1. Go to **ASM** > **Protection** > **In-App WAF** > [Custom Rules][28]. +1. Go to **AAP** > **Protection** > **In-App WAF** > [Custom Rules][28]. 2. Click **Create New Rule**. 3. Follow the steps in **Define your custom rule**. 4. In **Select the services you want this rule to apply to**, select your login service, or whichever services where you want to block requests. You can also target the blocking to the login route. @@ -639,7 +639,7 @@ Account theft is a common threat but also much more complex than traditional inj In this guide, you did the following: - Learned what account takeover campaigns can look like, how to triage them, and how to counter them. -- Instrumented your login services to provide Datadog ASM with all the context it needs. +- Instrumented your login services to provide Datadog AAP with all the context it needs. - Configured your login services to provide every capability at the time of the attack. This is general guidance. Depending on your applications and environments, there might be a need for additional response strategies. diff --git a/content/en/security/application_security/guide/standalone_application_security.md b/content/en/security/application_security/guide/standalone_application_security.md index 6ef15b14cc184..e214d3ec0fb8b 100644 --- a/content/en/security/application_security/guide/standalone_application_security.md +++ b/content/en/security/application_security/guide/standalone_application_security.md @@ -3,7 +3,7 @@ title: Set Up Application Security Products without using APM disable_toc: false --- -Datadog ASM [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone Application Security. This guide explains how to set up Standalone Application Security. +Datadog AAP [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone Application Security. This guide explains how to set up Standalone Application Security. ## Prerequisites @@ -31,9 +31,9 @@ Standalone Application Security is currently supported for the following tracing Set up the Datadog Agent using the standard method for APM or Application Security setup, but set up the Tracing Library by adding the `DD_APM_TRACING_ENABLED=false` environment variable to the service that runs the Tracing Library. -This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by Application Security products. The environment variable can then be combined with environment variables to enable ASM Threat Management or Code Security. +This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by Application Security products. The environment variable can then be combined with environment variables to enable AAP Threat Management or Code Security. -For ASM Threat Management, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable. +For AAP Threat Management, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable. For Code Security, add the `DD_APM_TRACING_ENABLED=false DD_IAST_ENABLED=true` environment variable. diff --git a/content/en/security/application_security/how-appsec-works.md b/content/en/security/application_security/how-appsec-works.md index fa548f15c8b42..ed52c1dcdd868 100644 --- a/content/en/security/application_security/how-appsec-works.md +++ b/content/en/security/application_security/how-appsec-works.md @@ -4,14 +4,10 @@ aliases: - /security_platform/guide/how-appsec-works/ - /security_platform/application_security/how-appsec-works/ - /security/guide/how-appsec-works/ -further_reading: -- link: "https://www.datadoghq.com/blog/datadog-application-security/" - tag: "Blog" - text: "Introducing Datadog Application Security" --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview @@ -124,10 +120,6 @@ Datadog Application Security provides visibility into threats targeting your API Datadog Application Security identifies Log4j Log4Shell attack payloads and provides visibility into vulnerable apps that attempt to remotely load malicious code. When used in tandem with the rest of [Datadog's Cloud SIEM][16], you can investigate to identify common post-exploitation activity, and proactively remediate potentially vulnerable Java web services acting as an attack vector. -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - [1]: /security/application_security/threats/ [2]: /tracing/software_catalog/#security-view [3]: /tracing/services/service_page/#security diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index c22ccd1e541bb..4f92946f65409 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Serverless +title: Enabling AAP for Serverless aliases: - /security/application_security/getting_started/serverless - /security/application_security/enabling/serverless @@ -9,10 +9,10 @@ further_reading: text: "How Application Security Works" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/threats/" tag: "Documentation" text: "Application Threat Management" @@ -23,27 +23,27 @@ further_reading: {{< partial name="security-platform/appsec-serverless.html" >}}
-See [compatibility requirements][4] for information about what ASM features are available for serverless functions. +See [compatibility requirements][4] for information about what AAP features are available for serverless functions. ## AWS Lambda -Configuring ASM for AWS Lambda involves: +Configuring AAP for AWS Lambda involves: -1. Identifying functions that are vulnerable or are under attack, which would most benefit from ASM. Find them on [the Security tab of your Software Catalog][1]. -2. Setting up ASM instrumentation by using the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][6], or manually by using the Datadog tracing layers. +1. Identifying functions that are vulnerable or are under attack, which would most benefit from AAP. Find them on [the Security tab of your Software Catalog][1]. +2. Setting up AAP instrumentation by using the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][6], or manually by using the Datadog tracing layers. 3. Triggering security signals in your application and seeing how Datadog displays the resulting information. ### Prerequisites - [Serverless APM Tracing][apm-lambda-tracing-setup] is setup on the Lambda function to send traces directly to Datadog. - X-Ray tracing, by itself, is not sufficient for ASM and requires APM Tracing to be enabled. + X-Ray tracing, by itself, is not sufficient for AAP and requires APM Tracing to be enabled. ### Get started {{< tabs >}} {{% tab "Serverless Framework" %}} -The [Datadog Serverless Framework plugin][1] can be used to automatically configure and deploy your lambda with ASM. +The [Datadog Serverless Framework plugin][1] can be used to automatically configure and deploy your lambda with AAP. To install and configure the Datadog Serverless Framework plugin: @@ -52,7 +52,7 @@ To install and configure the Datadog Serverless Framework plugin: serverless plugin install --name serverless-plugin-datadog ``` -2. Enable ASM by updating your `serverless.yml` with the `enableASM` configuration parameter: +2. Enable AAP by updating your `serverless.yml` with the `enableAAP` configuration parameter: ```yaml custom: datadog: @@ -69,7 +69,7 @@ To install and configure the Datadog Serverless Framework plugin: ``` See also the complete list of [plugin parameters][4] to further configure your lambda settings. -4. Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [1]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin [2]: https://docs.datadoghq.com/serverless/libraries_integrations/extension @@ -320,7 +320,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions [1]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html {{< /site-region >}} -3. Enable ASM by adding the following environment variables on your function deployment: +3. Enable AAP by adding the following environment variables on your function deployment: ```yaml environment: AWS_LAMBDA_EXEC_WRAPPER: /opt/datadog_wrapper @@ -333,7 +333,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions - **Python**: Set your function's handler to `datadog_lambda.handler.handler`. - Also, set the environment variable `DD_LAMBDA_HANDLER` to your original handler, for example, `myfunc.handler`. -5. Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +5. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc @@ -342,7 +342,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions ## Google Cloud Run -
ASM support for Google Cloud Run is in Preview.
+
AAP support for Google Cloud Run is in Preview.
### How `serverless-init` works @@ -944,7 +944,7 @@ As long as your command to run is passed as an argument to `datadog-init`, you w ### Setup #### Set application settings -To enable ASM on your application, begin by adding the following key-value pairs under **Application Settings** in your Azure configuration settings. +To enable AAP on your application, begin by adding the following key-value pairs under **Application Settings** in your Azure configuration settings. {{< img src="serverless/azure_app_service/application-settings.jpg" alt="Azure App Service Configuration: the Application Settings, under the Configuration section of Settings in the Azure UI. Three settings are listed: DD_API_KEY, DD_SERVICE, and DD_START_APP." style="width:80%;" >}} @@ -1002,7 +1002,7 @@ Download the [`datadog_wrapper`][8] file from the releases and upload it to your ## Testing threat detection -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: +To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: ```sh curl -A 'dd-test-scanner-log' https://your-function-url/existing-route ``` diff --git a/content/en/security/application_security/threats/_index.md b/content/en/security/application_security/threats/_index.md index bd583c3e74349..57744d58c1451 100644 --- a/content/en/security/application_security/threats/_index.md +++ b/content/en/security/application_security/threats/_index.md @@ -6,38 +6,38 @@ further_reading: text: "Tracking User Activity" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" - text: "Configuring your ASM setup" + text: "Configuring your AAP setup" - link: "/security/code_security/software_composition_analysis/" tag: "Documentation" text: "Software Composition Analysis" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How ASM Works" + text: "How AAP Works" --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} -Datadog's Application Security Management (ASM) Threat Management protects web applications and APIs from a wide range of security threats, including: +Datadog's App and API Protection (AAP) Threat Management protects web applications and APIs from a wide range of security threats, including: - Exploit attempts - Application abuse and fraud - API abuse -Integrated into the Datadog platform, ASM Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. +Integrated into the Datadog platform, AAP Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. -ASM Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. +AAP Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. ## Use cases -Discover the ways Datadog ASM Threat Management helps common use cases: +Discover the ways Datadog AAP Threat Management helps common use cases: -| You want to... | How Datadog ASM can help | +| You want to... | How Datadog AAP can help | | ----------- | ----------- | -| **Web Application Protection:** Prevent vulnerability exploits such as SQL Injection, Server-side Request Forgery, and Local File Inclusion. | Enable [Exploit Prevention][9] on your services. ASM Threat Management blocks exploits in real-time and generates signals for further investigation.| +| **Web Application Protection:** Prevent vulnerability exploits such as SQL Injection, Server-side Request Forgery, and Local File Inclusion. | Enable [Exploit Prevention][9] on your services. AAP Threat Management blocks exploits in real-time and generates signals for further investigation.| | **Application and API abuse:** Protect applications against application and API abuse such as credential stuffing and Account Takeover attacks.| Leverage [OOTB detection rules][10] for notifications such as unusual account creations or password resets from an IP, or distributed credential stuffing campaigns. Review the benefits of [OOTB Account TakeOver Protection][11].| -| **API Security:** Learn about your organization’s APIs, understand the posture and actions needed to reduce risk using a prioritized list of API endpoints.| ASM Threat Management:
- Inventories all your API endpoints.
- Gives you visibility into your API traffic, including API abuse.
- Highlights risk across your API endpoints. For example, vulnerable or unauthenticated endpoints processing sensitive data.| +| **API Security:** Learn about your organization’s APIs, understand the posture and actions needed to reduce risk using a prioritized list of API endpoints.| AAP Threat Management:
- Inventories all your API endpoints.
- Gives you visibility into your API traffic, including API abuse.
- Highlights risk across your API endpoints. For example, vulnerable or unauthenticated endpoints processing sensitive data.| ## Security signals @@ -45,12 +45,12 @@ Security signals raised by Threat Monitoring are summarized and surfaced in view {{< img src="security/application_security/threats/threats-on-svc-cat_3.png" alt="Software Catalog with services showing threat signals" style="width:100%;" >}} -For additional information about how Threat Management works, read [How ASM Works][4]. +For additional information about how Threat Management works, read [How AAP Works][4]. ## Explore threat signals -When threat data for your services is coming into Datadog, [ASM Overview][7] shows a summary of what's happening. Here, you can enable vulnerability detection, review attacks, customize alerting and reporting, and enable ASM on your services. To investigate signals of suspicious activity, click a service's **Review** link. +When threat data for your services is coming into Datadog, [AAP Overview][7] shows a summary of what's happening. Here, you can enable vulnerability detection, review attacks, customize alerting and reporting, and enable AAP on your services. To investigate signals of suspicious activity, click a service's **Review** link. In the [Signals Explorer][2], filter by attributes and facets to find critical threats. Click into a signal to see details for it, including the user information and their IP address, what rule they triggered, attack flow, and related traces and other security signals. From this page you can also click to create a case and declare an incident. For more information see [Investigate Security Signals][8]. @@ -59,9 +59,9 @@ In the [Signals Explorer][2], filter by attributes and facets to find critical t ## Create In-App WAF rules for identifying attack patterns -You can [create In-App WAF rules][5] that define what suspicious behavior looks like in your application, augmenting the default rules that come with ASM. Then [specify custom rules][6] to generate security signals from the attack attempts triggered from these rules, raising them in the Threat Monitoring views for your investigation. +You can [create In-App WAF rules][5] that define what suspicious behavior looks like in your application, augmenting the default rules that come with AAP. Then [specify custom rules][6] to generate security signals from the attack attempts triggered from these rules, raising them in the Threat Monitoring views for your investigation. -## Slow down attacks and attackers with ASM Protect +## Slow down attacks and attackers with AAP Protect {{% asm-protect %}} diff --git a/content/en/security/application_security/threats/add-user-info.md b/content/en/security/application_security/threats/add-user-info.md index 2f06fc6ee9720..ecd68df0d1d5e 100644 --- a/content/en/security/application_security/threats/add-user-info.md +++ b/content/en/security/application_security/threats/add-user-info.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -16,7 +16,7 @@ further_reading: Instrument your services and track user activity to detect and block bad actors. -[Add authenticated user information on traces](#adding-authenticated-user-information-to-traces-and-enabling-user-blocking-capability) to identify and block bad actors targeting your authenticated attack surface. To do this, set the user ID tag on the running APM trace, providing the necessary instrumentation for ASM to block authenticated attackers. This allows ASM to associate attacks and business logic events to users. +[Add authenticated user information on traces](#adding-authenticated-user-information-to-traces-and-enabling-user-blocking-capability) to identify and block bad actors targeting your authenticated attack surface. To do this, set the user ID tag on the running APM trace, providing the necessary instrumentation for AAP to block authenticated attackers. This allows AAP to associate attacks and business logic events to users. [Track user logins and activity](#adding-business-logic-information-login-success-login-failure-any-business-logic-to-traces) to detect account takeovers and business logic abuse with out-of-the-box detection rules, and to ultimately block attackers. @@ -726,13 +726,13 @@ track_custom_event(tracer, event_name, metadata) ### Tracking business logic information without modifying the code -If your service has ASM enabled and [Remote Configuration][1] enabled, you can create a custom WAF rule to flag any request it matches with a custom business logic tag. This doesn't require any modification to your application, and can be done entirely from Datadog. +If your service has AAP enabled and [Remote Configuration][1] enabled, you can create a custom WAF rule to flag any request it matches with a custom business logic tag. This doesn't require any modification to your application, and can be done entirely from Datadog. To get started, navigate to the [Custom WAF Rule page][2] and click on "Create New Rule". -{{< img src="security/application_security/threats/custom-waf-rule-menu.png" alt="Access the Custom WAF Rule Menu from the ASM homepage by clicking on Protection, then In-App WAF and Custom Rules" style="width:100%;" >}} +{{< img src="security/application_security/threats/custom-waf-rule-menu.png" alt="Access the Custom WAF Rule Menu from the AAP homepage by clicking on Protection, then In-App WAF and Custom Rules" style="width:100%;" >}} -This will open a menu in which you may define your custom WAF rule. By selecting the "Business Logic" category, you will be able to configure an event type (for instance, `users.password_reset`). You can then select the service you want to track, and a specific endpoint. You may also use the rule condition to target a specific parameter to identify the codeflow you want to _instrument_. When the condition matches, the library tags the trace and flags it to be forwarded to ASM. If you don't need the condition, you may set a broad condition to match everything. +This will open a menu in which you may define your custom WAF rule. By selecting the "Business Logic" category, you will be able to configure an event type (for instance, `users.password_reset`). You can then select the service you want to track, and a specific endpoint. You may also use the rule condition to target a specific parameter to identify the codeflow you want to _instrument_. When the condition matches, the library tags the trace and flags it to be forwarded to AAP. If you don't need the condition, you may set a broad condition to match everything. {{< img src="security/application_security/threats/custom-waf-rule-form.png" alt="Screenshot of the form that appear when you click on the Create New Rule button" style="width:50%;" >}} @@ -744,7 +744,7 @@ Once saved, the rule is deployed to instances of the service that have Remote Co ## Automatic user activity event tracking -When ASM is enabled, Datadog Tracing Libraries attempt to detect user activity events automatically. +When AAP is enabled, Datadog Tracing Libraries attempt to detect user activity events automatically. The events that can be automatically detected are: @@ -769,7 +769,7 @@ Automatic user activity tracking offers the following modes: - `anonymization` mode (short name: `anon`): - This mode is the same as `identification`, but anonymizes the user ID by hashing (SHA256) it and cropping the resulting hash. - `disabled` mode: - - ASM libraries do *not* collect any user ID from their automated instrumentations. + - AAP libraries do *not* collect any user ID from their automated instrumentations. - User login events are not emitted.
All modes only affect automated instrumentation. The modes don't apply to manual collection. Manual collection is configured using an SDK, and those settings are not overridden by automated instrumentation.
@@ -795,7 +795,7 @@ The following modes are deprecated: ## Disabling user activity event tracking -To disable automated user activity detection through your [ASM Software Catalog][14], change the automatic tracking mode environment variable `DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE` to `disabled` on the service you want to deactivate. All modes only affect automated instrumentation and require [Remote Configuration][15] to be enabled. +To disable automated user activity detection through your [AAP Software Catalog][14], change the automatic tracking mode environment variable `DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE` to `disabled` on the service you want to deactivate. All modes only affect automated instrumentation and require [Remote Configuration][15] to be enabled. For manual configuration, you can set the environment variable `DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED` to `false` on your service and restart it. This must be set on the application hosting the Datadog Tracing Library, and not on the Datadog Agent. diff --git a/content/en/security/application_security/threats/attack-summary.md b/content/en/security/application_security/threats/attack-summary.md index 78d6cb06a2fa7..054aa1e25cf3c 100644 --- a/content/en/security/application_security/threats/attack-summary.md +++ b/content/en/security/application_security/threats/attack-summary.md @@ -4,9 +4,9 @@ aliases: - /security/application_security/threats/threat-overview --- -{{< img src="security/application_security/threats/appsec-threat-overview-page-top.png" alt="Screenshot of the ASM Attack Summary page" >}} +{{< img src="security/application_security/threats/appsec-threat-overview-page-top.png" alt="Screenshot of the AAP Attack Summary page" >}} -The ASM **Attack Summary** provides a quick view of your application and API posture. It highlights trends, service exposure, attack traffic, and the impact on business logic. You can pivot from widgets to their related traces. +The AAP **Attack Summary** provides a quick view of your application and API posture. It highlights trends, service exposure, attack traffic, and the impact on business logic. You can pivot from widgets to their related traces. Each section of **Attack Summary** focuses on a different aspect of security with supporting information. diff --git a/content/en/security/application_security/threats/attacker-explorer.md b/content/en/security/application_security/threats/attacker-explorer.md index 2d929dc0370af..423d4603cd23a 100644 --- a/content/en/security/application_security/threats/attacker-explorer.md +++ b/content/en/security/application_security/threats/attacker-explorer.md @@ -11,7 +11,7 @@ This topic describes how to use **Attacker Explorer** to investigate and block F ## Overview -Datadog Application Security Management (ASM) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. +Datadog App and API Protection (AAP) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. ### Definitions @@ -26,10 +26,10 @@ Datadog Application Security Management (ASM) identifies attackers as suspicious To understand the difference between the different explorers, review these approaches: -- **Protect:** Automated blocking using ASM Protection configuration. Customers should block attack tools as their first automated blocking action. Blocking attack tools reduces common vulnerability discovery for OWASP threats such as SQLi, command injection, and SSRF. +- **Protect:** Automated blocking using AAP Protection configuration. Customers should block attack tools as their first automated blocking action. Blocking attack tools reduces common vulnerability discovery for OWASP threats such as SQLi, command injection, and SSRF. - **Reactive:** Blocking using Signals or Attackers explorer in response to observed threats. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_nav.png" alt="Screenshot of the ASM Attacker Explorer navigation" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_nav.png" alt="Screenshot of the AAP Attacker Explorer navigation" >}} Each explorer focuses on a specific use case: @@ -46,7 +46,7 @@ Each explorer focuses on a specific use case: To start reviewing attackers, go to [Attacker Explorer][1]. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_default_view2.png" alt="ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_default_view2.png" alt="AAP Attacker Explorer" >}} There are two sections to the Attacker Explorer: @@ -58,7 +58,7 @@ There are two sections to the Attacker Explorer: Click on any row to view the history and attributes of the IP. -{{< img src="security/application_security/threats/attacker-explorer/ip_drawer.png" alt="Investigate and IP address with ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/ip_drawer.png" alt="Investigate and IP address with AAP Attacker Explorer" >}} IPs can be blocked or added to the Passlist from the IP drawer. @@ -72,7 +72,7 @@ IPs can be blocked or added to the Passlist from the IP drawer. To block an individual IP temporarily or permanently, do the following: -{{< img src="security/application_security/threats/attacker-explorer/block_ip_address.png" alt="Block an IP address with ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/block_ip_address.png" alt="Block an IP address with AAP Attacker Explorer" >}} 1. Click `Block` on the row. 2. Choose a blocking duration. @@ -90,7 +90,7 @@ To compare and block IPs in bulk, do the following: In the following example, the selected IPs are from the same location and appear to be related. The **Compare and Block** option opens the **Block selected attackers** view, showing metrics and attributes for the selected IP addresses. - {{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the ASM Attacker Explorer group blocking" >}} + {{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the AAP Attacker Explorer group blocking" >}} 4. To block attackers, click **Block**. @@ -98,7 +98,7 @@ To compare and block IPs in bulk, do the following: When you select the **Compare and Block** option, the **Block selected attackers** view opens, showing metrics and attributes for the selected IP addresses. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the ASM Attacker Explorer group blocking" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the AAP Attacker Explorer group blocking" >}}
Metrics for Similarity Overview and Activity are scoped to the last 30 days.
@@ -110,7 +110,7 @@ Contains the IPs selected from the explorer. Deselecting an IP removes it from t ### Similarity overview -Each column exists to help block with confidence and safety. The provided attributes are also used by ASM's Attacker Similarity feature. +Each column exists to help block with confidence and safety. The provided attributes are also used by AAP's Attacker Similarity feature. ASNs : Autonomous System Numbers. Attacks with large numbers of IP addresses might originate from the same ASN, especially when attacks originate from data centers and cloud IPs. @@ -141,7 +141,7 @@ The traces associated with the IP addresses over the selected time. Benign traffic is sampled APM traffic which are traces without business logic or attack traffic detections. -Attack traffic is all ASM traces, inclusive of business logic. +Attack traffic is all AAP traces, inclusive of business logic. ### Block diff --git a/content/en/security/application_security/threats/attacker_clustering.md b/content/en/security/application_security/threats/attacker_clustering.md index b95d6a86728db..d23d20650681d 100644 --- a/content/en/security/application_security/threats/attacker_clustering.md +++ b/content/en/security/application_security/threats/attacker_clustering.md @@ -22,7 +22,7 @@ further_reading: ## Overview -Attacker Clustering improves distributed attack blocking. Datadog Application Security Management (ASM) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. +Attacker Clustering improves distributed attack blocking. Datadog App and API Protection (AAP) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. Attacker clustering highlights a set of common attributes shared by a significant portion of traffic and suggests blocking based on those attributes. @@ -30,9 +30,9 @@ Blocking on attacker attributes means you keep your application or API protected ## What signals are used for attacker clusters? -The attacker clustering is computed for every [ASM security signal][4] emitted from a detection rule tagged with `category:account_takeover` or `category:fraud` +The attacker clustering is computed for every [AAP security signal][4] emitted from a detection rule tagged with `category:account_takeover` or `category:fraud` -Out of the box, attacker clustering is computed for the ASM detection rules that detect API abuse, credential stuffing, or brute force attacks. +Out of the box, attacker clustering is computed for the AAP detection rules that detect API abuse, credential stuffing, or brute force attacks. If you want the attacker clustering executed on custom detection rules, add these tags in the detection rule editor (see screenshot below). @@ -50,7 +50,7 @@ Attacker clustering is computed using the following request attributes: When the attacker attributes are identified, they are displayed on the signal side panel and **Signals** page. Attacker attributes can be a combination of the attributes listed above. -{{< img src="security/application_security/threats/attacker-attributes.png" alt="Screenshot of an ASM signals with attacker attributes identified" >}} +{{< img src="security/application_security/threats/attacker-attributes.png" alt="Screenshot of an AAP signals with attacker attributes identified" >}} ## Attacker clustering mechanism @@ -60,7 +60,7 @@ The algorithm tracks the changes in the attack traffic by identifying emerging t Traffic associated with threat intelligence is also considered in the clustering mechanism. The more an attribute is correlated with [Threat Intelligence][1], the higher the chance to create an attacker cluster around this attribute. -The attacker clustering attributes selected are then shown as regular expressions that can be used to block with ASM's [In-App WAF][3] or to filter out traffic in ASM Traces explorer for investigation. +The attacker clustering attributes selected are then shown as regular expressions that can be used to block with AAP's [In-App WAF][3] or to filter out traffic in AAP Traces explorer for investigation. ## Further reading diff --git a/content/en/security/application_security/threats/attacker_fingerprint.md b/content/en/security/application_security/threats/attacker_fingerprint.md index 7b699545cdf7b..cf8463cf8aa70 100644 --- a/content/en/security/application_security/threats/attacker_fingerprint.md +++ b/content/en/security/application_security/threats/attacker_fingerprint.md @@ -11,7 +11,7 @@ This topic describes a feature called **Datadog Attacker Fingerprint** to identi ## Overview -Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when Application Security Management (ASM) is enabled on your service. +Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when App and API Protection (AAP) is enabled on your service. Datadog Attacker fingerprints are composed of several fragments: * Endpoint Identifier @@ -59,9 +59,9 @@ The network identifier fragment provides information about the network part of t ## How to use Attacker Fingerprints -Fragments can be used as filters in the ASM Traces explorer by filtering on the desired fingerprint field. For example: `@appsec.fingerprint.header.ua_hash:e462fa45` will filter on all requests that have the same user agent hash. +Fragments can be used as filters in the AAP Traces explorer by filtering on the desired fingerprint field. For example: `@appsec.fingerprint.header.ua_hash:e462fa45` will filter on all requests that have the same user agent hash. -{{< img src="security/application_security/threats/attacker-fingerprint-trace.png" alt="Screenshot of an ASM trace with attacker fingerprint in the trace side panel" >}} +{{< img src="security/application_security/threats/attacker-fingerprint-trace.png" alt="Screenshot of an AAP trace with attacker fingerprint in the trace side panel" >}} Attacker fingerprints are used in the [Attacker Clustering][1] feature. If a significant portion of your traffic presents the same fingerprint attributes, attacker clustering will show it has a common attack attribute. diff --git a/content/en/security/application_security/threats/custom_rules.md b/content/en/security/application_security/threats/custom_rules.md index cd4848d0f2b8f..55d3bf197dff3 100644 --- a/content/en/security/application_security/threats/custom_rules.md +++ b/content/en/security/application_security/threats/custom_rules.md @@ -6,34 +6,34 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/event_rules/" tag: "Documentation" text: "Creating event rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App and API Protection issues" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" - link: "/tracing/trace_explorer/query_syntax/" tag: "Documentation" - text: "Syntax for defining the ASM query" + text: "Syntax for defining the AAP query" --- ## Overview -Application Security Management (ASM) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. +App and API Protection (AAP) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. However, there are situations where you may want to customize a rule based on your environment or workload. For example, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. -Another example is customizing a rule to exclude an internal security scanner. ASM detects its activity as expected. However, you may not want to be notified of its regularly occurring scan. +Another example is customizing a rule to exclude an internal security scanner. AAP detects its activity as expected. However, you may not want to be notified of its regularly occurring scan. -In these situations, a custom detection rule can be created to exclude such events. This guide shows you how to create a custom detection rule for ASM. +In these situations, a custom detection rule can be created to exclude such events. This guide shows you how to create a custom detection rule for AAP. ## Business logic abuse detection rule -ASM offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. +AAP offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. Recent Datadog Tracing Libraries attempt to detect and send user login and signup events automatically without needing to modify the code. If needed, you can [opt out of the automatic user activity event tracking][8]. @@ -45,13 +45,13 @@ See the section below to see how to configure your rules. To customize an OOTB detection rule, you must first clone an existing rule. Navigate to your [Detection Rules][2] and select a rule. Scroll to the bottom of the rule and click the Clone Rule button. This now enables you to edit the existing rule. -### Define an ASM query +### Define an AAP query -Construct an ASM query using the [same query syntax as in the ASM Trace Explorer][3]. For example, create a query to monitor login successes from outside of the United States: `@appsec.security_activity:business_logic.users.login.success -@actor.ip_details.country.iso_code:US`. +Construct an AAP query using the [same query syntax as in the AAP Trace Explorer][3]. For example, create a query to monitor login successes from outside of the United States: `@appsec.security_activity:business_logic.users.login.success -@actor.ip_details.country.iso_code:US`. Optionally, define a unique count and signal grouping. Count the number of unique values observed for an attribute in a given timeframe. The defined group-by generates a signal for each group-by value. Typically, the group-by is an entity (like user, IP, or service). The group-by is also used to [join the queries together](#joining-queries). -Use the preview section to see which ASM traces match the search query. You can also add additional queries with the Add Query button. +Use the preview section to see which AAP traces match the search query. You can also add additional queries with the Add Query button. ##### Joining queries diff --git a/content/en/security/application_security/threats/exploit-prevention.md b/content/en/security/application_security/threats/exploit-prevention.md index 46eefc69c6338..7bec2b7a061ca 100644 --- a/content/en/security/application_security/threats/exploit-prevention.md +++ b/content/en/security/application_security/threats/exploit-prevention.md @@ -4,7 +4,7 @@ disable_toc: false further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -19,43 +19,43 @@ further_reading: ## Overview -Use ASM **Exploit Prevention** to protect your critical applications and APIs against zero-day vulnerabilities without tuning or reconfiguration. +Use AAP **Exploit Prevention** to protect your critical applications and APIs against zero-day vulnerabilities without tuning or reconfiguration. -With ASM's context-aware capabilities, you can gain a deep understanding of application logic, data flow, and state. +With AAP's context-aware capabilities, you can gain a deep understanding of application logic, data flow, and state. Combine telemetry from the Datadog tracer with predefined heuristics to detect and block exploits with higher accuracy, ensuring legitimate traffic remains unaffected. ## How exploit prevention works -1. With the Datadog ASM tracing library instrumented in your applications, details are captured about every interaction within the application, including requests, code execution, and data flows. -2. When an attack payload reaches the application, ASM evaluates if the payload triggers code paths tied to known vulnerabilities. +1. With the Datadog AAP tracing library instrumented in your applications, details are captured about every interaction within the application, including requests, code execution, and data flows. +2. When an attack payload reaches the application, AAP evaluates if the payload triggers code paths tied to known vulnerabilities. 3. If a potential exploit is detected: - 1. ASM blocks the request in real-time before it causes damage. - 2. ASM raises security signals for further investigation. + 1. AAP blocks the request in real-time before it causes damage. + 2. AAP raises security signals for further investigation. 4. Exploit prevention detections are accompanied by stack traces that provide full visibility of the code location of the vulnerability, providing a clear path to remediation. ### Example 1: Server-side request forgery An attacker tricks the server into making unauthorized requests to internal systems or external servers, potentially leaking information or a further exploitation. -ASM Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. +AAP Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. ### Example 2: Local file inclusion An attacker exploits a vulnerable parameter to include local files from the server, potentially exposing sensitive data like configuration files or possibly enabling remote code execution. -ASM Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. +AAP Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. ### Example 3: SQL injection An attacker injects malicious SQL code into a query, potentially gaining unauthorized access to the database, manipulating data, or executing administrative operations. -ASM Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. +AAP Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. ## Prerequisites - Ensure that your applications are instrumented with the Datadog tracer. -- ASM Threat Management must be enabled. See [Threat Management Setup][1]. +- AAP Threat Management must be enabled. See [Threat Management Setup][1]. - Ensure Remote Configuration is enabled to push rule updates and In-App WAF policies. See [Enabling Remote Configuration][2]. ### Library Compatibility @@ -88,13 +88,13 @@ ASM Exploit Prevention intercepts all SQL queries to determine if a user paramet 3. If you have applied a custom policy for your services, you can skip Steps 2.a and 2.b for cloning a policy and directly set the Exploit Prevention rules in **blocking** mode (Steps 2.c and 2.d). -## Reviewing exploit attempts in ASM +## Reviewing exploit attempts in AAP -After you have enabled Exploit Prevention, if ASM detects an exploit attempt, it proceeds to block that request. Exploit Prevention detections are always accompanied by stack traces, which provide full visibility of where the vulnerability lies in your code, ensuring a clear path to remediation. +After you have enabled Exploit Prevention, if AAP detects an exploit attempt, it proceeds to block that request. Exploit Prevention detections are always accompanied by stack traces, which provide full visibility of where the vulnerability lies in your code, ensuring a clear path to remediation. {{< img src="security/application_security/threats/exploit-prevention-detection.png" alt="Exploit Prevention detection" width="100%" >}} -In addition, ASM also generates a signal correlating all the blocked traces and isolating the attacker IP addresses that are targeting your service(s). You can take action by blocking all attacking IPs. +In addition, AAP also generates a signal correlating all the blocked traces and isolating the attacker IP addresses that are targeting your service(s). You can take action by blocking all attacking IPs. {{< img src="security/application_security/threats/signal-correlating-blocked-traces.png" alt="Your image description" width="100%" >}} diff --git a/content/en/security/application_security/threats/inapp_waf_rules.md b/content/en/security/application_security/threats/inapp_waf_rules.md index c7e2613748967..2ee792b8d2eed 100644 --- a/content/en/security/application_security/threats/inapp_waf_rules.md +++ b/content/en/security/application_security/threats/inapp_waf_rules.md @@ -7,24 +7,24 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/custom_rules/" tag: "Documentation" text: "Writing custom detection rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App and API Protection issues" --- ## Overview -With Application Security Management (ASM) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. +With App and API Protection (AAP) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. -An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box ASM In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. +An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box AAP In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. You can add to the In-App WAF rules without upgrading the tracing library. -## Structure of an ASM In-App WAF rule +## Structure of an AAP In-App WAF rule An In-App WAF rule is a JSON object composed of a category, a name, tags, and conditions. When a security trace is detected, tags from the rules are propagated onto the security trace, and can be used to build [detection rules][1]. @@ -59,7 +59,7 @@ Custom In-App WAF rules enable users to log or block specific types of requests **Note:** Default rules in In-App WAF are read-only. To refine your In-App WAF behavior, modify the In-App WAF rules. Default rules cannot be modified, however, you can create a custom rule based on one of the default rules, and modify the match conditions to your needs. Be sure to disable the default rule so that you don't have two similar rules evaluating the same requests. -## Configure an ASM In-App WAF rule +## Configure an AAP In-App WAF rule Blocking on a service is defined through the policy rules. Three Datadog default policies are included in the In-App WAF: *Datadog Recommended*, *Datadog Monitoring-only*, which monitors attacks only, and *Datadog Block Attack tools*, which blocks attack tools and monitors all other attacks. @@ -70,7 +70,7 @@ Services using a policy are visible directly in the policy management page. {{< img src="security/application_security/threats/waf/in-app-waf.png" alt="In-App WAF configuration page, showing two default policies." style="width:100%;" >}} 2. Click on the three dots to the right of one of the policies, and select **Download Configuration of this Policy** to download the configuration file to your local machine. -3. Optionally, select **Apply this Policy to Services** to apply a default policy to one or more of your protection enabled ASM services. +3. Optionally, select **Apply this Policy to Services** to apply a default policy to one or more of your protection enabled AAP services. **Note:** A policy can be applied to one or more services, but a service can only contain one _policy_. @@ -108,7 +108,7 @@ Services using a policy are visible directly in the policy management page. 4. Using a utility such as SCP or FTP, copy the `appsec-rules.json` file to your application server, for example, `/home/asm/appsec-rules.json`. -5. Following the instructions in [Enabling ASM][3] for adding application variables in your environment, add the `DD_APPSEC_RULES` environment variable to your service with the full path to the file: +5. Following the instructions in [Enabling AAP][3] for adding application variables in your environment, add the `DD_APPSEC_RULES` environment variable to your service with the full path to the file: ``` DD_APPSEC_RULES=/home/asm/appsec-rules.json ``` @@ -117,7 +117,7 @@ Services using a policy are visible directly in the policy management page. ## What to do next -Next, [configure detection rules to create security signals][1] based on those security traces defined by the In-App WAF rules you created. You can modify the provided out-of-the-box ASM detection rules or create new ones. +Next, [configure detection rules to create security signals][1] based on those security traces defined by the In-App WAF rules you created. You can modify the provided out-of-the-box AAP detection rules or create new ones. ## Further Reading diff --git a/content/en/security/application_security/threats/library_configuration.md b/content/en/security/application_security/threats/library_configuration.md index c5901cda19814..0f553f257055b 100644 --- a/content/en/security/application_security/threats/library_configuration.md +++ b/content/en/security/application_security/threats/library_configuration.md @@ -7,44 +7,44 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog Application Security Management" + text: "Protect against Threats with Datadog App and API Protection" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "Out-of-the-Box Application Security Management Rules" + text: "Out-of-the-Box App and API Protection Rules" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Adding user information to traces" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting ASM" + text: "Troubleshooting AAP" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- ## Configuring a client IP header -ASM automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. +AAP automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. ## Track authenticated bad actors Many critical attacks are performed by authenticated users who can access your most sensitive endpoints. To identify bad actors that are generating suspicious security activity, add user information to traces by instrumenting your services with the standardized user tags. You can add custom tags to your root span, or use instrumentation functions. -The Datadog Tracing Library attempts to detect user login and signup events when compatible authentication frameworks are in use, and ASM is enabled. +The Datadog Tracing Library attempts to detect user login and signup events when compatible authentication frameworks are in use, and AAP is enabled. Read [Tracking User Activity][1] for more information on how to manually track user activity, or [see how to opt out][7] of the automatic tracking. ## Exclude specific parameters from triggering detections -There may be a time when an ASM signal, or a security trace, is a false positive. For example, ASM repeatedly detects +There may be a time when an AAP signal, or a security trace, is a false positive. For example, AAP repeatedly detects the same security trace and a signal is generated, but the signal has been reviewed and is not a threat. You can add an entry to the passlist, which ignore events from a rule, to eliminate noisy signal patterns and focus on legitimately security traces. To add a passlist entry, do one of the following: -- Click on a signal in [ASM Signals][4] and click the **Add Entry** link next to the **Add to passlist** suggested action. This method automatically adds an entry for the targeted service. +- Click on a signal in [AAP Signals][4] and click the **Add Entry** link next to the **Add to passlist** suggested action. This method automatically adds an entry for the targeted service. - Navigate to [Passlist Configuration][5] and manually configure a new passlist entry based on your own criteria. **Note**: Requests (traces) that match a passlist entry are not billed. @@ -53,9 +53,9 @@ To add a passlist entry, do one of the following: The data that you collect with Datadog can contain sensitive information that you want to filter out, obfuscate, scrub, filter, modify, or just not collect. Additionally, the data may contain synthetic traffic that might cause your threat detection be inaccurate, or cause Datadog to not accurately indicate the security of your services. -By default, ASM collects information from security traces to help you understand why the request was flagged as suspicious. Before sending the data, ASM scans it for patterns and keywords that indicate that the data is sensitive. If the data is deemed sensitive, it is replaced with a `` flag. This enables you to observe that although the request was suspicious, the request data was not collected because of data security concerns. User-related data, such user IDs of authenticated requests, are not part of the data being redacted. +By default, AAP collects information from security traces to help you understand why the request was flagged as suspicious. Before sending the data, AAP scans it for patterns and keywords that indicate that the data is sensitive. If the data is deemed sensitive, it is replaced with a `` flag. This enables you to observe that although the request was suspicious, the request data was not collected because of data security concerns. User-related data, such user IDs of authenticated requests, are not part of the data being redacted. -To protect users’ data, **sensitive data scanning is activated by default in ASM**. You can customize the configuration by using the following environment variables. The scanning is based on the [RE2 syntax][2]. To customize scanning, set the value of these environment variables to a valid [RE2][9] pattern: +To protect users’ data, **sensitive data scanning is activated by default in AAP**. You can customize the configuration by using the following environment variables. The scanning is based on the [RE2 syntax][2]. To customize scanning, set the value of these environment variables to a valid [RE2][9] pattern: * `DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP` - Pattern for scanning for keys whose values commonly contain sensitive data. If found, the values and any child nodes associated with the key are redacted. * `DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP` - Pattern for scanning for values that could indicate sensitive data. If found, the value and all its child nodes are redacted. @@ -101,7 +101,7 @@ See [Automatic user activity event tracking modes][10] for information on automa {{% asm-protection-page-configuration %}} -{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as ASM blocks requests originating from blocked IPs" width="75%" >}} +{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as AAP blocks requests originating from blocked IPs" width="75%" >}} ## Further Reading diff --git a/content/en/security/application_security/threats/protection.md b/content/en/security/application_security/threats/protection.md index 401128536f8d0..8f1034df86529 100644 --- a/content/en/security/application_security/threats/protection.md +++ b/content/en/security/application_security/threats/protection.md @@ -4,43 +4,43 @@ is_beta: true further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management with Datadog" + text: "App and API Protection with Datadog" --- ## Overview If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][2], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -Application Security Management (ASM) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. +App and API Protection (AAP) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. ## Prerequisites To use protection capabilities with your service: - [Update your Datadog Agent][3] to at least version 7.41.1. -- [Enable ASM][1]. +- [Enable AAP][1]. - [Enable Remote Configuration][2]. -- Update your tracing library to at least the minimum version needed to turn on protection. For details, see the ASM capabilities support section of [Compatibility][12] for your service's language. +- Update your tracing library to at least the minimum version needed to turn on protection. For details, see the AAP capabilities support section of [Compatibility][12] for your service's language. - If you plan to use authenticated user blocking, [add user information to traces][4]. ## Blocking attackers (IPs and authenticated users) -You can block attackers that are flagged in ASM [Security Signals][5] temporarily or permanently. In the Signals Explorer, click into a signal to see what users and IP addresses are generating the signal, and optionally block them. +You can block attackers that are flagged in AAP [Security Signals][5] temporarily or permanently. In the Signals Explorer, click into a signal to see what users and IP addresses are generating the signal, and optionally block them. -From there, all ASM-protected services block incoming requests performed by the blocked IP or user, for the specified duration. All blocked traces are tagged with `security_response.block_ip` or `security_response.block_user` and displayed in the [Trace Explorer][6]. Services where ASM is disabled aren't protected. See [Investigate Security Signals][20] for more information. +From there, all AAP-protected services block incoming requests performed by the blocked IP or user, for the specified duration. All blocked traces are tagged with `security_response.block_ip` or `security_response.block_user` and displayed in the [Trace Explorer][6]. Services where AAP is disabled aren't protected. See [Investigate Security Signals][20] for more information. ## Respond to threats in real time by automating attacker blocking -In addition to manually blocking attackers, you can configure automation rules to have ASM automatically block attackers that are flagged in Security Signals. +In addition to manually blocking attackers, you can configure automation rules to have AAP automatically block attackers that are flagged in Security Signals. To get started, navigate to **Security > Application Security > Protection > [Detection Rules][14]**. You can create a new rule or edit an existing rule with type _Application security_. For example, you can create a rule to trigger `Critical` severity signals when Credential Stuffing attacks are detected, and automatically block the associated attackers' IP addresses for 30 minutes. **Note**: You must instrument your services to be able to block authenticated attackers. See [User Monitoring and Protection][15] for more details. -## Block attackers at the perimeter - integrate ASM with your existing WAF deployments +## Block attackers at the perimeter - integrate AAP with your existing WAF deployments -Datadog ASM enables customers to block attackers at the perimeter, directly from the Security Signal. ASM integrates with [Workflows][17] to push the attackers' IP addresses to perimeter Web Application Firewalls (AWS WAF, Cloudflare, Fastly) and ensure requests from these attackers are blocked at the edge even before they enter the customer's environment. -Create workflows from the available [blueprints][18] and run them directly from ASM's Signal side panel. +Datadog AAP enables customers to block attackers at the perimeter, directly from the Security Signal. AAP integrates with [Workflows][17] to push the attackers' IP addresses to perimeter Web Application Firewalls (AWS WAF, Cloudflare, Fastly) and ensure requests from these attackers are blocked at the edge even before they enter the customer's environment. +Create workflows from the available [blueprints][18] and run them directly from AAP's Signal side panel. ## Denylist @@ -52,15 +52,15 @@ You can use the _Passlist_ to permanently allow specific IP addresses access to ## Blocking attack attempts with In-App WAF -ASM In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. +AAP In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. -Because ASM is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. ASM can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. +Because AAP is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. AAP can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. ### How In-App WAF blocks security traces In addition to the `monitoring` and `disabled` modes offered for each of the 130+ In-App WAF rules, rules also have `blocking` mode. Each rule specifies conditions on the incoming request to define what the library considers suspicious. When a given rule pattern matches an ongoing HTTP request, the request is blocked by the library. -Managed policies define the mode in which each of the In-App WAF rules behave on match: `monitoring`, `blocking`, or `disabled`. Because it has the full context of your applications, ASM knows which rules to apply to protect your applications while limiting the number of false positives. +Managed policies define the mode in which each of the In-App WAF rules behave on match: `monitoring`, `blocking`, or `disabled`. Because it has the full context of your applications, AAP knows which rules to apply to protect your applications while limiting the number of false positives. For fine-grained control, you can clone a Datadog managed policy or create a custom policy and set the mode to meet your needs. If you set the policy to `auto-updating`, your applications are protected by the latest detections rolled out by Datadog. You also have the option to pin a policy to a specific version of the ruleset. @@ -70,13 +70,13 @@ Manage In-App WAF by navigating to Security --> Application Security --> Configu View blocked security traces in the [Trace Explorer][11] by filtering on the facet `Blocked:true`. -{{< img src="security/application_security/app_sec_blocked.png" alt="ASM Trace Explorer filtered using facet Blocked set to true." style="width:100%;" >}} +{{< img src="security/application_security/app_sec_blocked.png" alt="AAP Trace Explorer filtered using facet Blocked set to true." style="width:100%;" >}} ### Configure In-App WAF -1. [**Enable Remote Configuration**][2] so that your ASM-enabled services show up under In-App WAF. This is required to securely push In-App WAF configuration from your Datadog backend to the tracing library in your infrastructure. +1. [**Enable Remote Configuration**][2] so that your AAP-enabled services show up under In-App WAF. This is required to securely push In-App WAF configuration from your Datadog backend to the tracing library in your infrastructure. -2. **Associate your ASM/Remote Configuration-enabled services with a policy**. After Remote Configuration is enabled on a service, navigate to **Security > Application Security > Protection > [In-App WAF][9]**. The service appears under the _Datadog Monitoring-only_ policy by default. Datadog Monitoring-only is a managed policy and is read-only, meaning you cannot modify the status (monitoring, blocking, or disabled) for individual rules. +2. **Associate your AAP/Remote Configuration-enabled services with a policy**. After Remote Configuration is enabled on a service, navigate to **Security > Application Security > Protection > [In-App WAF][9]**. The service appears under the _Datadog Monitoring-only_ policy by default. Datadog Monitoring-only is a managed policy and is read-only, meaning you cannot modify the status (monitoring, blocking, or disabled) for individual rules. If you need granular control, clone one of the available policies to create a custom policy where rule statuses can be modified. Associate one or more of your services with this custom policy. @@ -88,7 +88,7 @@ View blocked security traces in the [Trace Explorer][11] by filtering on the fac {{% asm-protection-page-configuration %}} -{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as ASM blocks requests originating from blocked IPs" width="75%" >}} +{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as AAP blocks requests originating from blocked IPs" width="75%" >}} The default HTTP response status code while serving the deny page to attackers is `403 FORBIDDEN`. To customize the response, navigate to **Security > Application Security > Protection > In-App Waf > [Custom Responses][16]**. diff --git a/content/en/security/application_security/threats/security_signals.md b/content/en/security/application_security/threats/security_signals.md index 86445e7a1b662..0648523c639d3 100644 --- a/content/en/security/application_security/threats/security_signals.md +++ b/content/en/security/application_security/threats/security_signals.md @@ -3,18 +3,18 @@ title: Investigate Security Signals further_reading: - link: "/security/default_rules/?category=cat-application-security#cat-application-security" tag: "Documentation" - text: "Explore ASM threat detection OOTB rules" + text: "Explore AAP threat detection OOTB rules" - link: "/security/application_security/threats/custom_rules/" tag: "Documentation" - text: "Configure custom ASM threat detection rules" + text: "Configure custom AAP threat detection rules" - link: "/security/application_security/threats/threat-intelligence/" tag: "Documentation" - text: "ASM threat intelligence" + text: "AAP threat intelligence" --- ## Overview -ASM security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. +AAP security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. {{< img src="security/application_security/threats/security_signals/appsec-threat-signals.png" alt="Overview of investigating threats in signals explorer with details side panel">}} @@ -55,7 +55,7 @@ You can triage a signal by assigning it to a user for further investigation. The - **Under Review**: The signal is actively being investigated. From the **Under Review** state, you can move the signal to **Archived** or **Open** as needed. - **Archived**: The detection that caused the signal has been resolved. From the **Archived** state, you can move the signal back to **Open** if it's within 30 days of when the signal was originally detected. -**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for Application Security Management. +**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for App and API Protection. ## Declare an incident @@ -92,7 +92,7 @@ Use [Workflow Automation][5] to manually trigger a workflow for a security signa 2. In the signal details, view each of the sections, such as **What Happened**, **Activity Summary**, and **Detection Rule**. 3. Review the **Next Steps** and take action: - Click **Block all Attacking IPs** (by specific duration or permanently). - - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the Application Security Management **Protect Write** permission. + - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the App and API Protection **Protect Write** permission. - Click **[Block with Edge WAF][11]**. ## Bulk actions diff --git a/content/en/security/application_security/threats/setup/compatibility/_index.md b/content/en/security/application_security/threats/setup/compatibility/_index.md index b115c88a059d2..2280b6c7840aa 100644 --- a/content/en/security/application_security/threats/setup/compatibility/_index.md +++ b/content/en/security/application_security/threats/setup/compatibility/_index.md @@ -4,15 +4,15 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- -The following ASM capabilities are supported relative to each language's tracing library: +The following AAP capabilities are supported relative to each language's tracing library: -| ASM capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | +| AAP capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | |----------------------------------------|---------|----------|--------------------------------------------------|---------------|-----------------|---------------|---------------| | Threat Detection | 1.8.0 | 2.23.0 | 4.0.0 | 1.9.0 | 1.47.0 | 1.9.0 | 0.84.0 | | API Security | 1.31.0 | 2.42.0 | 4.30.0 for Node.js 16+, or 5.6.0 for Node.js 18+ | 2.6.0 | 1.59.0 | 2.4.0 | 0.98.0 | diff --git a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md index 220ad98376657..9c5f3a13e936a 100644 --- a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md @@ -1,13 +1,13 @@ --- -title: ASM GCP Service Extensions Compatibility Requirements +title: AAP GCP Service Extensions Compatibility Requirements code_lang: gcp-service-extensions type: multi-code-lang code_lang_weight: 40 --- -The following table lists the support for application security capabilities in the ASM GCP Service Extensions according to the specified version: +The following table lists the support for application security capabilities in the AAP GCP Service Extensions according to the specified version: -| Application Security capability | Minimum ASM Service Extensions image version | +| Application Security capability | Minimum AAP Service Extensions image version | |----------------------------------------|----------------------------------------------| | Threat Detection | 1.71.0 | | Threat Protection | 1.71.0 | @@ -17,11 +17,11 @@ The following table lists the support for application security capabilities in t | Automatic user activity event tracking | not supported | | API Security | not supported | -Please review ASM GCP Service Extensions integration version 1.71.0 [limitations][1]. +Please review AAP GCP Service Extensions integration version 1.71.0 [limitations][1]. -## ASM GCP Service Extensions support +## AAP GCP Service Extensions support -ASM GCP Service Extensions is in Preview. +AAP GCP Service Extensions is in Preview.
If you would like to see support added for any of the unsupported capabilities, let us know! Fill out If you would like to see support added for any of the unsupported capabilities, let us know! Fill out this short form to send details.
diff --git a/content/en/security/application_security/threats/setup/single_step/_index.md b/content/en/security/application_security/threats/setup/single_step/_index.md index 806cf47c9bc41..66e6c131ac154 100644 --- a/content/en/security/application_security/threats/setup/single_step/_index.md +++ b/content/en/security/application_security/threats/setup/single_step/_index.md @@ -1,20 +1,20 @@ --- -title: Enabling ASM threat detection and protection using single step instrumentation +title: Enabling AAP threat detection and protection using single step instrumentation external_redirect: /security/application_security/threats/threat_detection/ --- -
Enabling ASM threat detection and protection using single step instrumentation is in Preview.
+
Enabling AAP threat detection and protection using single step instrumentation is in Preview.
## Requirements - **Minimum Agent version 7.53.0** - **Minimum Helm version 3.62.0** (For Kubernetes deployments) -- **Languages and architectures**: Single step ASM instrumentation only supports tracing Java, Python, Node.js, and .NET Core services on `x86_64` and `arm64` architectures. +- **Languages and architectures**: Single step AAP instrumentation only supports tracing Java, Python, Node.js, and .NET Core services on `x86_64` and `arm64` architectures. - **Operating systems**: Linux VMs (Debian, Ubuntu, Amazon Linux, CentOS/Red Hat, Fedora), Docker, Kubernetes clusters with Linux containers. ## Enabling in one step -If you [install or update a Datadog Agent][1] with the **Enable Threat Protection (new)** option selected, the Agent is installed and configured to enable ASM. This allows you to automatically instrument your application, without any additional installation or configuration steps. Restart services for this instrumentation to take effect. +If you [install or update a Datadog Agent][1] with the **Enable Threat Protection (new)** option selected, the Agent is installed and configured to enable AAP. This allows you to automatically instrument your application, without any additional installation or configuration steps. Restart services for this instrumentation to take effect. {{< img src="/security/application_security/single_step/asm_single_step_threat_detection_2.png" alt="Account settings Ubuntu setup page highlighting the toggle for Enabling APM instrumentation and Threat Protection." style="width:100%;" >}} @@ -24,7 +24,7 @@ The following examples show how it works on each infrastructure type. {{< tabs >}} {{% tab "Linux host or VM" %}} -With one command, you can install, configure, and start the Agent, while also instrumenting your services with ASM. +With one command, you can install, configure, and start the Agent, while also instrumenting your services with AAP. For an Ubuntu host: @@ -49,7 +49,7 @@ For an Ubuntu host: 4. Restart the services on the host or VM. 5. [Explore the performance observability of your services in Datadog][5]. -**Note:** To configure single-step for both ASM Threat Protection and Code Security, add the environment variables `DD_APPSEC_ENABLED=true` _and_ `DD_IAST_ENABLED=true` to your one-line installation command. +**Note:** To configure single-step for both AAP Threat Protection and Code Security, add the environment variables `DD_APPSEC_ENABLED=true` _and_ `DD_IAST_ENABLED=true` to your one-line installation command. ### Specifying tracing library versions {#lib-linux} @@ -210,7 +210,7 @@ To enable single step instrumentation with Helm: [17]: /tracing/trace_collection/automatic_instrumentation/single-step-apm/?tab=kubernetes#removing-instrumentation-for-specific-services {{% /tab %}} {{< /tabs >}} -## Removing Single Step APM and ASM instrumentation from your Agent +## Removing Single Step APM and AAP instrumentation from your Agent If you don't want to collect trace data for a particular service, host, VM, or container, complete the follow steps: ### Removing instrumentation for specific services Run the following commands and restart the service to stop injecting the library into the service and stop producing traces from that service. @@ -221,7 +221,7 @@ Run the following commands and restart the service to stop injecting the library DD_INSTRUMENT_SERVICE_WITH_APM=false ``` 2. Restart the service. -3. To disable ASM, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. +3. To disable AAP, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. {{% /tab %}} {{% tab "Docker" %}} 1. Add the `DD_INSTRUMENT_SERVICE_WITH_APM` environment variable to the service startup command: @@ -229,7 +229,7 @@ Run the following commands and restart the service to stop injecting the library docker run -e DD_INSTRUMENT_SERVICE_WITH_APM=false ``` 2. Restart the service. -3. To disable ASM, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. +3. To disable AAP, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. {{% /tab %}} {{% tab "Kubernetes" %}} 1. Set the `admission.datadoghq.com/enabled:` label to `"false"` for the pod spec: diff --git a/content/en/security/application_security/threats/setup/standalone/_index.md b/content/en/security/application_security/threats/setup/standalone/_index.md index 655b7d0a9d43d..4477c23b1671a 100644 --- a/content/en/security/application_security/threats/setup/standalone/_index.md +++ b/content/en/security/application_security/threats/setup/standalone/_index.md @@ -17,9 +17,6 @@ further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" text: "How Application & API Protection Works in Datadog" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog ASM" --- ## Prerequisites @@ -28,7 +25,7 @@ Before setting up Application & API Protection, ensure the following prerequisit - **Datadog Agent:** [Install the Datadog Agent][2] and configure it for your application's operating system or container, cloud, or virtual environment. - **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Application & API Protection capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][1] page. -## Using ASM without APM tracing +## Using AAP without APM tracing If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled: diff --git a/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md index 09e4575edc374..ae421113aa069 100644 --- a/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md @@ -22,7 +22,7 @@ further_reading: To try the preview of Application & API Protection Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (ASM) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (AAP) Service Extensions integration has support for threat detection and blocking. ## Prerequisites diff --git a/content/en/security/application_security/threats/setup/threat_detection/_index.md b/content/en/security/application_security/threats/setup/threat_detection/_index.md index b2d9436b6c106..534ea48f6b1d1 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/_index.md +++ b/content/en/security/application_security/threats/setup/threat_detection/_index.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM Threat Detection using Datadog Tracing Libraries +title: Enabling AAP Threat Detection using Datadog Tracing Libraries type: multi-code-lang aliases: - /security/application_security/enabling/tracing_libraries/threat_detection/ @@ -7,22 +7,19 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog Application Security Management" + text: "Protect against Threats with Datadog App and API Protection" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Tracking user activity" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog ASM" + text: "How App and API Protection Works in Datadog" --- ## Prerequisites @@ -32,7 +29,7 @@ Before setting up Threat Management, ensure the following prerequisites are met: - **Datadog APM Configuration:** Datadog APM is configured for your application or service, and web traces (`type:web`) are being received by Datadog. - **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Threat Management capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][1] page. -Select your application language for details on how to enable ASM Threat Detection for your language and infrastructure types. +Select your application language for details on how to enable AAP Threat Detection for your language and infrastructure types. {{< partial name="security-platform/appsec-languages.html" >}}
diff --git a/content/en/security/application_security/threats/setup/threat_detection/dotnet.md b/content/en/security/application_security/threats/setup/threat_detection/dotnet.md index 6122960e221f5..5ad4767192c47 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/dotnet.md +++ b/content/en/security/application_security/threats/setup/threat_detection/dotnet.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for .NET +title: Enabling AAP for .NET code_lang: dotnet type: multi-code-lang code_lang_weight: 10 @@ -16,10 +16,10 @@ further_reading: text: '.NET Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for .NET apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -31,9 +31,9 @@ You can monitor application security for .NET apps running in Docker, Kubernetes 1. **Update your [Datadog .NET library][1]** to at least version 2.2.0 (at least version 2.16.0 for Software Composition Analysis detection features) for your target operating system architecture. - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][2]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][2]. -2. **Enable ASM** by setting the `DD_APPSEC_ENABLED` environment variable to `true`. For example, on Windows self-hosted, run the following PowerShell snippet as part of your application start up script: +2. **Enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`. For example, on Windows self-hosted, run the following PowerShell snippet as part of your application start up script: ``` $target=[System.EnvironmentVariableTarget]::Process [System.Environment]::SetEnvironmentVariable("DD_APPSEC_ENABLED","true",$target) @@ -143,7 +143,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/envoy.md b/content/en/security/application_security/threats/setup/threat_detection/envoy.md index b24d3c5787a59..28775ef0651d5 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/envoy.md +++ b/content/en/security/application_security/threats/setup/threat_detection/envoy.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Envoy +title: Enabling AAP for Envoy code_lang: envoy type: multi-code-lang code_lang_weight: 50 @@ -9,14 +9,14 @@ further_reading: text: "Envoy integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- -{{< callout url="#" btn_hidden="true" header="ASM for Envoy is in Preview" >}} -To try the preview of ASM for Envoy, follow the setup instructions below. +{{< callout url="#" btn_hidden="true" header="AAP for Envoy is in Preview" >}} +To try the preview of AAP for Envoy, follow the setup instructions below. {{< /callout >}} You can enable application security for the Envoy proxy. The Datadog Envoy integration has support for threat detection and blocking. @@ -29,7 +29,7 @@ You can enable application security for the Envoy proxy. The Datadog Envoy integ ## Enabling threat detection ### Get started -The ASM Envoy integration uses the Envoy external processing filter. +The AAP Envoy integration uses the Envoy external processing filter. 1. **Configure Envoy** to use the [external processing filter][3]. For example: @@ -93,10 +93,10 @@ For example: ## Datadog Go Tracer and Envoy integration
- Note: The ASM Envoy integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version. + Note: The AAP Envoy integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version.
- The Envoy integration uses the [Datadog Go Tracer][6] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][7] and [ASM Library Configuration][8]. + The Envoy integration uses the [Datadog Go Tracer][6] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][7] and [AAP Library Configuration][8]. ## Limitations diff --git a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md index 9222a73876c0e..79e2e38c1f2d0 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md @@ -1,28 +1,28 @@ --- -title: Enabling ASM for GCP Service Extensions +title: Enabling AAP for GCP Service Extensions code_lang: gcp-service-extensions type: multi-code-lang code_lang_weight: 50 further_reading: - link: 'https://github.com/DataDog/dd-trace-go/tree/main/contrib/envoyproxy/go-control-plane/cmd/serviceextensions' tag: "Source Code" - text: "ASM Service Extension's source code" + text: "AAP Service Extension's source code" - link: 'https://cloud.google.com/service-extensions/docs/overview' tag: "Documentation" text: "Google Cloud Service Extensions overview" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- -{{< callout url="#" btn_hidden="true" header="ASM Service Extensions is in Preview" >}} -To try the preview of ASM Service Extensions for GCP, follow the setup instructions below. +{{< callout url="#" btn_hidden="true" header="AAP Service Extensions is in Preview" >}} +To try the preview of AAP Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog Application Security Management (ASM) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App and API Protection (AAP) Service Extensions integration has support for threat detection and blocking. ## Prerequisites @@ -41,7 +41,7 @@ You can enable application security with GCP Service Extensions within GCP Cloud On your GCP project, multiple steps are needed to fully create a Service Extension. Google Cloud provides guides to create [a callout backend service][4] and [create a Service Extension as a traffic extension][5]. -To integrate a Service Extension with ASM, do the following: +To integrate a Service Extension with AAP, do the following: 1. **Create a new VM Compute instance** using the Datadog Service Extensions Docker image. The image is available on the [Datadog Go tracer GitHub Registry][6]. @@ -84,7 +84,7 @@ To integrate a Service Extension with ASM, do the following: 1. To send all traffic to the extension, insert `true` in the **Match condition**. 2. For **Programability type**, select `Callouts`. 3. Select the backend service you created in the previous step. - 4. Select all **Events** from the list where you want ASM to run detection.
+ 4. Select all **Events** from the list where you want AAP to run detection.

{{% appsec-getstarted-2-plusrisk %}} @@ -96,7 +96,7 @@ To integrate a Service Extension with ASM, do the following: Note: The GCP Service Extensions integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version. - The GCP Service Extensions integration uses the [Datadog Go Tracer][7] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][8] and [ASM Library Configuration][9]. + The GCP Service Extensions integration uses the [Datadog Go Tracer][7] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][8] and [AAP Library Configuration][9]. ## Limitations diff --git a/content/en/security/application_security/threats/setup/threat_detection/go.md b/content/en/security/application_security/threats/setup/threat_detection/go.md index 58f6db417a13a..bc1a328c69c56 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/go.md +++ b/content/en/security/application_security/threats/setup/threat_detection/go.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Go +title: Enabling AAP for Go code_lang: go type: multi-code-lang code_lang_weight: 20 @@ -16,10 +16,10 @@ further_reading: text: 'Go Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Go apps running in Docker, Kubernetes, and Amazon ECS. @@ -40,7 +40,7 @@ You can monitor application security for Go apps running in Docker, Kubernetes, 2. Datadog has a series of pluggable packages which provide out-of-the-box support for instrumenting a series of Go libraries and frameworks. A list of these packages can be found in the [compatibility requirements][1] page. Import these packages into your application and follow the configuration instructions listed alongside each integration. -3. **Recompile your program** with ASM enabled: +3. **Recompile your program** with AAP enabled: ```console $ go build -v -tags appsec my-program ``` @@ -49,9 +49,9 @@ You can monitor application security for Go apps running in Docker, Kubernetes, - The Go build tag `appsec` is not necessary if CGO is enabled with `CGO_ENABLED=1`. - Datadog WAF needs the following shared libraries on Linux: `libc.so.6` and `libpthread.so.0`. - When using the build tag `appsec` and CGO is disabled, the produced binary is still linked dynamically to these libraries. - - The Go build tag `datadog.no_waf` can be used to disable ASM at build time in any situation where the requirements above are a hinderance. + - The Go build tag `datadog.no_waf` can be used to disable AAP at build time in any situation where the requirements above are a hinderance. -4. **Redeploy your Go service and enable ASM** by setting the `DD_APPSEC_ENABLED` environment variable to `true`: +4. **Redeploy your Go service and enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`: ```console $ env DD_APPSEC_ENABLED=true ./my-program ``` @@ -79,7 +79,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your application's deployment configuration file for APM and add the ASM environment variable: +Update your application's deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/java.md b/content/en/security/application_security/threats/setup/threat_detection/java.md index 84e130f20ed3c..ba9b849792bb2 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/java.md +++ b/content/en/security/application_security/threats/setup/threat_detection/java.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Java +title: Enabling AAP for Java code_lang: java type: multi-code-lang code_lang_weight: 0 @@ -15,10 +15,10 @@ further_reading: text: 'Java Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- @@ -49,9 +49,9 @@ You can monitor application security for Java apps running in Docker, Kubernetes {{% /tab %}} {{< /tabs >}} - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][2]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][2]. -2. **Run your Java application with ASM enabled.** From the command line: +2. **Run your Java application with AAP enabled.** From the command line: ```shell java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar ``` @@ -82,7 +82,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/nginx.md b/content/en/security/application_security/threats/setup/threat_detection/nginx.md index 95d528fb98d08..3a7237b722b34 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nginx.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nginx.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Nginx +title: Enabling AAP for Nginx code_lang: nginx type: multi-code-lang code_lang_weight: 50 @@ -13,10 +13,10 @@ further_reading: text: "nginx integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- The Datadog nginx tracing module has experimental support for threat detection and blocking. @@ -37,7 +37,7 @@ The Datadog nginx tracing module has experimental support for threat detection a pattern "ngx_http_datadog_module-appsec-<amd64/arm64>-<nginx version>.so.tgz". Note that this artifact includes "appsec" in the name. -3. **Enable ASM in the nginx configuration**. +3. **Enable AAP in the nginx configuration**. You need to: * define one or more thread pools with the [`thread_pool`][4] directive, * explicitly enable AppSec with [`datadog_appsec_enabled`][5], and diff --git a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md index 58ce761e80057..799043bca57e9 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Node.js +title: Enabling AAP for Node.js code_lang: nodejs type: multi-code-lang code_lang_weight: 50 @@ -16,10 +16,10 @@ further_reading: text: 'Node.js Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Node.js apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -37,9 +37,9 @@ You can monitor application security for Node.js apps running in Docker, Kuberne ``` Use this [migration guide][1] to assess any breaking changes if you upgraded your library. - Application Security Management is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. + App and API Protection is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. -2. **Where you import and initialize the Node.js library for APM, also enable ASM.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: +2. **Where you import and initialize the Node.js library for APM, also enable AAP.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: {{< tabs >}} {{% tab "In JavaScript code" %}} @@ -77,7 +77,7 @@ import `dd-trace/init`; ```shell node --require dd-trace/init app.js ``` - Then use environment variables to enable ASM: + Then use environment variables to enable AAP: ```shell DD_APPSEC_ENABLED=true node app.js ``` @@ -135,7 +135,7 @@ Update your ECS task definition JSON file, by adding this in the environment sec {{% /tab %}} {{% tab "AWS Fargate" %}} -Initialize ASM in your code or set `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: +Initialize AAP in your code or set `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: ```shell DD_APPSEC_ENABLED=true node app.js ``` diff --git a/content/en/security/application_security/threats/setup/threat_detection/php.md b/content/en/security/application_security/threats/setup/threat_detection/php.md index f206a039d4f11..8dffd75efe13c 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/php.md +++ b/content/en/security/application_security/threats/setup/threat_detection/php.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for PHP +title: Enabling AAP for PHP code_lang: php type: multi-code-lang code_lang_weight: 40 @@ -16,10 +16,10 @@ further_reading: text: 'PHP Datadog Tracer Library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS. @@ -34,9 +34,9 @@ You can monitor application security for PHP apps running in host-based or conta wget https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php -O datadog-setup.php php datadog-setup.php --php-bin all --enable-appsec ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. -2. **Enable the library in your code** by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling ASM, you can optionally enable it after by setting the following environment variable: +2. **Enable the library in your code** by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling AAP, you can optionally enable it after by setting the following environment variable: {{< tabs >}} {{% tab "Docker CLI" %}} diff --git a/content/en/security/application_security/threats/setup/threat_detection/python.md b/content/en/security/application_security/threats/setup/threat_detection/python.md index d7c6f911379ce..60819553ba2f7 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/python.md +++ b/content/en/security/application_security/threats/setup/threat_detection/python.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Python +title: Enabling AAP for Python code_lang: python type: multi-code-lang code_lang_weight: 50 @@ -16,10 +16,10 @@ further_reading: text: 'Python Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor the security of your Python apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -34,9 +34,9 @@ You can monitor the security of your Python apps running in Docker, Kubernetes, pip install --upgrade ddtrace ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. -2. **Enable ASM when starting the Python application**. +2. **Enable AAP when starting the Python application**. ```bash DD_APPSEC_ENABLED=true ddtrace-run python app.py @@ -96,7 +96,7 @@ You can monitor the security of your Python apps running in Docker, Kubernetes, {{% /tab %}} {{% tab "AWS Fargate" %}} - Initialize ASM in your code or set the `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: + Initialize AAP in your code or set the `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: ```shell DD_APPSEC_ENABLED=true ddtrace-run python app.py ``` diff --git a/content/en/security/application_security/threats/setup/threat_detection/ruby.md b/content/en/security/application_security/threats/setup/threat_detection/ruby.md index b19219b3089ac..d9470e308646a 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/ruby.md +++ b/content/en/security/application_security/threats/setup/threat_detection/ruby.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Ruby +title: Enabling AAP for Ruby code_lang: ruby type: multi-code-lang code_lang_weight: 30 @@ -16,10 +16,10 @@ further_reading: text: 'Ruby Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Ruby apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -35,13 +35,13 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes gem 'datadog', '~> 2.0' # Use 'ddtrace' if you're using v1.x ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. For more information about upgrading to v2 from a `dd-trace` 1.x version, see [the Ruby tracer upgrade guide][2]. -2. **Enable ASM** by enabling the APM tracer. The following options describe a quick setup that covers the most common cases. Read [the Ruby tracer documentation][3] for more details. +2. **Enable AAP** by enabling the APM tracer. The following options describe a quick setup that covers the most common cases. Read [the Ruby tracer documentation][3] for more details. - You can enable ASM either in your code: + You can enable AAP either in your code: {{< tabs >}} @@ -57,7 +57,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :rails - # enable ASM + # enable AAP c.appsec.enabled = true c.appsec.instrument :rails end @@ -79,7 +79,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes Datadog.configure do |c| # the APM tracer is enabled by auto-instrumentation - # enable ASM + # enable AAP c.appsec.enabled = true c.appsec.instrument :rails end @@ -99,7 +99,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :sinatra - # enable ASM for Sinatra + # enable AAP for Sinatra c.appsec.enabled = true c.appsec.instrument :sinatra end @@ -114,7 +114,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes Datadog.configure do |c| # the APM tracer is enabled by auto-instrumentation - # enable ASM for Sinatra + # enable AAP for Sinatra c.appsec.enabled = true c.appsec.instrument :sinatra end @@ -132,7 +132,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :rack - # enable ASM for Rack + # enable AAP for Rack c.appsec.enabled = true c.appsec.instrument :rack end @@ -199,7 +199,7 @@ Update your ECS task definition JSON file, by adding this in the environment sec {{% /tab %}} {{% tab "AWS Fargate" %}} -Initialize ASM in your code or set `DD_APPSEC_ENABLED` environment variable to true in your service invocation: +Initialize AAP in your code or set `DD_APPSEC_ENABLED` environment variable to true in your service invocation: ```shell env DD_APPSEC_ENABLED=true rails server ``` diff --git a/content/en/security/application_security/threats/threat-intelligence.md b/content/en/security/application_security/threats/threat-intelligence.md index b5138fc4942a6..012bf45315850 100644 --- a/content/en/security/application_security/threats/threat-intelligence.md +++ b/content/en/security/application_security/threats/threat-intelligence.md @@ -6,16 +6,16 @@ further_reading: text: "Threat Intelligence at Datadog" - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" --- ## Overview -This topic describes [threat intelligence][1] for Application Security Management (ASM). +This topic describes [threat intelligence][1] for App and API Protection (AAP). -Datadog provides built-in threat intelligence [datasets][1] for ASM. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. +Datadog provides built-in threat intelligence [datasets][1] for AAP. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. -Additionally, ASM supports *bring your own threat intelligence*. This functionality enriches detections with business-specific threat intelligence. +Additionally, AAP supports *bring your own threat intelligence*. This functionality enriches detections with business-specific threat intelligence. ## Best practices @@ -28,7 +28,7 @@ Datadog recommends _against_ the following: 1. Blocking threat intelligence traces without corresponding security activity. IP addresses might have many hosts behind them. Detection of a residential proxy means that the associated activity has been observed by a host behind that IP. It does not guarantee that the host running the malware or proxy is the same host communicating with your services. 2. Blocking on all threat intelligence categories, as this is inclusive of benign traffic from corporate VPNs and blocks unmalicious traffic. -## Filtering on threat intelligence in ASM +## Filtering on threat intelligence in AAP Users can filter threat intelligence on the Signals and Traces explorers using facets and the search bar. @@ -42,7 +42,7 @@ To query for all traces containing threat intelligence from any source, use the ## Bring your own threat intelligence -ASM supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. +AAP supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. ### Storing indicators of compromise in reference tables @@ -76,12 +76,12 @@ ip_address,additional_data,category,intention,source Datadog supports creating reference tables through a manual upload, or by periodically retrieving the data from [Amazon S3, Azure storage, or Google Cloud storage][10]. Notes: -- It can take 10 to 30 minutes to start enriching ASM traces after creating a table. +- It can take 10 to 30 minutes to start enriching AAP traces after creating a table. - If a primary key is duplicated, it is skipped and an error message about the key is displayed. On a new [references table][4] page: -1. Name the table. The table name is referenced in ASM's **Threat Intel** config. +1. Name the table. The table name is referenced in AAP's **Threat Intel** config. 2. Upload a local CSV or import a CSV from a cloud storage bucket. The file is normalized and validated. 3. Preview the table schema and choose the IP address as the Primary Key. @@ -117,7 +117,7 @@ Other useful cloud import details to remember: ### Filter traces by joining the list with a Reference Table -You can filter ASM traces in Datadog by joining a trace table with a Reference Table. +You can filter AAP traces in Datadog by joining a trace table with a Reference Table. To join a Reference Table with a trace query, you combine rows from the Datadog trace table and a Reference Table based on a related column between them. The traces query returns only those traces where there is a match in both tables. @@ -143,13 +143,13 @@ To join a trace with a Reference Table: ### Enriching traces for detection rules -Enriching traces includes the threat intelligence attributes in ASM traces when the indicator of compromise matches the value of the `http.client_ip` key in the ASM trace. This enables searching for traces with threat intelligence matches using existing facets and using threat intelligence with detection rules. +Enriching traces includes the threat intelligence attributes in AAP traces when the indicator of compromise matches the value of the `http.client_ip` key in the AAP trace. This enables searching for traces with threat intelligence matches using existing facets and using threat intelligence with detection rules. ## Threat intelligence in the user interface -When viewing the traces in the ASM Traces Explorer, you can see threat intelligence data under the `@appsec` attribute. The `category` and `security_activity` attributes are both set. +When viewing the traces in the AAP Traces Explorer, you can see threat intelligence data under the `@appsec` attribute. The `category` and `security_activity` attributes are both set. {{< img src="security/application_security/threats/threat_intel/threat_intel_appsec.png" alt="Example of the appsec attribute containing threat intelligence data">}} diff --git a/content/en/security/application_security/threats/trace_qualification.md b/content/en/security/application_security/threats/trace_qualification.md index 0665e01a8c895..b9942a3260d11 100644 --- a/content/en/security/application_security/threats/trace_qualification.md +++ b/content/en/security/application_security/threats/trace_qualification.md @@ -4,41 +4,41 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/how-appsec-works//" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App and API Protection Works" --- ## Overview -Application Security Management (ASM) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. +App and API Protection (AAP) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. AAP trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. -Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view the possible qualification results: +Filter by the **Qualification** facet in the AAP [Traces Explorer][1] to view the possible qualification results: -{{< img src="security/application_security/threats/trace_qualification/trace-qualification-traces_2.png" alt="ASM trace list with the qualification facet showing the possible qualification results">}} +{{< img src="security/application_security/threats/trace_qualification/trace-qualification-traces_2.png" alt="AAP trace list with the qualification facet showing the possible qualification results">}} ## Qualification outcomes -ASM runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: +AAP runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: | Qualification result | Description | |------|-------------| -| Unknown | ASM has qualification rules for this attack, but did not have enough information to make a qualification decision. | -| None successful | ASM determined that attacks in this trace were not harmful. | +| Unknown | AAP has qualification rules for this attack, but did not have enough information to make a qualification decision. | +| None successful | AAP determined that attacks in this trace were not harmful. | | Harmful | At least one attack in the trace was successful. | -| No value | ASM does not have qualification rules for this type of attack. | +| No value | AAP does not have qualification rules for this type of attack. | ### Trace sidepanel The qualification result can also be seen when viewing the details of an individual trace.
-Example of a trace that ASM has qualified as safe: +Example of a trace that AAP has qualified as safe: -{{< img src="security/application_security/threats/trace_qualification/trace-none-successful_3.png" alt="ASM trace qualified as safe">}} +{{< img src="security/application_security/threats/trace_qualification/trace-none-successful_3.png" alt="AAP trace qualified as safe">}} -Example of a trace that ASM has qualified as harmful: +Example of a trace that AAP has qualified as harmful: -{{< img src="security/application_security/threats/trace_qualification/trace-harmful_2.png" alt="ASM trace qualified as harmful">}} +{{< img src="security/application_security/threats/trace_qualification/trace-harmful_2.png" alt="AAP trace qualified as harmful">}} [1]: https://app.datadoghq.com/security/appsec/traces ## Further Reading diff --git a/content/en/security/application_security/threats/waf-integration.md b/content/en/security/application_security/threats/waf-integration.md index c91f28f817cf3..6ce0f426926fb 100644 --- a/content/en/security/application_security/threats/waf-integration.md +++ b/content/en/security/application_security/threats/waf-integration.md @@ -7,11 +7,11 @@ further_reading: text: "Monitor AWS WAF activity with Datadog" --- -Protecting web applications and APIs requires a multi-layered approach that combines in-app monitoring and perimeter defenses. These complementary strategies enable you to have a defense-in-depth application security approach leveraging AWS Web Application Firewall (WAF) as the first line of defense, followed by ASM Threat Management to block attacks that slip by the WAF. +Protecting web applications and APIs requires a multi-layered approach that combines in-app monitoring and perimeter defenses. These complementary strategies enable you to have a defense-in-depth application security approach leveraging AWS Web Application Firewall (WAF) as the first line of defense, followed by AAP Threat Management to block attacks that slip by the WAF. ### In-app monitoring: deep visibility with distributed tracing -At the application level, Datadog ASM Threat Management leverages distributed tracing to monitor microservices in real time. The ASM approach provides detailed, context-rich insights into the behavior of requests as they traverse various services. These insights detect sophisticated threats such as: +At the application level, Datadog AAP Threat Management leverages distributed tracing to monitor microservices in real time. The AAP approach provides detailed, context-rich insights into the behavior of requests as they traverse various services. These insights detect sophisticated threats such as: - SQL Injection (SQLi) and Local File Inclusion (LFI) attempts. - Application logic abuse, such as bypassing business rules or exploiting edge cases. @@ -34,23 +34,23 @@ Depending on the nature of the threat, protection controls should be applied at This layered approach ensures threats are neutralized as early as possible without sacrificing the precision needed to protect legitimate traffic. -## AWS WAF integration with ASM +## AWS WAF integration with AAP There are two main use cases supported with this [integration][1]: -1. Gain visibility of AWS WAF actions in Datadog ASM. For example: +1. Gain visibility of AWS WAF actions in Datadog AAP. For example: 1. Metrics such as total requests allowed vs. blocked by the AWS WAF. 2. Drill down and view individual AWS WAF logs (requires you to [ingest AWS WAF logs into Datadog][2]). 3. How AWS WAF inspected the request: rules that were applied and the decision made (allow, block, or count). -
Note that ASM converts AWS WAF logs into ASM Traces, enabling you to view application activity (traces) and AWS WAF activity (logs converted to ASM traces) in the ASM Trace Explorer.
+
Note that AAP converts AWS WAF logs into AAP Traces, enabling you to view application activity (traces) and AWS WAF activity (logs converted to AAP traces) in the AAP Trace Explorer.
{{< img src="security/application_security/threats/aws-waf-int-asm.png" alt="AWS WAF integration details in Datadog UI" style="width:100%;" >}} 2. Leverage AWS WAF to block attackers: - 1. Connect your AWS WAF IP set(s) with Datadog ASM. You can use an existing set or create a new one. Datadog will add blocked IP addresses to this IP set. You can block attackers from ASM [Signals][3] or [Traces][4] explorers. + 1. Connect your AWS WAF IP set(s) with Datadog AAP. You can use an existing set or create a new one. Datadog will add blocked IP addresses to this IP set. You can block attackers from AAP [Signals][3] or [Traces][4] explorers. - {{< img src="/security/application_security/threats/aws-waf-blocked-ips.png" alt="ASM denylist blocked IPs" style="width:100%;" >}} + {{< img src="/security/application_security/threats/aws-waf-blocked-ips.png" alt="AAP denylist blocked IPs" style="width:100%;" >}} ## Further reading diff --git a/content/en/security/application_security/troubleshooting.md b/content/en/security/application_security/troubleshooting.md index a5e5e1c8c1be9..434a2d944fc7c 100644 --- a/content/en/security/application_security/troubleshooting.md +++ b/content/en/security/application_security/troubleshooting.md @@ -1,44 +1,44 @@ --- -title: Troubleshooting Application Security Management +title: Troubleshooting App and API Protection aliases: - /security_platform/application_security/troubleshooting further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Monitoring Threats with Datadog Application Security Management" + text: "Monitoring Threats with Datadog App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- ## Overview -If you experience unexpected behavior with Datadog Application Security Management (ASM), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. +If you experience unexpected behavior with Datadog App and API Protection (AAP), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. -## ASM rate limits +## AAP rate limits -ASM traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. +AAP traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. -## No security traces detected by ASM +## No security traces detected by AAP -There are a series of steps that must run successfully for threat information to appear in the ASM [Trace and Signals Explorer][2]. It is important to check each step when investigating this issue. Additional troubleshooting steps for specific languages are in the language tab at the end. +There are a series of steps that must run successfully for threat information to appear in the AAP [Trace and Signals Explorer][2]. It is important to check each step when investigating this issue. Additional troubleshooting steps for specific languages are in the language tab at the end. -### Confirm ASM is enabled +### Confirm AAP is enabled -You can use the metric `datadog.apm.appsec_host` to check if ASM is running. +You can use the metric `datadog.apm.appsec_host` to check if AAP is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Send a test attack to your application - To test your ASM setup, trigger the [Security Scanner Detected][7] rule by running a file that contains the following curl script: + To test your AAP setup, trigger the [Security Scanner Detected][7] rule by running a file that contains the following curl script: {{< programming-lang-wrapper langs="java,.NET,go,ruby,PHP,Node.js,python" >}} {{< programming-lang lang="java" >}} @@ -147,7 +147,7 @@ A few minutes after you enable your application and exercise it, and if it's suc ### Check if required tracer integrations are deactivated -ASM relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. +AAP relies on certain tracer integrations. If they are deactivated, AAP won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. The required integrations vary by language. @@ -176,7 +176,7 @@ For Java, if you are using any of the following technologies, the respective int For .NET, the ASP.NET integration is required. -**Note:** If ASP.NET Core is disabled, ASM should still work with this framework. +**Note:** If ASP.NET Core is disabled, AAP should still work with this framework. {{< /programming-lang >}} @@ -250,7 +250,7 @@ framework you're using, such as the Django or Flask integration. ### Check if spans are successfully transmitted to Datadog -ASM data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: +AAP data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: ``` 2021-11-29 21:19:58 CET | TRACE | INFO | (pkg/trace/info/stats.go:111 in LogStats) | [lang:.NET lang_version:5.0.10 interpreter:.NET tracer_version:1.30.1.0 endpoint_version:v0.4] -> traces received: 2, traces filtered: 0, traces amount: 1230 bytes, events extracted: 0, events sampled: 0 @@ -295,7 +295,7 @@ The log files are available in the following directories: {{< /programming-lang >}} {{< programming-lang lang="PHP" >}} -For PHP, to start troubleshooting issues with the Datadog ASM extension, enable debug logs in the ASM extension's `.ini` file. +For PHP, to start troubleshooting issues with the Datadog AAP extension, enable debug logs in the AAP extension's `.ini` file. The extension's `ini` file is usually found in `/etc/php//xxx/conf.d/98-ddtrace.ini`, but the location may differ depending on your installation. Look at the beginning of the `phpinfo()` output to identify the directory that is scanned for `.ini` files, if any. In the `.ini` file, set the following configuration options with the following: @@ -318,7 +318,7 @@ If the installation script is unable to find the correct PHP version, you can se $ php datadog-setup.php --php-bin /usr/bin/php7.4 --enable-appsec ``` ### Connection to helper failed -If the ASM extension is unable to communicate with the helper process, the following warning occurs: +If the AAP extension is unable to communicate with the helper process, the following warning occurs: ``` PHP Warning: Unknown: [ddappsec] Connection to helper failed and we are not going to attempt to launch it: dd_error @@ -349,11 +349,11 @@ datadog.appsec.helper_runtime_path = // {{< /programming-lang >}} {{< programming-lang lang="go" >}} -#### Confirm ASM is enabled in the running application +#### Confirm AAP is enabled in the running application -[Tracer startup logs][1] show the tracer configuration and whether ASM is enabled or not. If `appsec` is `true`, then ASM is enabled and running. +[Tracer startup logs][1] show the tracer configuration and whether AAP is enabled or not. If `appsec` is `true`, then AAP is enabled and running. -For example, the following startup log shows that ASM is disabled: +For example, the following startup log shows that AAP is disabled: ``` 2022/02/17 14:49:00 Datadog Tracer v1.36.0 INFO: DATADOG TRACER CONFIGURATION {"date":"2022-02-17T14:49:00+01:00","os_name":"Linux (Unknown Distribution)","os_version":"5.13.0","version":"v1.36.0","lang":"Go","lang_version":"go1.17.1","env":"prod","service":"grpcserver","agent_url":"http://localhost:8126/v0.4/traces","debug":false,"analytics_enabled":false,"sample_rate":"NaN","sampling_rules":null,"sampling_rules_error":"","service_mappings":null,"tags":{"runtime-id":"69d99219-b68f-4718-9419-fa173a79351e"},"runtime_metrics_enabled":false,"health_metrics_enabled":false,"profiler_code_hotspots_enabled":false,"profiler_endpoints_enabled":false,"dd_version":"","architecture":"amd64","global_service":"","lambda_mode":"false","appsec":false,"agent_features":{"DropP0s":false,"Stats":false,"StatsdPort":0}} @@ -361,9 +361,9 @@ For example, the following startup log shows that ASM is disabled: #### Enable debug logs -Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The ASM library will log to the standard error output. +Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The AAP library will log to the standard error output. -**Note:** ASM only outputs logs when it is enabled. Use the environment variable `DD_APPSEC_ENABLED=1` to enable ASM. +**Note:** AAP only outputs logs when it is enabled. Use the environment variable `DD_APPSEC_ENABLED=1` to enable AAP. [1]: /tracing/troubleshooting/tracer_startup_logs/ {{< /programming-lang >}} @@ -371,19 +371,19 @@ Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The ASM libr Use this [migration guide][1] to assess any breaking changes if you upgraded your Node.js library from 1.x to 2.x. -If you don't see ASM threat information in the [Trace and Signals Explorer][2] for your Node.js application, follow these steps to troubleshoot the issue: +If you don't see AAP threat information in the [Trace and Signals Explorer][2] for your Node.js application, follow these steps to troubleshoot the issue: -1. Confirm the latest version of ASM is running by checking that `appsec_enabled` is `true` in the [startup logs][3] +1. Confirm the latest version of AAP is running by checking that `appsec_enabled` is `true` in the [startup logs][3] a. If you don't see startup logs after a request has been sent, add the environment variable `DD_TRACE_STARTUP_LOGS=true` to enable startup logs. Check the startup logs for `appsec_enabled` is `true`. - b. If `appsec_enabled` is `false`, then ASM was not enabled correctly. See [installation instructions][4]. + b. If `appsec_enabled` is `false`, then AAP was not enabled correctly. See [installation instructions][4]. - c. If `appsec_enabled` is not in the startup logs, the latest ASM version needs to be installed. See [installation instructions][4]. + c. If `appsec_enabled` is not in the startup logs, the latest AAP version needs to be installed. See [installation instructions][4]. 2. Is the tracer working? Can you see relevant traces on the APM dashboard? - ASM relies on the tracer so if you don't see traces, then the tracer might not be working. See [APM Troubleshooting][5]. + AAP relies on the tracer so if you don't see traces, then the tracer might not be working. See [APM Troubleshooting][5]. 3. In your application directory, run the command `npm explore @datadog/native-appsec -- npm run install` and restart your app. @@ -407,9 +407,9 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][2] f {{< /programming-lang >}} {{< programming-lang lang="python" >}} -If you don't see ASM threat information in the [Trace and Signals Explorer][1] for your Python application, check that ASM is running and that your tracer is working. +If you don't see AAP threat information in the [Trace and Signals Explorer][1] for your Python application, check that AAP is running and that your tracer is working. -1. Set your application's log level to `DEBUG` to confirm that ASM is running: +1. Set your application's log level to `DEBUG` to confirm that AAP is running: ```python import logging @@ -422,11 +422,11 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][1] f DEBUG:ddtrace.appsec.processor:[DDAS-001-00] Executing AppSec In-App WAF with parameters: ``` - If this log is not present, ASM is not running. + If this log is not present, AAP is not running. 2. Is the tracer working? Can you see relevant traces on the APM dashboard? - ASM relies on the tracer. If you don't see traces, then the tracer might not be working. See [APM Troubleshooting][2]. + AAP relies on the tracer. If you don't see traces, then the tracer might not be working. See [APM Troubleshooting][2]. [1]: https://app.datadoghq.com/security/appsec/ @@ -434,7 +434,7 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][1] f {{< /programming-lang >}} {{< programming-lang lang="ruby" >}} -For Ruby, if you don't see ASM threat information in the [Trace and Signals Explorer][1] after a few minutes, enable tracer diagnostics for [debug logs][2]. For example: +For Ruby, if you don't see AAP threat information in the [Trace and Signals Explorer][1] after a few minutes, enable tracer diagnostics for [debug logs][2]. For example: ```ruby Datadog.configure do |c| @@ -445,9 +445,9 @@ end Debug logs are verbose but useful. If you open up a ticket with [Datadog support][1], forward the logs with your request. -#### Is ASM correctly enabled? +#### Is AAP correctly enabled? -ASM has been correctly enabled if you see logs such as: +AAP has been correctly enabled if you see logs such as: ``` D, [2021-12-14T11:03:32.167125 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib/datadog/appsec/waf.rb:296:in `block in logger=') {:level=>:ddwaf_log_info, :func=> "ddwaf_set_log_cb", :file=>"PowerWAFInterface.cpp", :message=>"Sending log messages to binding, min level trace"} @@ -456,13 +456,13 @@ D, [2021-12-14T11:03:32.200491 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib If you do not see those logs, check the following: -- If the correct ASM environment variables are set for your application process. +- If the correct AAP environment variables are set for your application process. - The latest gem version is installed. - The tracer is configured correctly and sending APM traces to your APM dashboard. -#### Is ASM called for each HTTP request? +#### Is AAP called for each HTTP request? -To confirm that ASM is called for each HTTP request, trigger a [test attack](#send-a-test-attack-to-your-application) and look for these logs: +To confirm that AAP is called for each HTTP request, trigger a [test attack](#send-a-test-attack-to-your-application) and look for these logs: ``` D, [2022-01-19T21:25:50.579745 #341792] DEBUG -- ddtrace: [ddtrace] (/home/lloeki/src/github.com/DataDog/dd-trace-rb/lib/datadog/appsec/reactive/operation.rb:14:in `initialize') operation: rack.request initialize @@ -477,7 +477,7 @@ If you don't see those logs, try the following: - Send another [test attack](#send-a-test-attack-to-your-application) using another user agent value in the curl command to see if the threat information is successfully sent. - Look in the application logs for the exact request you ran to confirm the request reached the application, and was not responded to by another upstream system. -If the Rack integration was configured manually, sometimes a known issue prevents ASM from working. For example: +If the Rack integration was configured manually, sometimes a known issue prevents AAP from working. For example: ```ruby Datadog.configure do |c| @@ -488,9 +488,9 @@ Datadog.configure do |c| If `c.tracing.instrument :rack` is present, remove it to see if the check passes. -#### Is ASM detecting HTTP request security threats? +#### Is AAP detecting HTTP request security threats? -To confirm that ASM is detecting security threats, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these logs: +To confirm that AAP is detecting security threats, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these logs: ``` D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib/datadog/appsec/contrib/rack/reactive/request.rb:63:in `block in subscribe') WAF: #{"id"=>"ua0-600-10x", "name"=>"Nessus", "tags"=>{"type"=>"security_scanner", "category"=>"attack_attempt"}}, "rule_matches"=>[{"operator"=>"match_regex", "operator_value"=>"(?i)^Nessus(/|([ :]+SOAP))", "parameters"=>[{"address"=>"server.request.headers.no_cookies", "key_path"=>["user-agent"], "value"=>"Nessus SOAP", "highlight"=>["Nessus SOAP"]}]}]}], perf_data=nil, perf_total_runtime=20519> @@ -498,7 +498,7 @@ D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib If you don't see those logs, check that another upstream security system is not filtering out the requests or altering them based on the test header value. #### Is the tracer sending traces with security data? -ASM data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: +AAP data is sent with APM traces. To confirm that AAP correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: ``` Tags: [ @@ -527,7 +527,7 @@ Metrics: [ _sampling_priority_v1 => 2.0]] ``` -Wait a minute for the agent to forward the traces, then check that the traces show up in the APM dashboard. The security information in the traces may take additional time to be processed by Datadog before showing up as security traces in the ASM [Trace and Signals Explorer][1]. +Wait a minute for the agent to forward the traces, then check that the traces show up in the APM dashboard. The security information in the traces may take additional time to be processed by Datadog before showing up as security traces in the AAP [Trace and Signals Explorer][1]. [1]: https://app.datadoghq.com/security/appsec/ [2]: /tracing/troubleshooting/#tracer-debug-logs @@ -539,17 +539,17 @@ Wait a minute for the agent to forward the traces, then check that the traces sh There are a series of steps that must run successfully for vulnerability information to appear either in the [Software Catalog Security View][16] or in the [Vulnerability Explorer][12]. It is important to check each step when investigating this issue. -### Confirm ASM is enabled +### Confirm AAP is enabled -You can use the metric `datadog.apm.appsec_host` to check if ASM is running. +You can use the metric `datadog.apm.appsec_host` to check if AAP is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Confirm tracer versions are updated @@ -566,7 +566,7 @@ To disable threat management, remove the `DD_APPSEC_ENABLED=true` environment va If no `DD_APPSEC_ENABLED=true` environment variable is set for your service, do one of the following: * If it's a PHP service: explicitly set the environment variable to `DD_APPSEC_ENABLED=false`, and restart your service. * If threat management was activated using [Remote Configuration][16], do the following: - 1. Go to [Services][15] (**ASM** > **Catalog** > **Services**). + 1. Go to [Services][15] (**AAP** > **Catalog** > **Services**). 2. Select **Threat Management in Monitoring Mode**. 3. In the **Threat Management** facet, enable **Monitoring Only**, **No data**, and **Ready to block**. 4. Click on a service. @@ -586,7 +586,7 @@ To disable [Code Security][13], remove the `DD_IAST_ENABLED=true` environment va ## Need more help? -If you continue to have issues with ASM, contact [Datadog support][1] with the following information: +If you continue to have issues with AAP, contact [Datadog support][1] with the following information: - Confirmation that the [test attack](#send-a-test-attack-to-your-application) was successfully sent - Tracer [startup][8] or [debug][10] logs diff --git a/content/en/security/audit_trail.md b/content/en/security/audit_trail.md index 8b859045548ad..91672838c7a4f 100644 --- a/content/en/security/audit_trail.md +++ b/content/en/security/audit_trail.md @@ -12,10 +12,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ To view audit logs generated by actions taken in Datadog Security, navigate to t {{% audit-trail-security-platform %}} -## Application Security Management +## App and API Protection {{% audit-trail-asm %}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 17ee25acba982..75954be765a7d 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management +title: Cloud Security aliases: - /security_platform/cloud_security_management/ further_reading: @@ -8,10 +8,10 @@ further_reading: text: "See What's New in Datadog Security Compliance" - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" - text: "Uncover kernel-level threats with CSM Threats" + text: "Uncover kernel-level threats with Workload Protection" - link: "/security/research_feed" tag: "Documentation" text: "Security Research Feed" @@ -24,30 +24,18 @@ further_reading: - link: "https://www.datadoghq.com/blog/workload-security-evaluator/" tag: "Blog" text: "Run Atomic Red Team detection tests in container environments with Datadog's Workload Security Evaluator" - - link: "https://www.datadoghq.com/blog/security-context-with-datadog-cloud-security-management/" - tag: "Blog" - text: "Add security context to observability data with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-labs-ruleset-launch/" tag: "Blog" text: "Fix common cloud security risks with the Datadog Security Labs Ruleset" - link: "https://www.datadoghq.com/blog/securing-cloud-native-applications/" tag: "Blog" text: "Best practices for application security in cloud-native environments" - - link: "https://www.datadoghq.com/blog/custom-detection-rules-with-datadog-cloud-security-management/" - tag: "Blog" - text: "Customize rules for detecting cloud misconfigurations with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/building-security-coverage-for-cloud-environments/" tag: "Blog" text: "Build sufficient security coverage for your cloud environment" - link: "https://www.datadoghq.com/blog/cloud-security-study-learnings-2024/" tag: "Blog" text: "Key learnings from the 2024 State of Cloud Security study" - - link: "https://www.datadoghq.com/blog/cloud-security-malware-detection/" - tag: "Blog" - text: "Detect malware in your containers with Datadog Cloud Security Management" - - link: "https://www.datadoghq.com/blog/security-posture-csm/" - tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-inbox-prioritization/" tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" @@ -58,43 +46,43 @@ algolia: tags: ['csm', 'cloud security management', 'inbox'] cascade: algolia: - subcategory: Cloud Security Management + subcategory: Cloud Security --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} -Datadog Cloud Security Management (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +Datadog Cloud Security delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. -CSM leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: +Cloud Security leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: -- [**Threats**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. +- [**Workload Protection**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. - [**Misconfigurations**][2]: Tracks the security hygiene and compliance posture of your production environment, automates audit evidence collection, and enables you to remediate misconfigurations that leave your organization vulnerable to attacks. - [**Identity Risks**][8]: Provides in-depth visibility into your organization's AWS IAM, Azure, and GCP risks, and enables you to detect and resolve identity risks on an ongoing basis. - [**Vulnerabilities**][9]: Continuously detect, prioritize, and remediate exploitable vulnerabilities in your container images, host images, and hosts running in your infrastructure. -{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security Management in Datadog" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security in Datadog" width="100%">}} {{< partial name="security-platform/CSW-billing-note.html" >}} ## Track your organization's health -Available for [CSM Misconfigurations][2], the [security posture score][5] helps you track your organization's overall health. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure compliance rules. +Available for [Cloud Security Misconfigurations][2], the [security posture score][5] helps you track your organization's overall health. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure compliance rules. Improve your organization's score by remediating misconfigurations, either by resolving the underlying issue or by muting the misconfiguration. -{{< img src="security/csm/health_scores.png" alt="The posture score on the CSM overview page tracks your organization's overall health" width="100%">}} +{{< img src="security/csm/health_scores.png" alt="The posture score on the Cloud Security overview page tracks your organization's overall health" width="100%">}} ## Explore and remediate issues For an overview of your Cloud Security and Application Security findings, sorted by importance, use the [Security Inbox][14]. -To get more detail, use the [Explorers][7] to review and remediate your organization's security findings concerning misconfigurations, vulnerabilities, and identity risks. View detailed information about a finding, including guidelines and remediation steps. [Send real-time notifications][6] when a threat is detected in your environment, and use tags to identify the owner of an impacted resource. +To get more detail, use [Findings][7] to review and remediate your organization's security findings concerning misconfigurations, vulnerabilities, and identity risks. View detailed information about a finding, including guidelines and remediation steps. [Send real-time notifications][6] when a threat is detected in your environment, and use tags to identify the owner of an impacted resource. -{{< img src="security/csm/explorers_page.png" alt="CSM Explorers page" width="100%">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Findings page" width="100%">}} ## Investigate resources @@ -108,7 +96,7 @@ Use the [Resource Catalog][12] to view specific misconfigurations and threats th ## Subscribe to weekly digest reports -Receive a weekly summary of Cloud Security Management activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. +Receive a weekly summary of Cloud Security activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. ## Learn about emerging threats and vulnerabilities @@ -116,7 +104,7 @@ Use the [Security Research Feed][15] to stay current with the latest security de ## Next steps -To get started with CSM, navigate to the [**Cloud Security Management Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security Management][10]. +To get started with Cloud Security, navigate to the [**Cloud Security Setup**][3] page in Datadog, which has detailed steps on how to set up and configure Cloud Security. For more information, see [Setting Up Cloud Security][10]. ## Further reading diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 7ce4a811022a6..241b61847d9cd 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Guides +title: Cloud Security Guides disable_toc: true aliases: - /security_platform/cloud_workload_security/guide/ @@ -7,20 +7,20 @@ aliases: --- -{{< whatsnext desc="Cloud Security Management (CSM) Guides" >}} - {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security Management{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Management Agent Variables{{< /nextlink >}} +{{< whatsnext desc="Cloud Security Guides" >}} + {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Agent Variables{{< /nextlink >}} {{< /whatsnext >}} -{{< whatsnext desc="CSM Threats Guides" >}} +{{< whatsnext desc="Workload Protection Guides" >}} {{< nextlink href="/security/cloud_security_management/guide/active-protection" >}}Proactively block crypto mining threats with Active Protection{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/tuning-rules" >}}Best Practices for Fine-Tuning CSM Threats Security Signals{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/tuning-rules" >}}Best Practices for Fine-Tuning Workload Protection Security Signals{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/custom-rules-guidelines" >}}Guidelines for Writing Custom Rules{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/ebpf-free-agent" >}}Threat Detection for Linux Without eBPF Support{{< /nextlink >}} {{< /whatsnext >}} -{{< whatsnext desc="CSM Misconfigurations Guides" >}} - {{< nextlink href="/security/cloud_security_management/guide/writing_rego_rules" >}}Writing Custom CSM Misconfigurations Rules with Rego{{< /nextlink >}} +{{< whatsnext desc="Cloud Security Misconfigurations Guides" >}} + {{< nextlink href="/security/cloud_security_management/guide/writing_rego_rules" >}}Writing Custom Cloud Security Misconfigurations Rules with Rego{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/public-accessibility-logic" >}}How Datadog Determines if Resources are Publicly Accessible{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/resource_evaluation_filters" >}}Use Filters to Exclude Resources from Evaluation{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/related-logs" >}}View a Misconfiguration's Related Logs{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/guide/active-protection.md b/content/en/security/cloud_security_management/guide/active-protection.md index fc5784b3fe736..506a27e66c6f7 100644 --- a/content/en/security/cloud_security_management/guide/active-protection.md +++ b/content/en/security/cloud_security_management/guide/active-protection.md @@ -3,14 +3,14 @@ title: Proactively block crypto mining threats with Active Protection further_reading: - link: "security/threats/workload_security_rules" tag: "Documentation" - text: "CSM Threats Detection Rules" + text: "Workload Protection Detection Rules" ---
Please contact Datadog Support to enable Active Protection.
-
CSM Threats Active Protection is in Preview.
+
Workload Protection Active Protection is in Preview.
-This topic explains how to use the CSM Threats **Active Protection** feature to block crypto mining threats automatically. +This topic explains how to use the Workload Protection **Active Protection** feature to block crypto mining threats automatically. By default, all OOTB Agent [threat detection rules][4] are enabled and actively monitoring for crypto threats. @@ -79,7 +79,7 @@ Consequently, you do not need to worry that enabling Active Protection immediate To enable Active Protection: -1. Go to CSM [Agent Configuration][2] rules. +1. Go to Cloud Security [Agent Configuration][2] rules. 2. Select **Enable Active Protection**. {{< img src="security/cws/guide/enable-active-protection.png" alt="Enable Active Protection button" style="width:100%;" >}} diff --git a/content/en/security/cloud_security_management/guide/agent_variables.md b/content/en/security/cloud_security_management/guide/agent_variables.md index 530e90e24de6d..6a1fd3025a17e 100644 --- a/content/en/security/cloud_security_management/guide/agent_variables.md +++ b/content/en/security/cloud_security_management/guide/agent_variables.md @@ -1,10 +1,10 @@ --- -title: Cloud Security Management Agent Variables +title: Cloud Security Agent Variables aliases: - /security/cloud_security_management/setup/agent_variables --- -The Datadog Agent has several environment variables that can be enabled for Cloud Security Management. This article describes the purpose of each environment variable. +The Datadog Agent has several environment variables that can be enabled for Cloud Security. This article describes the purpose of each environment variable. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index b20ddc8cf575e..1fb87cc471a5c 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -1,15 +1,15 @@ --- -title: Guidelines for Writing Custom CSM Threats Rules +title: Guidelines for Writing Custom Workload Protection Rules further_reading: - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Managing CSM Threats Rules" + text: "Managing Workload Protection Rules" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expression Syntax" --- -At some point, you may want to write your own [custom Cloud Security Management Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. +At some point, you may want to write your own [custom Workload Protection Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. ## Attributes @@ -31,7 +31,7 @@ Use wildcards (`*`) carefully. For example, never use `open.file.path =~ "*/myfi ## Approvers and discarders -CSM Threats uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. +Workload Protection uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. Approvers act as an allow-list at the kernel level in the Datadog Agent. For example, the opening of a specific file could be an approver on the event `open`, whereas `open` events on files without approvers would be filtered out. Similarly, discarders act as a deny-list in the Agent. Discarders intentionally filter out events that can never match a rule. The Agent learns which events to filter out with discarders during runtime. diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index fd8658a2458e2..f3310f0ff102e 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -3,7 +3,7 @@ title: Threat Detection for Linux Without eBPF Support disable_toc: false --- -This guide describes how to set up the CSM Threats eBPF-less solution for eBPF disabled environments, such as AWS Fargate. The eBPF-less solution uses a ptrace-based Datadog Agent. +This guide describes how to set up the Workload Protection eBPF-less solution for eBPF disabled environments, such as AWS Fargate. The eBPF-less solution uses a ptrace-based Datadog Agent. This guide also describes some advantages of the ptrace solution. @@ -12,7 +12,7 @@ This guide also describes some advantages of the ptrace solution. ## Summary of Agent options -CSM Threats includes two Agent options for threat detection and response: +Workload Protection includes two Agent options for threat detection and response: - eBPF solution - eBPF-less solution with ptrace: This version is only available where eBPF is not (Linux kernel versions 3.4 to 4.14). @@ -152,7 +152,7 @@ runtime_security_config: Ensure you perform the following configuration requirements before deploying the Agent: 1. Customize the [Agent Installation Instructions][5] before proceeding with the installation. -2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security Management on the Agent][4]. +2. Install/update the Agent with Cloud Security enabled. For steps, see [Setting up Cloud Security on the Agent][4]. 3. Specify additional configurations from the previous **eBPF-less agent setup** sections to install the custom version and enable eBPF-less mode. diff --git a/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md b/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md index 91294fae96e81..2d296d70e06a2 100644 --- a/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md +++ b/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md @@ -7,11 +7,11 @@ further_reading: text: "Creating Custom Detection Rules" --- -You can use CSM Threats to identify if unauthorized or anomalous processes are running or executed on your IT systems. +You can use Workload Protection to identify if unauthorized or anomalous processes are running or executed on your IT systems. For example, you can create a process allowlist and query for processes running on hosts and containers outside of the allowlist. -In CSM Threats, you can [define custom rules][1] to watch process executions for malicious activity on hosts or containers in real-time. You can define a list of process names and/or arguments that will generate a security signal that can be used to notify users. +In Workload Protection, you can [define custom rules][1] to watch process executions for malicious activity on hosts or containers in real-time. You can define a list of process names and/or arguments that will generate a security signal that can be used to notify users. This guide shows you how to query for unauthorized and anomalous processes using static and dynamic allowlists as examples. diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 3bbc335342f22..abdea81d926d6 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -3,7 +3,7 @@ title: How Datadog Determines if Resources are Publicly Accessible further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/default_rules/#cat-cloud-security-management" tag: "Documentation" text: "Out-of-the-box Detection Rules" @@ -13,7 +13,7 @@ Datadog uses a graph processing framework to map relationships between cloud res ## Resource dependency graph -The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Management Misconfigurations resource relationships graph. +The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Misconfigurations resource relationships graph. **Note**: Not all resources with the Publicly Accessible attribute are shown in these diagrams. diff --git a/content/en/security/cloud_security_management/guide/related-logs.md b/content/en/security/cloud_security_management/guide/related-logs.md index 90b918c182d87..fca5a2bc0ccab 100644 --- a/content/en/security/cloud_security_management/guide/related-logs.md +++ b/content/en/security/cloud_security_management/guide/related-logs.md @@ -2,7 +2,7 @@ title: View a misconfiguration's related logs --- -Datadog CSM's Related Logs feature allows you to quickly identify cloud audit logs that relate to a specific cloud resource. When investigating a misconfiguration, this can help you understand: +Datadog Cloud Security's Related Logs feature allows you to quickly identify cloud audit logs that relate to a specific cloud resource. When investigating a misconfiguration, this can help you understand: - Who created the resource - Who last modified the resource, possibly introducing the misconfiguration @@ -24,7 +24,7 @@ source:cloudtrail @recipientAccountId:172597598159 @awsRegion:us-east-1 @readOnl ## View related logs -1. In the [Misconfigurations Explorer][2], open a misconfiguration for a supported resource type. +1. On the **Findings** page, in the [Misconfigurations explorer][2], open a misconfiguration for a supported resource type. 1. Click the **Related Logs** tab. Datadog queries your CloudTrail logs for events related to the cloud resource. ## Search through a larger timeframe diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index e74ff2f65f802..afa4ea27bbec2 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -3,13 +3,13 @@ title: Use Filters to Exclude Resources from Evaluation further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Cloud Security Guides - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: Setting Up Cloud Security Management + text: Setting Up Cloud Security --- -You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security Management (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. +You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security. The filters must be specified as a comma-separated list of `key:value` pairs. **Notes**: @@ -23,7 +23,7 @@ You can use resource tags to create filters that include or exclude resources fr | Single character wildcard | `?` | | Multiple characters wildcard | `*` | -The allowlist enables you to specify tags that must be applied to a resource in order for CSM to evaluate it. Allowlist tags are evaluated as OR statements. In other words, at least one of the allowlist tags must be present in order for a resource to be evaluated. In contrast, blocklisted tags are evaluated as AND statements and take precedence over allowlist tags. +The allowlist enables you to specify tags that must be applied to a resource in order for Cloud Security to evaluate it. Allowlist tags are evaluated as OR statements. In other words, at least one of the allowlist tags must be present in order for a resource to be evaluated. In contrast, blocklisted tags are evaluated as AND statements and take precedence over allowlist tags. **Examples**: @@ -37,7 +37,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **AWS** section. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon for the account you want to add the filter to. 4. Enter a comma-separated list of `key:value` pairs for the tags you want to allowlist or blocklist. @@ -48,7 +48,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **Azure** section. 3. Expand a subscription. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. @@ -60,7 +60,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **GCP** section. 3. Expand a project. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. diff --git a/content/en/security/cloud_security_management/guide/tuning-rules.md b/content/en/security/cloud_security_management/guide/tuning-rules.md index 46126c39cc0c0..ab38d23db9c83 100644 --- a/content/en/security/cloud_security_management/guide/tuning-rules.md +++ b/content/en/security/cloud_security_management/guide/tuning-rules.md @@ -1,5 +1,5 @@ --- -title: Fine-tuning CSM Threats Security Signals +title: Fine-tuning Workload Protection Security Signals aliases: - /security_platform/cloud_workload_security/guide/tuning-rules/ - /security_platform/cloud_security_management/guide/tuning-rules/ @@ -7,7 +7,7 @@ aliases: ## Overview -Cloud Security Management Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. +Workload Protection monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. This guide provides considerations for best practices and steps for fine-tuning signal suppression. @@ -137,11 +137,11 @@ Additionally you might notice that signals are created even when some of your ma ## Adding a suppression from the signal -When you are in the process of investigating a potential threat reported by CSM Threats detection rules, you can encounter some signals that alert on known benign behaviors that are specific to your environment. +When you are in the process of investigating a potential threat reported by Workload Protection detection rules, you can encounter some signals that alert on known benign behaviors that are specific to your environment. Consider a Java process utility exploitation. An attacker intentionally targets vulnerabilities in your application code that runs Java processes. This kind of attack entails persistent access to your application by spawning its own Java shell utility. -In some cases, CSM Threats rules might also detect expected activity, for example from your security team running a pentest session to evaluate the robustness of your applications. In this case, you can evaluate the accuracy of alerts reported and suppress noise. +In some cases, Workload Protection rules might also detect expected activity, for example from your security team running a pentest session to evaluate the robustness of your applications. In this case, you can evaluate the accuracy of alerts reported and suppress noise. Open the signal details side panel and navigate from one tab to the other to gain context, including key process metadata like command-line arguments and environment variable keys. For containerized workloads, the information includes the relevant image, pod, Kubernetes cluster, and more. @@ -168,7 +168,7 @@ For additional granularity, the following attributes provide information about p Signals surface relevant context within security alerts. Although event data can be leveraged for suppression filters, the observability data that the detection rule is built on may offer a better tuning candidate. -In CSM Threats, the runtime Agent logs are generated from collected kernel events. You can preview the logs from the signal side-panel without context switching. +In Workload Protection, the runtime Agent logs are generated from collected kernel events. You can preview the logs from the signal side-panel without context switching. 1. Go to your chosen signal details side-panel and click the Events tab. 2. Click **View in Log Explorer** to navigate to Log Management, which displays the full list of logs that instigate this signal. diff --git a/content/en/security/cloud_security_management/guide/writing_rego_rules.md b/content/en/security/cloud_security_management/guide/writing_rego_rules.md index 55cb5cb80379e..598a54c52f02d 100644 --- a/content/en/security/cloud_security_management/guide/writing_rego_rules.md +++ b/content/en/security/cloud_security_management/guide/writing_rego_rules.md @@ -18,7 +18,7 @@ Open Policy Agent (OPA) provides [Rego][1], an open source policy language with ## The template module -Defining a rule starts with a Rego [policy][2], defined inside a [module][3]. CSM Misconfigurations uses a module template like the one below to simplify writing rules: +Defining a rule starts with a Rego [policy][2], defined inside a [module][3]. Cloud Security Misconfigurations uses a module template like the one below to simplify writing rules: ```python package datadog diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index 7b4712f38006d..b48f1d302cc95 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -10,11 +10,11 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security Management. +Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Findings** page within Cloud Security.
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
-{{< img src="security/csm/iac_scanning_explorer2.png" alt="CSM Explorers page displaying detected misconfigurations in cloud resources" width="100%">}} +{{< img src="security/csm/iac_scanning_explorer2.png" alt="Cloud Security Findings page displaying detected misconfigurations in cloud resources" width="100%">}} When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code. diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 84165c8f31223..b6f40231d9449 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -1,14 +1,14 @@ --- -title: Cloud Security Management Identity Risks +title: Cloud Security Identity Risks aliases: - /security/identity_risks/ further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Cloud Security" - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting Up Cloud Security Management" + text: "Setting Up Cloud Security" - link: "https://www.datadoghq.com/blog/datadog-ciem/" tag: "Blog" text: "Find and remediate identity risks with Datadog CIEM" @@ -26,17 +26,17 @@ further_reading: text: "Detect cross-account access risks in AWS with Datadog" --- -Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. +Cloud Security Identity Risks is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. -
CSM Identity Risks is available for AWS, Azure, and GCP.
+
Cloud Security Identity Risks is available for AWS, Azure, and GCP.
## Review identity risks -Review your organization's active identity risks on the [Identity Risks Explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. +Review your organization's active identity risks in the [Identity Risks explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. -CSM Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. +Cloud Security Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. -{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="CSM Identity Risks Explorers page" width="100%">}} +{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="Cloud Security Identity Risks explorers page" width="100%">}} ## Remediate identity risks @@ -48,7 +48,7 @@ Click **View Suggested Policy** to view a suggested downsized policy based on th {{< img src="security/identity_risks/downsized_policy.png" alt="Review suggestions for downsizing a policy on the Suggested downsized policy dialog" width="100%">}} -To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Management Issues][2] for more information. +To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Issues][2] for more information. {{< img src="security/identity_risks/side_panel_action_buttons_2.png" alt="Remediate identity risks using the action buttons on the side panel" width="100%">}} @@ -76,9 +76,9 @@ Datadog CIEM is integrated with [AWS IAM Access Analyzer][5] to further improve ## Video walkthrough -The following video provides an overview of how to enable and use CSM Identity Risks: +The following video provides an overview of how to enable and use Cloud Security Identity Risks: -{{< img src="security/csm/how-to-use-csm-identity-risks.mp4" alt="Video that provides an overview of how to install and use CSM Identity Risks" video=true >}} +{{< img src="security/csm/how-to-use-csm-identity-risks.mp4" alt="Video that provides an overview of how to install and use Cloud Security Identity Risks" video=true >}} ## Further Reading diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 729264e474a67..f2b97c9f7b269 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Misconfigurations +title: Cloud Security Misconfigurations aliases: - /security_platform/cspm/ - /security/cspm/#glossary @@ -9,31 +9,31 @@ algolia: tags: ['cspm'] --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. +Cloud Security Misconfigurations makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. ## Detect misconfigurations across your cloud resources Strengthen your security posture and achieve continuous compliance by detecting, prioritizing, and remediating misconfigurations across all your cloud resources using Datadog's [out-of-the-box compliance rules](#manage-out-of-the-box-and-custom-compliance-rules). -View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations Explorer][2]. +View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations explorer][2]. -CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. +Cloud Security Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. +Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. [View compliance reports][3] to see how well you're doing against each control in a compliance framework. The reports include details such as resources with the most failed misconfigurations, a comprehensive breakdown of the number of resources with pass/fail misconfigurations, and the top three high-severity rule failures. -{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_2.png" alt="CSM Misconfigurations compliance frameworks" width="100%">}} +{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_2.png" alt="Cloud Security Misconfigurations compliance frameworks" width="100%">}} ## Manage out-of-the-box and custom compliance rules [Out-of-the-box compliance rules][4] surface the most important risks so that you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account. [Customize the rules][5] by defining how each rule scans your environment, [create custom rules][6], and [set up real-time notifications for failed misconfigurations](#set-up-real-time-notifications). -{{< img src="security/cspm/compliance_rules.png" alt="CSM Misconfigurations compliance rules" width="100%">}} +{{< img src="security/cspm/compliance_rules.png" alt="Cloud Security Misconfigurations compliance rules" width="100%">}} ## Set up real-time notifications @@ -43,24 +43,24 @@ Use template variables and Markdown to [customize notification messages][9]. Edi ## Review and remediate misconfigurations -Investigate details using the [Misconfigurations Explorer][10]. View detailed information about a resource, such as configuration, compliance rules applied to the resource, and tags that provide additional context about who owns the resource and its location within your environment. If a misconfiguration does not match your business use case or is an accepted risk, you can [mute the misconfiguration][13] up to an indefinite period of time. +Investigate details using the [Misconfigurations explorer][10]. View detailed information about a resource, such as configuration, compliance rules applied to the resource, and tags that provide additional context about who owns the resource and its location within your environment. If a misconfiguration does not match your business use case or is an accepted risk, you can [mute the misconfiguration][13] up to an indefinite period of time. You can also [create a Jira issue][15] and assign it to a team, use Terraform remediation to generate a pull request in GitHub with code changes that fix the underlying misconfiguration, and leverage [Workflow Automation][14] to create automated workflows (with or without human involvement). -{{< img src="security/cspm/misconfigurations_explorer.png" alt="CSM Misconfigurations Explorer page" width="100%">}} +{{< img src="security/cspm/misconfigurations_explorer.png" alt="Cloud Security Misconfigurations explorer page" width="100%">}} ## Get started -{{< learning-center-callout header="Try Detect, Prioritize, and Remediate Cloud Security Risks with Datadog CSM in the Learning Center" btn_title="Enroll Now" btn_url="https://learn.datadoghq.com/courses/csm-misconfigurations">}} - The Datadog Learning Center is full of hands-on courses to help you learn about this topic. Enroll at no cost to learn how to secure your cloud environments with CSM misconfigurations. +{{< learning-center-callout header="Try Detect, Prioritize, and Remediate Cloud Security Risks with Datadog Cloud Security in the Learning Center" btn_title="Enroll Now" btn_url="https://learn.datadoghq.com/courses/csm-misconfigurations">}} + The Datadog Learning Center is full of hands-on courses to help you learn about this topic. Enroll at no cost to learn how to secure your cloud environments with Cloud Security misconfigurations. {{< /learning-center-callout >}} {{< whatsnext >}} {{< nextlink href="/security/cloud_security_management/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} - {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Misconfigurations{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for CSM Misconfigurations{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for CSM Misconfigurations{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security{{< /nextlink >}} + {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for Cloud Security Misconfigurations{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for Cloud Security Misconfigurations{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for Cloud Security Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/misconfigurations/findings">}} Learn more about misconfigurations{{< /nextlink >}} {{< nextlink href="https://www.datadoghq.com/blog/cspm-for-azure-with-datadog/">}} Monitor the security and compliance posture of your Azure environment{{< /nextlink >}} {{< nextlink href="https://www.datadoghq.com/blog/cspm-for-gcp-with-datadog/">}} Improve the compliance and security posture of your Google Cloud environment{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index 4b65a14a2046e..67c76f9c8a00a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -1,5 +1,5 @@ --- -title: Manage CSM Misconfigurations Compliance Rules +title: Manage Cloud Security Misconfigurations Compliance Rules aliases: - /security_platform/cspm/configuration_rules - /security/cspm/configuration_rules @@ -9,7 +9,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: Getting Started with CSM Misconfigurations + text: Getting Started with Cloud Security Misconfigurations - link: "/security/cloud_security_management/misconfigurations/custom_rules/" tag: "Documentation" text: Custom Rules @@ -18,11 +18,11 @@ further_reading: text: Misconfigurations Reports --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. +Cloud Security Misconfigurations [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. -The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. +The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For Cloud Security Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. -CSM Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: +Cloud Security Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: - [**Cloud configuration**][1]: These compliance rules analyze the configuration of resources within your cloud environment. For example, the [CloudFront distribution should be encrypted][3] rule assesses whether an Amazon CloudFront distribution enforces HTTPS to secure communications. - [**Infrastructure configuration**][5]: These checks evaluate containers and Kubernetes clusters using rules from CIS compliance benchmarks for Docker and Kubernetes, as well as Linux workloads against CIS host benchmarks for Ubuntu, Red Hat, and Amazon Linux. diff --git a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md index 11e0cd445f1d6..1373ef7daed71 100644 --- a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md @@ -9,7 +9,7 @@ further_reading: text: "Start writing your own Rego rules" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/misconfigurations/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" @@ -31,7 +31,7 @@ To clone a rule: 1. Find the rule you want to copy by doing one of the following: - Navigate to the [**Misconfigurations Rules**][1] page. Select a rule you want to copy to open its details page. - - Navigate to the [**Misconfigurations Explorer**][2]. Select a misconfiguration to open its details, then select **Edit Rule**. + - Navigate to the [**Misconfigurations explorer**][2]. Select a misconfiguration to open its details, then select **Edit Rule**. 2. Make any changes you want for your new rule. 3. Scroll to the bottom of the details page and click **Clone Rule**. @@ -59,7 +59,7 @@ To create a rule from scratch: ## Tagging misconfigurations -When you create, clone, or modify CSM Misconfigurations compliance rules, you can specify tags to apply to misconfigurations so that you can group, filter, and search misconfigurations by those tags. When you clone a rule, some tags are carried forward into the new rule, and others are not (see table below). +When you create, clone, or modify Cloud Security Misconfigurations compliance rules, you can specify tags to apply to misconfigurations so that you can group, filter, and search misconfigurations by those tags. When you clone a rule, some tags are carried forward into the new rule, and others are not (see table below). You can assign almost any key-value as a tag. The following table shows tags that are useful in common security scenarios. @@ -70,7 +70,7 @@ You can assign almost any key-value as a tag. The following table shows tags tha | `requirement` | String | Not allowed for custom rules. Indicates a requirement related to a compliance framework. Don't add this to rules not part of a compliance framework. | | `cloud_provider` | `aws`, `gcp`, `azure` | Cannot be removed. Is set automatically based on resource type. | | `control` | String | Not allowed for custom rules. Indicates a control related to a compliance framework. Don't add this to rules not part of a compliance framework. | -| `source` | String from a defined set given by cloud providers as listed in the [Source facet in the Misconfigurations Explorer][2]. | Cannot be removed. Automatically added to cloned rules. Facilitates grouping rules by cloud provider. | +| `source` | String from a defined set given by cloud providers as listed in the [Source facet in the Misconfigurations explorer][2]. | Cannot be removed. Automatically added to cloned rules. Facilitates grouping rules by cloud provider. | | `framework` | String | Not allowed for custom rules. Indicates the compliance framework the rule belongs to. Not automatically added to cloned rules. | ## Further reading diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 3b2db536a18b9..a6bd37fabd75f 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -8,21 +8,21 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" --- -The Cloud Security Management Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: +The Cloud Security Misconfigurations [explorer][1] allows you to: - Review the detailed configuration of a resource. -- Review the compliance rules applied to your resources by CSM Misconfigurations. +- Review the compliance rules applied to your resources by Cloud Security Misconfigurations. - Review tags for more context about who owns the resource and where it resides in your environment. - Read descriptions and guidelines based on industry resources for remediating a misconfigured resource. - Use the time selector to explore your security configuration posture at any point in the past. -In addition to reviewing and responding to misconfigurations, you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same view as real-time threats generated by [Cloud SIEM][2] and [CSM Threats][3]. This enables you to accelerate investigations, as the root causes for many of today's cloud breaches are misconfigured services that have been exploited by attackers. +In addition to reviewing and responding to misconfigurations, you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same view as real-time threats generated by [Cloud SIEM][2] and [Workload Protection][3]. This enables you to accelerate investigations, as the root causes for many of today's cloud breaches are misconfigured services that have been exploited by attackers. ## Misconfigurations @@ -30,15 +30,15 @@ A misconfiguration is the primary primitive for a rule evaluation against a reso ## Explore your cloud misconfigurations -Misconfigurations are displayed on the [Misconfigurations Explorer][1]. Aggregate misconfigurations by rule using the **Group by** filters and query search bar. For example, filtering by `evaluation:fail` narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation. +Misconfigurations are displayed on the [Misconfigurations explorer][1]. Aggregate misconfigurations by rule using the **Group by** filters and query search bar. For example, filtering by `evaluation:fail` narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation. -{{< img src="security/csm/explorers_page.png" alt="CSM Misconfigurations Explorer page" style="width:100%;">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Misconfigurations explorer page" style="width:100%;">}} Select a misconfiguration to view the resources that have been evaluated by the rule, the rule description, its framework or industry benchmark mappings, and suggested remediation steps. {{< img src="security/cspm/findings/finding-side-panel3.png" alt="A list of impacted resources in the side panel" style="width:65%;">}} -Group by **Resources** on the Security Findings Explorer and select a resource to see the full list of compliance rules that were evaluated against the resource, along with their statuses. +Group findings by **Resources** and select a resource to see the full list of compliance rules that were evaluated against the resource, along with their statuses. {{< img src="security/cspm/findings/resource-rules-evaluated2.png" alt="Group and aggregate by resource in search" style="width:65%;">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md index 0e03039299733..76320837b0b73 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md @@ -5,13 +5,13 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" --- -To export the list of misconfigurations from the [Misconfigurations Explorer][1] as a CSV, click **Download as CSV** on the Misconfigurations Explorer, select the maximum number of misconfigurations to export, and then click **Download as CSV**. You can export up to a maximum of 50,000 misconfigurations. +To export the list of misconfigurations from the [Misconfigurations explorer][1] as a CSV, click **Download as CSV**, select the maximum number of misconfigurations to export, and then click **Download as CSV**. You can export up to a maximum of 50,000 misconfigurations. {{< img src="security/cspm/findings/export-csv.png" alt="The Export Misconfigurations as CSV dialog box with option to specify the maximum number of misconfigurations to export" style="width:65%;">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md index 03fd8b9e4c86f..fb12e695f76c2 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md @@ -7,20 +7,20 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" --- -CSM Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. +Cloud Security Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. ## View your compliance posture -View a high-level overview of your compliance posture for each framework on the CSM Misconfigurations [Compliance][20] page. Click a framework to see a [detailed report](#explore-compliance-framework-reports) that gives you insight into how your configuration scores against the framework's requirements and rules. +View a high-level overview of your compliance posture for each framework on the Cloud Security Misconfigurations [Compliance][20] page. Click a framework to see a [detailed report](#explore-compliance-framework-reports) that gives you insight into how your configuration scores against the framework's requirements and rules. - **Star**: Pin a framework to the top of your table. - **Score**: The [posture score][3] for the rules in the given framework. @@ -31,7 +31,7 @@ View a high-level overview of your compliance posture for each framework on the - **Explore Resources**: A filtered view of the **Misconfigurations** page that shows resources with misconfigurations for the selected framework. - **Configure Rules**: Customize how your environment is scanned and set notification targets by modifying the compliance rules for each framework. -{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_3.png" alt="The compliance reports section of the CSM Misconfigurations Compliance page provides a high-level overview of your compliance posture" style="width:100%;">}} +{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_3.png" alt="The compliance reports section of the Cloud Security Misconfigurations Compliance page provides a high-level overview of your compliance posture" style="width:100%;">}} ## Explore compliance framework reports diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index ab241bff2f753..1b3cf0c1eb5e5 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -5,10 +5,10 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" @@ -17,9 +17,9 @@ further_reading: text: "Securing Datadog's cloud infrastructure: Our playbook and methodology" --- -With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security Management (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. +With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. -1. On the [CSM Compliance page][6], click **Create Framework**. +1. On the [Cloud Security Compliance page][6], click **Create Framework**. 1. Enter the following details: - **Framework name**: The name of your framework. Can include characters, numbers, and spaces. Must be at least five characters long. - **Handle**: The tag name for the custom framework. Can include lowercase letters, numbers, dashes, underscores, and periods. This value is used to query the framework in the explorer or in dashboards. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 581b717c73d9e..2a54cb832e58a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -6,10 +6,10 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" @@ -18,7 +18,7 @@ further_reading: text: "Datadog Security extends compliance and threat protection capabilities for Google Cloud" --- -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: +Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|------------------------|-------------------------------------|--------------------------| @@ -55,7 +55,7 @@ CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules **Notes**: -- CSM Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). CSM Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use CSM Misconfigurations in consultation with your legal counsel or compliance experts. +- Cloud Security Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). Cloud Security Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use Cloud Security Misconfigurations in consultation with your legal counsel or compliance experts. - The compliance rules for the CIS benchmarks follow the CIS automated recommendations. If you're obtaining CIS certification, Datadog recommends also reviewing the manual recommendations as part of your overall security assessment. - Datadog also provides Essential Cloud Security Controls, a set of recommendations developed by Datadog internal security experts. Based on common cloud security risks observed by Datadog, this ruleset aims to help users that are new to cloud security remediate high-impact misconfigurations across their cloud environments. diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index b4060bfc9e4bb..da962e08b9022 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -5,20 +5,20 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration detection rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration detection rules" - link: "/security/misconfigurations/custom_rules" tag: "Documentation" text: "Create Custom Rules" --- -Kubernetes Security Posture Management (KSPM) for Cloud Security Management (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). +Kubernetes Security Posture Management (KSPM) for Cloud Security helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). ## Setting up KSPM To take full advantage of KSPM, you must install both the Datadog Agent and cloud integrations. For detailed instructions, see the following articles: -- CSM Enterprise ([Agent][14] and [cloud integrations][15]) -- CSM Pro ([Agent][12] and [cloud integrations][13]) +- Cloud Security Enterprise ([Agent][14] and [cloud integrations][15]) +- Cloud Security Pro ([Agent][12] and [cloud integrations][13]) This allows Datadog to detect risks in your Kubernetes deployments for each of the following resource types: @@ -36,9 +36,9 @@ This allows Datadog to detect risks in your Kubernetes deployments for each of t ## Monitor risk across Kubernetes deployments -With KSPM, Datadog scans your environment for risks defined by more than 50+ out-of-the-box Kubernetes detection rules. When at least one case defined in a rule is matched over a given period of time, [a notification alert is sent][6], and a finding is generated in the [Misconfigurations Explorer][11]. +With KSPM, Datadog scans your environment for risks defined by more than 50+ out-of-the-box Kubernetes detection rules. When at least one case defined in a rule is matched over a given period of time, [a notification alert is sent][6], and a finding is generated in the [Misconfigurations explorer][11]. -Each finding contains the context you need to identify the issue's impact, such as the full resource configuration, resource-level tags, and a map of the resource's relationships with other components of your infrastructure. After you understand the problem and its impact, you can start remediating the issue by [creating a Jira ticket][7] from within CSM or by [executing a pre-defined workflow][8]. +Each finding contains the context you need to identify the issue's impact, such as the full resource configuration, resource-level tags, and a map of the resource's relationships with other components of your infrastructure. After you understand the problem and its impact, you can start remediating the issue by [creating a Jira ticket][7] from within Cloud Security or by [executing a pre-defined workflow][8]. **Note**: You can also use the [API to programmatically interact with findings][10]. @@ -46,7 +46,7 @@ Each finding contains the context you need to identify the issue's impact, such ## Assess your Kubernetes security posture against industry-standard frameworks -CSM provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. +Cloud Security provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. For an in-depth explanation on how the security posture score works, see [Security posture score][3]. diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index aa25657578a03..1a8fc5252d97a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -11,16 +11,13 @@ further_reading: - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about supported frameworks and industry benchmarks" -- link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" ---
Due to changes in how notification rules are configured, cloud configuration and infrastructure configuration signals will be deprecated in early 2025.
## Overview -In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations Explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [CSM Threats][3]. +In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [Workload Protection][3]. ## Reduce alert fatigue with security posture signals diff --git a/content/en/security/cloud_security_management/review_remediate/_index.md b/content/en/security/cloud_security_management/review_remediate/_index.md index 38ebd3a1c4628..e96570e570284 100644 --- a/content/en/security/cloud_security_management/review_remediate/_index.md +++ b/content/en/security/cloud_security_management/review_remediate/_index.md @@ -4,7 +4,7 @@ disable_toc: true --- {{< whatsnext desc="" >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/review_remediate/workflows" >}}Automate Security Workflows with Workflow Automation{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Management Issues{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Issues{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index ec68565f557f1..e21b93a7ff0a1 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -1,44 +1,44 @@ --- -title: Create Jira Issues for Cloud Security Management Issues +title: Create Jira Issues for Cloud Security Issues further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Cloud Security Guides - link: "/integrations/jira/" tag: "Documentation" text: Datadog Jira Integration aliases: - /security/cloud_security_management/guide/jira products: - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security Management (CSM) security issue. Jira for Cloud Security Management is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security security issue. Jira for Cloud Security is available for [Cloud Security Misconfigurations][3] and [Cloud Security Identity Risks][4]. **Notes**: -- To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. +- To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security. - At this time, you can create only one Jira issue per finding. ## Configure the Jira integration -To create Jira issues for CSM security issues, you must configure the [Jira integration][5]. For detailed instructions, see the [Jira][1] integration docs. +To create Jira issues for Cloud Security security issues, you must configure the [Jira integration][5]. For detailed instructions, see the [Jira][1] integration docs. ## Create a Jira issue for impacted resources {{< tabs >}} -{{% tab "CSM Misconfigurations" %}} +{{% tab "Cloud Security Misconfigurations" %}} To create a Jira issue for one or more resources impacted by a misconfiguration: -1. On the [Misconfigurations Explorer][1], select a misconfiguration. +1. On the [Misconfigurations explorer][1], select a misconfiguration. 2. Under **Resources Impacted**, select one or more findings. 3. On the **Actions** dropdown menu that appears on top, select **Create Jira Issue**. 4. Choose whether to create a single issue or multiple issues (one issue for each resource). @@ -49,7 +49,7 @@ To create a Jira issue for one or more resources impacted by a misconfiguration: You can also create a Jira issue from the standalone issue side panel. -1. On the [Misconfigurations Explorer][1], set the Group By filter to **Resources**. +1. On the [Misconfigurations explorer][1], set the Group By filter to **Resources**. 2. Select a resource. 3. On the **Misconfigurations** tab, select a misconfiguration. 4. Click **Create Jira Issue**. @@ -64,11 +64,11 @@ After you create the issue, a link to the Jira issue is displayed on the side pa {{% /tab %}} -{{% tab "CSM Identity Risks" %}} +{{% tab "Cloud Security Identity Risks" %}} To create a Jira issue for one or more resources impacted by an identity risk: -1. On the [Identity Risks Explorer][1], select an identity risk. +1. On the [Identity Risks explorer][1], select an identity risk. 2. Under **Resources Impacted**, select one or more findings. 3. On the **Actions** dropdown menu that appears on top, select **Create Jira Issue**. 4. Choose whether to create a single issue or multiple issues (one issue for each resource). @@ -79,7 +79,7 @@ To create a Jira issue for one or more resources impacted by an identity risk: You can also create a Jira issue from the standalone issue side panel. -1. On the [Identity Risks Explorer][1], set the Group By filter to **Resources**. +1. On the [Identity Risks explorer][1], set the Group By filter to **Resources**. 2. Select a resource. 3. On the **Misconfigurations** tab, select an identity risk. 4. Click **Create Jira Issue**. diff --git a/content/en/security/cloud_security_management/review_remediate/mute_issues.md b/content/en/security/cloud_security_management/review_remediate/mute_issues.md index 71053fbafcba8..ab641aa90e2fc 100644 --- a/content/en/security/cloud_security_management/review_remediate/mute_issues.md +++ b/content/en/security/cloud_security_management/review_remediate/mute_issues.md @@ -1,5 +1,5 @@ --- -title: Mute Issues in Cloud Security Management +title: Mute Issues in Cloud Security further_reading: - link: "security/default_rules" tag: "Documentation" @@ -7,10 +7,10 @@ further_reading: aliases: - /security/cloud_security_management/mute_issues products: - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- @@ -19,7 +19,7 @@ products: There may be times when a misconfiguration, issue, or identity risk doesn't match the use case for your business, or you choose to accept it as a known risk. To ignore them, you can mute the underlying misconfiguration, issue, or identity risk for the impacted resources. -For example, the CSM Misconfigurations rule ['Block Public Access' feature is enabled for S3 bucket][1] evaluates whether an S3 bucket is publicly accessible. If you have an S3 bucket with static assets that are meant to be publicly shared, you can mute the misconfiguration for the S3 bucket. +For example, the Cloud Security Misconfigurations rule ['Block Public Access' feature is enabled for S3 bucket][1] evaluates whether an S3 bucket is publicly accessible. If you have an S3 bucket with static assets that are meant to be publicly shared, you can mute the misconfiguration for the S3 bucket. **Note**: Muting a misconfiguration removes it from the calculation of your posture score. diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 701d2e6197b39..86e0e9bb85a22 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -3,20 +3,20 @@ title: Automate Security Workflows with Workflow Automation further_reading: - link: "/security/cloud_security_management" tag: "Documentation" - text: Cloud Security Management + text: Cloud Security - link: "/service_management/workflows/" tag: "Documentation" text: Workflow Automation aliases: - /security/cloud_security_management/workflows products: - - name: CSM Threats + - name: Workload Protection url: /security/threats/ icon: cloud-security-management - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- @@ -29,7 +29,7 @@ products: [Datadog Workflow Automation][1] allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools. -Use Workflow Automation with [Cloud Security Management (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). +Use Workflow Automation with [Cloud Security][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). ## Understanding how triggers and sources work diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 007a3731effc9..dd51b0adb9ee0 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management +title: Setting up Cloud Security aliases: - /security_platform/cloud_workload_security/getting_started - /security/cloud_workload_security/getting_started @@ -23,12 +23,12 @@ further_reading: text: "AWS Fargate Configuration Guide for Datadog Security" - link: "/security/cloud_security_management/guide/agent_variables/" tag: "Guide" - text: "Cloud Security Management Agent Variables" + text: "Cloud Security Agent Variables" --- ## Overview -To get started with Cloud Security Management (CSM), review the following: +To get started with Cloud Security, review the following: - [Overview](#overview) - [Enable Agentless Scanning](#enable-agentless-scanning) @@ -38,18 +38,18 @@ To get started with Cloud Security Management (CSM), review the following: - [IaC scanning](#iac-scanning) - [IaC remediation](#iac-remediation) - [Deploy via cloud integrations](#deploy-via-cloud-integrations) -- [Disable CSM](#disable-csm) +- [Disable Cloud Security](#disable-cloud-security) - [Further reading](#further-reading) ## Enable Agentless Scanning -The simplest way to get started with Cloud Security Management is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. +The simplest way to get started with Cloud Security is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. -To learn more about Agentless Scanning, see [Cloud Security Management Agentless Scanning][2]. +To learn more about Agentless Scanning, see [Cloud Security Agentless Scanning][2]. ## Deploy the Agent for additional coverage -For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security Management on the Agent][3]. +For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security on the Agent][3].
@@ -61,13 +61,13 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to - + - + @@ -79,7 +79,7 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to - + @@ -97,7 +97,7 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to - + @@ -120,26 +120,26 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to ### AWS CloudTrail Logs -Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security Management][4]. +Maximize the benefits of [Cloud Security Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security][4]. ### IaC scanning -Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security Management][10]. +Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security][10]. ### IaC remediation -Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security Management][5]. +Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security][5]. ### Deploy via cloud integrations -Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security Management via Cloud Integrations][7]. +Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security via Cloud Integrations][7]. -## Disable CSM +## Disable Cloud Security -For information on disabling CSM, see the following: +For information on disabling Cloud Security, see the following: -- [Disable CSM Vulnerabilities][8] -- [Disable CSM Threats][9] +- [Disable Cloud Security Vulnerabilities][8] +- [Disable Workload Protection][9] ## Further reading @@ -152,6 +152,6 @@ For information on disabling CSM, see the following: [5]: /security/cloud_security_management/setup/iac_remediation [6]: /security/cloud_security_management/identity_risks [7]: /security/cloud_security_management/setup/cloud_accounts -[8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities +[8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities [9]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats [10]: /security/cloud_security_management/setup/iac_scanning \ No newline at end of file diff --git a/content/en/security/cloud_security_management/setup/agent/_index.md b/content/en/security/cloud_security_management/setup/agent/_index.md index 7841b87598b99..6ac1eb6632517 100644 --- a/content/en/security/cloud_security_management/setup/agent/_index.md +++ b/content/en/security/cloud_security_management/setup/agent/_index.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management on the Agent +title: Deploying Cloud Security on the Agent type: multi-code-lang aliases: - /security/cloud_security_management/setup/csm_cloud_workload_security/agent @@ -7,7 +7,7 @@ aliases: - /security/cloud_security_management/setup/csm_enterprise/agent --- -Use the following instructions to enable Cloud Security Management features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. +Use the following instructions to enable Cloud Security features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. {{< partial name="security-platform/CSW-billing-note.html" >}} diff --git a/content/en/security/cloud_security_management/setup/agent/docker.md b/content/en/security/cloud_security_management/setup/agent/docker.md index c7e358398cded..d495ec05c6763 100644 --- a/content/en/security/cloud_security_management/setup/agent/docker.md +++ b/content/en/security/cloud_security_management/setup/agent/docker.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Docker +title: Setting up Cloud Security on Docker code_lang: docker type: multi-code-lang code_lang_weight: 65 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md index c6ee9a3727f65..5cfbc387fa54c 100644 --- a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md +++ b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on ECS EC2 +title: Setting up Cloud Security on ECS EC2 code_lang: ecs_ec2 type: multi-code-lang code_lang_weight: 70 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/kubernetes.md b/content/en/security/cloud_security_management/setup/agent/kubernetes.md index 65438f39dd801..5fac5efd128ac 100644 --- a/content/en/security/cloud_security_management/setup/agent/kubernetes.md +++ b/content/en/security/cloud_security_management/setup/agent/kubernetes.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Kubernetes +title: Setting up Cloud Security on Kubernetes code_lang: kubernetes type: multi-code-lang code_lang_weight: 60 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/linux.md b/content/en/security/cloud_security_management/setup/agent/linux.md index 0bf00bec067e2..815b65b1150bf 100644 --- a/content/en/security/cloud_security_management/setup/agent/linux.md +++ b/content/en/security/cloud_security_management/setup/agent/linux.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Linux +title: Setting up Cloud Security on Linux code_lang: linux type: multi-code-lang code_lang_weight: 80 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/windows.md b/content/en/security/cloud_security_management/setup/agent/windows.md index 727b62b1826ac..8964fde4cc770 100644 --- a/content/en/security/cloud_security_management/setup/agent/windows.md +++ b/content/en/security/cloud_security_management/setup/agent/windows.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Windows +title: Setting up Cloud Security on Windows code_lang: windows type: multi-code-lang code_lang_weight: 75 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index 930dce39c81d4..54fd2a9819219 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -1,19 +1,16 @@ --- -title: Cloud Security Management Agentless Scanning +title: Cloud Security Agentless Scanning aliases: - /security/agentless_scanning - /security/cloud_security_management/agentless_scanning further_reading: - - link: "https://www.datadoghq.com/blog/agentless-scanning/" - tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "/security/vulnerabilities" tag: "Documentation" - text: "Read more about CSM Vulnerabilities" + text: "Read more about Cloud Security Vulnerabilities" --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview @@ -30,7 +27,7 @@ The following diagram illustrates how Agentless Scanning works: 1. Datadog schedules a scan and sends which resources to scan through Remote Configuration. - **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security Management enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. + **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. 2. For Lambda functions, the scanners fetch the function's code. 3. The scanner creates snapshots of volumes used in running VM instances. These snapshots serve as the basis for conducting scans. Using the snapshots, or the code, the scanner generates a list of packages. @@ -70,11 +67,11 @@ To further mitigate this risk, Datadog implements the following security measure When installed, the Datadog Agent offers real-time, deep visibility into risks and vulnerabilities that exist in your cloud workloads. It is recommended to fully install the Datadog Agent. -As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security Management offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. +As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. The following diagram illustrates how Agentless scanning works with existing Agent installations: -{{< img src="/security/agentless_scanning/agentless_existing.png" alt="Diagram showing how Agentless scanning works when the Agent is already installed with CSM vulnerability management" width="90%" >}} +{{< img src="/security/agentless_scanning/agentless_existing.png" alt="Diagram showing how Agentless scanning works when the Agent is already installed with Cloud Security vulnerability management" width="90%" >}} ## Cloud Storage scanning @@ -86,7 +83,7 @@ If you have [Sensitive Data Scanner][8] enabled, you can catalog and classify se Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners][1] in your cloud environments. These scanning instances retrieve a list of all S3 buckets and RDS instances through [Remote Configuration][10], and have set instructions to scan text files—such as CSVs and JSONs—and tables in every datastore over time. Sensitive Data Scanner leverages its [entire rules library][11] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. Data stores and their files are only read in your environment—no sensitive data is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security. ## Cloud service provider cost diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md index d46c77e3de13f..64cd521e31a84 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Cloud Security Agentless Scanning" --- There are two recommended ways to deploy Agentless scanners in your environment, either using cross-account scanning, or same account scanning. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md index d5f879799bdc3..1577a70958e81 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md @@ -10,14 +10,14 @@ aliases: further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Cloud Security Agentless Scanning" --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} Agentless Scanning provides visibility into vulnerabilities that exist within your cloud infrastructure, without requiring you to install the Datadog Agent. To learn more about Agentless Scanning's capabilities and how it works, see the [Agentless Scanning][12] docs. @@ -71,10 +71,10 @@ To enable Agentless Scanning, use one of the following workflows: ### Quick start -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. {{% collapse-content title="Quick start setup guide" level="h4" id="quick-start-setup" %}} -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security Management features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management.
This article provides instructions for the new user quick start workflow that uses AWS CloudFormation to set up Agentless Scanning. For existing users who want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, see the instructions for @@ -86,9 +86,9 @@ For existing users who want to add a new AWS account or enable Agentless Scannin ##### Installation -1. On the [Intro to Cloud Security Management][4] page, click **Get Started with Cloud Security Management**. +1. On the [Intro to Cloud Security][4] page, click **Get Started with Cloud Security**. 1. Click **Quick Start**. The **Features** page is displayed, showing the features included with Agentless Scanning Quick Start. -1. Click **Start Using Cloud Security Management** to continue. +1. Click **Start Using Cloud Security** to continue. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. 1. Choose whether to enable **Sensitive Data Scanner** for cloud storage. This automatically catalogs and classifies sensitive data in Amazon S3 resources. @@ -109,7 +109,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -126,14 +126,14 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud The [Terraform Datadog Agentless Scanner module][6] provides a simple and reusable configuration for installing the Datadog Agentless scanner. {{% collapse-content title="Terraform setup guide" level="h4" id="terraform-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. +If you've already [set up Cloud Security][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
{{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Under **Choose a method for adding your AWS account**, select **Manually**. 1. Follow the instructions for installing the [Datadog Agentless Scanner module][2]. @@ -148,7 +148,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > AWS**. 1. Click the **Edit scanning** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. **Enable Resource Scanning** should already be toggled on. If it isn't, toggle **Enable Resource Scanning** to the on position. 1. In the **How would you like to set up Agentless Scanning?** section, select **Terraform**. @@ -163,7 +163,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing Azure subscription" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > Azure**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > Azure**. 1. Expand the Tenant containing the subscription where you want to deploy the Agentless scanner. 1. Click the **Enable** button for the Azure subscription where you want to deploy the Agentless scanner. 1. Toggle **Vulnerability Scanning** to the on position. @@ -183,7 +183,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. @@ -210,9 +210,9 @@ For usage examples, refer to our [Github repository](https://github.com/DataDog/ Use the AWS CloudFormation template to create a CloudFormation stack. The template includes the IAM permissions required to deploy and manage Agentless scanners. {{% collapse-content title="AWS CloudFormation setup guide" level="h4" id="aws-cloudformation-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. +If you've already [set up Cloud Security][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -223,7 +223,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations** > **AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. @@ -236,7 +236,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations** > **AWS**. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. Verify that **Enable Resource Scanning** is toggled on. If it isn't, switch the **Enable Resource Scanning** toggle to the on position and complete Steps 3-7 in [New AWS Account][2]. 1. In the **Agentless Scanning** section, toggle **Enable Vulnerability Management (Host, Container and Lambda)** to the on position. @@ -264,7 +264,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -280,7 +280,7 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud Use the Azure Resource Manager template to deploy the Agentless Scanner. The template includes the role definitions required to deploy and manage Agentless scanners. {{% collapse-content title="Azure Resource Manager setup guide" level="h4" id="azure-resource-manager-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach. +If you've already [set up Cloud Security][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -309,7 +309,7 @@ Follow the instructions for setting up the [Datadog Azure integration][1]. ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **Azure**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **Azure**. 1. Locate your subscription's tenant, expand the list of subscriptions, and identify the subscription for which you want to disable Agentless Scanning. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloud_integrations.md b/content/en/security/cloud_security_management/setup/cloud_integrations.md index 589cf66da25a0..8298075a8a544 100644 --- a/content/en/security/cloud_security_management/setup/cloud_integrations.md +++ b/content/en/security/cloud_security_management/setup/cloud_integrations.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management via Cloud Integrations +title: Deploying Cloud Security via Cloud Integrations aliases: - /security/cloud_security_management/setup/csm_enterprise/cloud_accounts - /security/cloud_security_management/setup/csm_pro/cloud_accounts @@ -10,7 +10,7 @@ Use the following instructions to enable Misconfigurations and Identity Risks (C ## Enable resource scanning -To enable resource scanning for your cloud accounts, you must first set up the integration and then enable CSM for each AWS account, Azure subscription, and Google Cloud project. +To enable resource scanning for your cloud accounts, you must first set up the integration and then enable Cloud Security for each AWS account, Azure subscription, and Google Cloud project. {{< partial name="security-platform/CSW-billing-note.html" >}} @@ -42,7 +42,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To stop resource collection for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and switch the **Enable Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -53,7 +53,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **Azure** section. 1. To stop resource collection for a subscription, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -64,7 +64,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **GCP** section. 1. To stop resource collection for a project, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md index de44db7a5602a..c52a7bb623712 100644 --- a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md +++ b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md @@ -1,8 +1,8 @@ --- -title: Setting up AWS CloudTrail Logs for Cloud Security Management +title: Setting up AWS CloudTrail Logs for Cloud Security --- -Set up AWS CloudTrail Logs to get the most out of [CSM Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. +Set up AWS CloudTrail Logs to get the most out of [Cloud Security Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. ## Set up AWS integration using CloudFormation diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index 91b3836dac768..9cb05981a86a5 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -1,20 +1,20 @@ --- -title: Setting up IaC Remediation for Cloud Security Management +title: Setting up IaC Remediation for Cloud Security aliases: - /security/cloud_security_management/setup/source_code_integrations further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: "CSM Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks" tag: "Guide" - text: "CSM Identity Risks" + text: "Cloud Security Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security Management (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security. IaC remediation is available for [Cloud Security Misconfigurations][1] and [Cloud Security Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
@@ -29,7 +29,7 @@ Follow [the instructions][3] for creating a GitHub app for your organization. After you set up the GitHub integration, enable IaC remediation for the repositories in your GitHub account. -1. On the [CSM Setup page][4], expand the **Source Code Integrations** section. +1. On the [Cloud Security Setup page][4], expand the **Source Code Integrations** section. 2. Click **Configure** for the GitHub account you want to configure. 3. To enable IaC: - All repositories: Toggle **Enable Infrastructure as Code (IaC) Remediation** to the on position. diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 07cdc54ec0a08..4ff44cb7de5a2 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -1,22 +1,22 @@ --- -title: Setting up IaC Scanning for Cloud Security Management +title: Setting up IaC Scanning for Cloud Security further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: "CSM Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks" tag: "Guide" - text: "CSM Identity Risks" + text: "Cloud Security Identity Risks" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security Management (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security. IaC scanning is available for [Cloud Security Misconfigurations][1] and [Cloud Security Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
@@ -31,7 +31,7 @@ Follow [the instructions][3] for creating a GitHub app for your organization. After you set up the GitHub integration, enable IaC scanning for the repositories in your GitHub account. -1. On the [CSM Setup page][4], expand the **Source Code Integrations** section. +1. On the [Cloud Security Setup page][4], expand the **Source Code Integrations** section. 2. Click **Configure** for the GitHub account you want to configure. 3. To enable IaC: - All repositories: Toggle **Enable Infrastructure as Code (IaC) Scanning** to the on position. diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md index c8b32f26ba22d..1f5a4fe87d673 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md @@ -6,7 +6,7 @@ further_reading: text: "IaC Scanning" - link: "/security/cloud_security_management/setup/iac_scanning" tag: "Documentation" - text: "Setting up IaC Scanning for Cloud Security Management" + text: "Setting up IaC Scanning for Cloud Security" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} diff --git a/content/en/security/cloud_security_management/setup/supported_deployment_types.md b/content/en/security/cloud_security_management/setup/supported_deployment_types.md index 64b7c5b72d811..3e26768549d7c 100644 --- a/content/en/security/cloud_security_management/setup/supported_deployment_types.md +++ b/content/en/security/cloud_security_management/setup/supported_deployment_types.md @@ -4,37 +4,37 @@ title: Cloud Security Supported Deployment Types {{< partial name="security-platform/CSW-billing-note.html" >}} -The following table summarizes the CSM features available relative to each deployment type. +The following table summarizes the Cloud Security features available relative to each deployment type. -| Deployment type | Agent Required (7.46+) | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless Scanning | -|---------------------|------------------------|-----------------------|-------------|------------------------------|--------------------|------------------------| -| AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | -| Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | -| GCP Account | | {{< X >}} | | | | | -| Terraform | | | | | | {{< X >}} | -| Docker | {{< X >}} | {{< X >}} | {{< X >}} | | | | -| Kubernetes | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Linux | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Amazon ECS/EKS | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Windows | {{< X >}} | | {{< X >}} | {{< X >}} | | | -| AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | +| Deployment type | Agent Required (7.46+) | Misconfigurations | Workload Protection | Vulnerabilities | Identity Risks | Agentless Scanning | +|---------------------|------------------------|-------------------|---------------------|------------------------------|----------------|--------------------| +| AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | +| Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | +| GCP Account | | {{< X >}} | | | | | +| Terraform | | | | | | {{< X >}} | +| Docker | {{< X >}} | {{< X >}} | {{< X >}} | | | | +| Kubernetes | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Linux | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Amazon ECS/EKS | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Windows | {{< X >}} | | {{< X >}} | {{< X >}} | | | +| AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | -The following table summarizes the scope of coverage available relative to each CSM feature. -| Resources monitored | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless scanning | -|---------------------------------|-----------------------|-------------|---------------------|--------------------|------------------------| -| Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | -| Resources in Azure Subscription | {{< X >}} | | | | | -| Resources in GCP Project | {{< X >}} | | | | | -| Kubernetes Cluster | {{< X >}} | {{< X >}} | | | | -| Docker Host | {{< X >}} | | | | | -| Linux Host | {{< X >}} | {{< X >}} | {{< X >}} | | {{< X >}} | -| Windows Host | | {{< X >}} | {{< X >}} | | | -| Docker Container | | {{< X >}} | | | | -| Container Image | | | {{< X >}} | | {{< X >}} | -| IAM in AWS Account | | | | {{< X >}} | | +The following table summarizes the scope of coverage available relative to each Cloud Security feature. +| Resources monitored | Misconfigurations | Workload Protection | Vulnerabilities | Identity Risks | Agentless scanning | +|---------------------------------|-------------------|---------------------|-----------------|----------------|--------------------| +| Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | +| Resources in Azure Subscription | {{< X >}} | | | | | +| Resources in GCP Project | {{< X >}} | | | | | +| Kubernetes Cluster | {{< X >}} | {{< X >}} | | | | +| Docker Host | {{< X >}} | | | | | +| Linux Host | {{< X >}} | {{< X >}} | {{< X >}} | | {{< X >}} | +| Windows Host | | {{< X >}} | {{< X >}} | | | +| Docker Container | | {{< X >}} | | | | +| Container Image | | | {{< X >}} | | {{< X >}} | +| IAM in AWS Account | | | | {{< X >}} | | -**Note**: CSM Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. +**Note**: Cloud Security Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. -[1]: /security/cloud_security_management/setup/#csm-threats -[2]: /security/cloud_security_management/setup/#csm-vulnerabilities -[3]: /security/cloud_security_management/setup/#csm-identity-risks +[1]: /security/cloud_security_management/setup/#cloud-security-threats +[2]: /security/cloud_security_management/setup/#cloud-security-vulnerabilities +[3]: /security/cloud_security_management/setup/#cloud-security-identity-risks diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index 90f05937f82c9..30b689df1fed2 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -1,47 +1,47 @@ --- -title: Setting Up CSM without Infrastructure Monitoring +title: Setting Up Cloud Security without Infrastructure Monitoring --- -In addition to setting up Cloud Security Management (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. +In addition to setting up Cloud Security with or without an Agent, you can also set it up without Infrastructure Monitoring. -## Set up CSM on your AWS account +## Set up Cloud Security on your AWS account 1. Navigate to the [AWS Integration configuration page][2] in Datadog. -1. On the **Configuration** tab, select the account you want to enable CSM on. +1. On the **Configuration** tab, select the account you want to enable Cloud Security on. If you don't see the required account, add it by clicking **Add AWS Account(s)** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account number, navigate to the **Metric Collection** tab, then click the **disable metric collection** link. Then, click **Disable Metric Collection** to confirm. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, and a setup dialog automatically opens for the selected account. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, and a setup dialog automatically opens for the selected account. 1. On the setup dialog, switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. -## Set up CSM on your Azure subscription +## Set up Cloud Security on your Azure subscription 1. Navigate to the [Azure Integration configuration page][3] in Datadog. -1. Select the client ID or subscription you want to enable CSM on. +1. Select the client ID or subscription you want to enable Cloud Security on. If you don't see the required client ID, add it by clicking **Add New App Registration** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the **Metric Collection** tab, then turn off the **Enable Metric Collection** toggle. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. -## Set up CSM on your Google Cloud Platform account +## Set up Cloud Security on your Google Cloud Platform account 1. Navigate to the [Google Cloud Platform configuration page][4] in Datadog. -1. Select the service account you want to enable CSM on. +1. Select the service account you want to enable Cloud Security on. If you don't see the required account, add it by clicking **Add GCP Account** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account name, navigate to the **Metric Collection** tab. Then, above the Metric Collection table, click **Disable All**. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. [1]: /security/cloud_security_management/guide/resource_evaluation_filters/ [2]: https://app.datadoghq.com/integrations/amazon-web-services diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 7ff68a05fe476..a9217e6e5ac82 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -3,20 +3,20 @@ title: Severity Scoring further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks/" tag: "Documentation" - text: "Understand your identity landscape with CSM Identity Risks" + text: "Understand your identity landscape with Cloud Security Identity Risks" - link: "/security/cloud_security_management/vulnerabilities/" tag: "Documentation" - text: "Learn more about CSM Vulnerabilities" + text: "Learn more about Cloud Security Vulnerabilities" --- -Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security Management (CSM) uses different measures of severity to calculate the scores. +Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security uses different measures of severity to calculate the scores. -## CSM severity scoring framework +## Cloud Security severity scoring framework -CSM Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. +Cloud Security Misconfigurations, Cloud Security Identity Risks, and Security Inbox misconfigurations use the Cloud Security severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. ### Likelihood @@ -86,7 +86,7 @@ To explain how the framework is used here are a few examples. The detection rule for [SNS Topic should have access restrictions set for subscription][1] checks if the SNS topic has a resource-based policy that contains a `Principal` of `*`, and an `Action` with the `sns:Subscribe` permission. This combination gives anyone the ability to subscribe to the SNS topic and receive its notifications. -Using the CSM severity scoring framework, the rule would be scored as follows: +Using the Cloud Security severity scoring framework, the rule would be scored as follows: - **Likelihood score**: Highly Probable - **Attack vector**: No Authorization @@ -102,7 +102,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: The detection rule for [EC2 instances should enforce IMDSv2][2] checks if an EC2 instance is using the Instance Metadata Service Version 1 ([IMDSv1][3]), which is vulnerable to common web application attacks. If exploited, an adversary can obtain access to the IAM credentials stored in the IMDS and use them to access resources in the AWS account. -Using the CSM severity scoring framework, the rule would be scored as follows: +Using the Cloud Security severity scoring framework, the rule would be scored as follows: - **Likelihood score**: Possible - **Attack vector**: Vulnerability @@ -116,7 +116,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: ## CVSS 3.1 -CSM Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: +Cloud Security Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: - Whether the underlying infrastructure is running and how wide-spread the impact is. - The environment in which the underlying infrastructure is running. For example, if the environment is not production, the severity is downgraded. diff --git a/content/en/security/cloud_security_management/troubleshooting/_index.md b/content/en/security/cloud_security_management/troubleshooting/_index.md index 67e997f465fcc..59c2314ea7bc9 100644 --- a/content/en/security/cloud_security_management/troubleshooting/_index.md +++ b/content/en/security/cloud_security_management/troubleshooting/_index.md @@ -1,11 +1,11 @@ --- -title: Cloud Security Management Troubleshooting +title: Cloud Security Troubleshooting disable_toc: true --- {{< whatsnext desc="Troubleshooting Guides" >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Cloud Security Management Threats{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Workload Protection{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Management Vulnerabilities{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Vulnerabilities{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 5a12c0d3f8a42..2528bac820585 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -1,15 +1,15 @@ --- -title: Troubleshooting Cloud Security Management Threats +title: Troubleshooting Workload Protection aliases: - /security_platform/cloud_workload_security/troubleshooting/ - /security_platform/cloud_security_management/troubleshooting/ further_reading: - link: "/security/cloud_security_management/troubleshooting/vulnerabilities" tag: "Documentation" - text: "Troubleshooting CSM Vulnerabilities" + text: "Troubleshooting Cloud Security Vulnerabilities" --- -If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Workload Protection, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare @@ -19,7 +19,7 @@ The flare asks for confirmation before upload, so you may review the content bef In the commands below, replace `` with your Datadog support case ID if you have one, then enter the email address associated with it. -If you don't have a case ID, just enter your email address used to login in Datadog to create a new support case. +If you don't have a case ID, enter your email address used to login in Datadog to create a new support case. | Platform | Command | | -------- | ------- | @@ -29,7 +29,7 @@ If you don't have a case ID, just enter your email address used to login in Data ## Agent Self tests -In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Cloud Security Management Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: +In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Workload Protection is able to detect system events, you can manually trigger self tests by running the following command: | Platform | Command | | -------- | ------- | @@ -50,18 +50,18 @@ You can now see events coming from the `runtime-security-agent` in the Log Explo ## Compatibility with custom Kubernetes network plugins -The network based detections of CSM Threats rely on the traffic control sub-system of the Linux kernel. This sub-system is known to introduce race conditions if multiple vendors try to insert, replace, or delete filters on the "clsact" ingress qdisc. Follow the checklist below to ensure that CSM Threats is properly configured: +The network based detections of Workload Protection rely on the traffic control sub-system of the Linux kernel. This sub-system is known to introduce race conditions if multiple vendors try to insert, replace, or delete filters on the "clsact" ingress qdisc. Follow the checklist below to ensure that Workload Protection is properly configured: * Check if your vendor leverages eBPF traffic control classifiers. If they do not, you can ignore this paragraph. * Check if your vendor returns TC_ACT_OK or TC_ACT_UNSPEC after granting access to a network packet. If they return TC_ACT_UNSPEC, you can ignore this paragraph. * Check which priority your vendor attaches their eBPF classifiers to: - * If they use priority 1, CSM Threats network detections do not work inside your containers. + * If they use priority 1, Workload Protection network detections do not work inside your containers. * If they use priority 2 to 10, make sure to configure `runtime_security_config.network.classifier_priority` to a number strictly below the priority chosen by your vendor. * If they use priority 11 or higher, you can ignore this paragraph. For example, there is a known race with Cilium 1.9 and lower with the Datadog Agent (version 7.36 to 7.39.1, 7.39.2 excluded) that may happen when a new pod is started. The race can lead to loss of connectivity inside the pod, depending on how Cilium is configured. -Ultimately, if the Datadog Agent or your third party vendors cannot be configured to prevent the issue from happening, you should disable the network based detections of CSM Threats by following the steps below: +Ultimately, if the Datadog Agent or your third party vendors cannot be configured to prevent the issue from happening, you should disable the network based detections of Workload Protection by following the steps below: * Add the following parameter to your `system-probe.yaml` configuration file on host based installations: ```yaml @@ -81,9 +81,9 @@ datadog: ```bash DD_RUNTIME_SECURITY_CONFIG_NETWORK_ENABLED=false ``` -## Disable CSM Threats +## Disable Workload Protection -To disable CSM Threats, follow the steps for your Agent platform. +To disable Workload Protection, follow the steps for your Agent platform. ### Helm @@ -113,7 +113,7 @@ DD_RUNTIME_SECURITY_CONFIG_ENABLED=false Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime config: -1. Disable CSM in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +1. Disable Workload Protection in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="system-probe.yaml" disable_copy="false" collapsible="true" >}} ########################################## @@ -126,7 +126,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime runtime_security_config: ## @param enabled - boolean - optional - default: false - ## Set to true to enable full CSM. + ## Set to true to enable full Workload Protection. # enabled: false @@ -139,7 +139,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime # # socket: /opt/datadog-agent/run/runtime-security.sock {{< /code-block >}} -2. Disable CSM in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +2. Disable Workload Protection in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="security-agent.yaml" disable_copy="false" collapsible="true" >}} ########################################## diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index 9300532c3e6b6..ead4f8d5da118 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -1,11 +1,11 @@ --- -title: Troubleshooting Cloud Security Management Vulnerabilities +title: Troubleshooting Cloud Security Vulnerabilities aliases: - /security/vulnerabilities/troubleshooting/ further_reading: - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/setup/csm_enterprise/?tab=aws#hosts" tag: "Documentation" text: "Setting up host vulnerabilities" @@ -16,7 +16,7 @@ further_reading: ## Overview -If you experience issues with Cloud Security Management (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Error messages @@ -61,7 +61,7 @@ unable to mount containerd image, err: unable to scan image named: {image-name}, The workaround for this issue is to disable image streaming in GKE. For more information, see the [Disable Image streaming][5] section of the GKE docs. -## Disable CSM Vulnerabilities +## Disable Cloud Security Vulnerabilities In the `datadog-values.yaml` file for the Agent, set the following configuration settings to `false`: diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index bd4fd37b965e9..3e4a875346fa6 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -1,12 +1,12 @@ --- -title: Cloud Security Management Vulnerabilities +title: Cloud Security Vulnerabilities aliases: - /security/infrastructure_vulnerabilities/ - /security/vulnerabilities/ further_reading: - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/setup/csm_enterprise/?tab=aws#hosts" tag: "Documentation" text: "Setting up host vulnerabilities" @@ -15,26 +15,23 @@ further_reading: text: "Viewing Container Images" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities" tag: "Documentation" - text: "Troubleshooting CSM Vulnerabilities" -- link: "https://www.datadoghq.com/blog/csm-vulnerability-management/" - tag: "Blog" - text: "Mitigate infrastructure vulnerabilities with Datadog Cloud Security Management" + text: "Troubleshooting Cloud Security Vulnerabilities" - link: "https://www.datadoghq.com/blog/datadog-container-image-view/" tag: "Blog" text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" --- {{< site-region region="gov" >}} -
Cloud Security Management Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). +
Cloud Security Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). Request access by filling this form.
{{< /site-region >}} ## Overview -Cloud Security Management Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. +Cloud Security Vulnerabilities helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. -With CSM Vulnerabilities, you can manage your cloud security management strategy, all in one place: +With Cloud Security Vulnerabilities, you can manage your cloud security management strategy, all in one place: - Create a vulnerability management program, from CI/CD pipelines to production resources - Pass compliance audits (such as SOC2, PCI, HIPAA, CIS, and FedRamp) @@ -67,13 +64,13 @@ Explore reports ## Deployment methods -Get started with CSM Vulnerabilities and cover your infrastructure in minutes, using: +Get started with Cloud Security Vulnerabilities and cover your infrastructure in minutes, using: - [Agentless Scanning][11] - [Unified Datadog Agent][12] You can also use both deployment methods to use the unified Datadog Agent where you already have it deployed, and Agentless elsewhere. -After you've enabled it, Datadog starts scanning your resources continuously, and starts reporting prioritized vulnerabilities in your [CSM Vulnerability Explorer][1] within an hour. +After you've enabled it, Datadog starts scanning your resources continuously, and starts reporting prioritized vulnerabilities in your [Cloud Security Vulnerabilities explorer][1] within an hour. Use these tables to decide which solution to start with: | Feature | Agentless | Unified Datadog Agent | @@ -91,19 +88,19 @@ Use these tables to decide which solution to start with: | Serverless | AWS Lambda | Not applicable | | Container registries | Amazon ECR | Not applicable | -For more information on compatibility, see [CSM Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com. +For more information on compatibility, see [Cloud Security Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com. ## Continuously detect, prioritize, and remediate exploitable vulnerabilities -The [CSM Vulnerabilities Explorer][1] helps you investigate vulnerabilities detected across your container images, host images, running hosts, and serverless functions using filtering and grouping capabilities. +The [Cloud Security Vulnerabilities explorer][1] helps you investigate vulnerabilities detected across your container images, host images, running hosts, and serverless functions using filtering and grouping capabilities. Focus on exploitable vulnerabilities first, using the Datadog Severity Score, combining the base CVSS score with many risk factors, including sensitive data, environment sensitivity, exposure to attacks, exploit availability, or threat intelligence sources. -For vulnerabilities with available fixes, the Explorer provides guided remediation steps to assist Dev and Ops teams in resolving issues more quickly and effectively. You can also triage, mute, comment, and assign vulnerabilities to manage their lifecycle. +For vulnerabilities with available fixes, the explorer provides guided remediation steps to assist Dev and Ops teams in resolving issues more quickly and effectively. You can also triage, mute, comment, and assign vulnerabilities to manage their lifecycle. -{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The CSM Vulnerability Explorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} +{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerabilities Explorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} ## Automation and Jira integration -Make CSM Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: +Make Cloud Security Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: - Get alerted upon detection of an exploitable vulnerability for your scope - Automatically create Jira tickets - Configure SLAs to remediate vulnerabilities @@ -111,9 +108,9 @@ Make CSM Vulnerabilities part of your daily workflow by setting up [security not {{< img src="security/vulnerabilities/csm-notifications.png" alt="The notification rule setup screen" width="100%">}} ## Tracking and reporting -Use the out-of-the-box [CSM Vulnerabilities dashboard][18] to track and report progress to stakeholders. Clone and modify it as needed to fit your unique needs. +Use the out-of-the-box [Cloud Security Vulnerabilities dashboard][18] to track and report progress to stakeholders. Clone and modify it as needed to fit your unique needs. -{{< img src="security/vulnerabilities/csm-vm-reporting.png" alt="The CSM Vulnerabilities dashboard" width="100%">}} +{{< img src="security/vulnerabilities/csm-vm-reporting.png" alt="The Cloud Security Vulnerabilities dashboard" width="100%">}} ## Explore infrastructure packages @@ -125,9 +122,9 @@ Quickly assess the impact of a critical emerging vulnerability by searching for ## Video walkthrough -The following video provides an overview of how to enable and use CSM Vulnerabilities: +The following video provides an overview of how to enable and use Cloud Security Vulnerabilities: -{{< img src="security/csm/how-to-use-csm-vulnerabilities.mp4" alt="Video that provides an overview of how to install and use CSM Vulnerabilities" video=true >}} +{{< img src="security/csm/how-to-use-csm-vulnerabilities.mp4" alt="Video that provides an overview of how to install and use Cloud Security Vulnerabilities" video=true >}} [1]: https://app.datadoghq.com/security/csm/vm [2]: https://app.datadoghq.com/containers/images diff --git a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md index d789fe45152f2..47c28074abed3 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md +++ b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md @@ -1,10 +1,10 @@ --- -title: CSM Vulnerabilities Hosts and Containers Compatibility +title: Cloud Security Vulnerabilities Hosts and Containers Compatibility --- ## Operating systems -Cloud Security Management Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: +Cloud Security Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: | Operating System | Supported Versions | Package Managers / Source | Agentless support | Agent support | |--------------------------|-----------------------------------------------------|---------------------------|-------------------|-------------------| @@ -33,7 +33,7 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho ## Application libraries -Cloud Security Management Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: +Cloud Security Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: | Language | Supported Package Manager | Supported Files | Agentless support | Agent support | |----------|---------------------------|----------------------------------------------------------------------|-------------------|-------------------| diff --git a/content/en/security/cloud_siem/_index.md b/content/en/security/cloud_siem/_index.md index 1c1b7893455de..daed7a6e70ec4 100644 --- a/content/en/security/cloud_siem/_index.md +++ b/content/en/security/cloud_siem/_index.md @@ -39,7 +39,7 @@ further_reading: --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} ## Overview diff --git a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md index 5c5128c93a5f5..724924728d96a 100644 --- a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md +++ b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md @@ -24,7 +24,7 @@ As another example, you can create a signal by combining these two rules: And use the `expired account ID` attribute to correlate the two rules. -You can correlate log detection rules, as well as log detection rules with Cloud Security Management Threats and Application Security Management rules. +You can correlate log detection rules, as well as log detection rules with Workload Protection and App and API Protection rules. ## Create a Signal Correlation rule diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index a26825b5ce82c..da9f73e95c421 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -8,7 +8,7 @@ further_reading: ## Overview -[Cloud SIEM's Risk Insights][4] consolidates multiple data sources, such as SIEM threats and CSM insights, into a profile representing a single security entity, such as an IAM user. +[Cloud SIEM's Risk Insights][4] consolidates multiple data sources, such as SIEM threats and Cloud Security insights, into a profile representing a single security entity, such as an IAM user. With Risk Insights, you can: @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Cloud Security Management (CSM) insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Cloud Security insights in the entity panel, [Cloud Security must be configured][2]. ## Explore risk insights diff --git a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md index 5ba7eb580aac4..78d9e4784753a 100644 --- a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md +++ b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md @@ -21,7 +21,7 @@ The following examples are covered in this guide: * [Configure the default security filter to exclude certain logs](#add-an-exclusion) * [Create custom security filters to specify which log sources to analyze](#create-a-custom-filter) -**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. +**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Workload Protection (`source:runtime-security-agent`) and Cloud Security Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. ## Prerequisites diff --git a/content/en/security/code_security/iast/setup/compatibility/_index.md b/content/en/security/code_security/iast/setup/compatibility/_index.md index 2aa29e071f358..2a3f36b781a67 100644 --- a/content/en/security/code_security/iast/setup/compatibility/_index.md +++ b/content/en/security/code_security/iast/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- The following capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/code_security/iast/setup/dotnet.md b/content/en/security/code_security/iast/setup/dotnet.md index e72b4395a4b13..db137c99c2d65 100644 --- a/content/en/security/code_security/iast/setup/dotnet.md +++ b/content/en/security/code_security/iast/setup/dotnet.md @@ -95,7 +95,7 @@ ENV DD_IAST_ENABLED=true {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/code_security/iast/setup/nodejs.md b/content/en/security/code_security/iast/setup/nodejs.md index 620ff1a10d167..0f5bdbb621224 100644 --- a/content/en/security/code_security/iast/setup/nodejs.md +++ b/content/en/security/code_security/iast/setup/nodejs.md @@ -37,7 +37,7 @@ Follow these steps to enable Code Security in your service: ```shell node --require dd-trace/init app.js ``` - Then use environment variables to enable ASM: + Then use environment variables to enable AAP: ```shell DD_IAST_ENABLED=true node app.js ``` diff --git a/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md b/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md index 52d97d558e57f..649607501bf52 100644 --- a/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md +++ b/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md @@ -11,7 +11,7 @@ Before setting up runtime detection, ensure the following prerequisites are met: 1. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. 2. **Datadog Agent Installation:** The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment. 3. **Datadog APM Configuration:** Datadog APM is configured for your application or service, and web traces (`type:web`) are being received by Datadog. -4. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][2] page for each ASM product. +4. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][2] page for each AAP product. ## Software Composition Analysis enablement types diff --git a/content/en/security/code_security/troubleshooting/_index.md b/content/en/security/code_security/troubleshooting/_index.md index d2c4d9a5cb335..235e408c66579 100644 --- a/content/en/security/code_security/troubleshooting/_index.md +++ b/content/en/security/code_security/troubleshooting/_index.md @@ -168,8 +168,8 @@ There are a series of steps that must run successfully for vulnerability informa If you have enabled runtime vulnerability detection on your services, you can use the metric `datadog.apm.appsec_host` to check if SCA is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. diff --git a/content/en/security/default_rules/_index.md b/content/en/security/default_rules/_index.md index 522c2d6f25ed1..97e9f1374dce8 100644 --- a/content/en/security/default_rules/_index.md +++ b/content/en/security/default_rules/_index.md @@ -34,11 +34,11 @@ cascade: subcategory: Security Detection Rules --- -Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your App and API Protection library, and the Agent, depending on your configuration.
Datadog's Security Research team continuously adds new OOTB security detection rules. While the aim is to deliver high-quality detections with the release of integrations or other new features, the performance of these detections at scale often needs to be observed before making the rule generally available. These rules contain a Beta tag. This gives Datadog's Security Research team time to either refine or deprecate detection opportunities that do not meet Datadog's standards.
-Click the following buttons to filter the detection rules. Security detection rules are available for [Application Security Management][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. +Click the following buttons to filter the detection rules. Security detection rules are available for [App and API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [Cloud Security Misconfigurations][3] (cloud and infrastructure), [Workload Protection][4], [Cloud Security Identity Risks][6], and [Attack Paths][7]. [1]: /security/detection_rules/ [2]: /security/cloud_siem/ diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 5bf81efdbc99b..b91a47705462d 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -22,10 +22,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -36,16 +36,16 @@ Detection rules define conditional logic that is applied to all ingested logs an ## Out-of-the-box detection rules -Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your App and API Protection library, and the Agent, depending on your configuration. Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. -- Cloud Security Management (CSM): - - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. -- [Application Security Management][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. +- Cloud Security: + - [Cloud Security Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. + - [Workload Protection][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. + - [Cloud Security Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. +- [App and API Protection][7] (AAP) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules @@ -53,13 +53,13 @@ Datadog's Security Research team continually adds new OOTB security detection ru ## Custom detection rules -There may be situations where you need to customize a rule based on your environment or workload. For example, if you're using ASM, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. +There may be situations where you need to customize a rule based on your environment or workload. For example, if you're using AAP, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. To [create custom rules](#create-detection-rules), you can clone the default rules and edit the copies, or create your own rules from scratch. ## Search and filter detection rules -To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security Management, and Cloud SIEM). +To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security, and Cloud SIEM). To search and filter the rules, use the search box and facets to query by value. For example, to only show rules for a given rule type, hover over the rule type and select `only`. You can also filter by facets such as `source` and `severity` when investigating and triaging incoming issues. @@ -72,9 +72,9 @@ To create a custom detection rule, click the **New Rule** button in the upper-ri For detailed instructions, see the following articles: - [Cloud SIEM][11] -- [ASM][12] -- [CSM Misconfigurations][13] -- [CSM Threats][14] +- [AAP][12] +- [Cloud Security Misconfigurations][13] +- [Workload Protection][14] ## Manage detection rules @@ -119,8 +119,8 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - - For ASM: Click **Application Security** and then click **Detection Rules**. - - For CSM: Click **Cloud Security Management** and then click **Threat Detection Rules**. + - For AAP: Click **Application Security** and then click **Detection Rules**. + - For Cloud Security: Click **Cloud Security** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. 1. In the rule editor, click **Version History** to see past changes. @@ -151,7 +151,7 @@ The rule deprecation process is as follows: 1. There is a warning with the deprecation date on the rule. In the UI, the warning is shown in the: - Signal side panel's **Rule Details > Playbook** section - - Misconfigurations side panel (CSM Misconfigurations only) + - Misconfigurations side panel (Cloud Security Misconfigurations only) - [Rule editor][10] for that specific rule 2. Once the rule is deprecated, there is a 15 month period before the rule is deleted. This is due to the signal retention period of 15 months. During this time, you can re-enable the rule by [cloning the rule](#clone-a-rule) in the UI. 3. Once the rule is deleted, you can no longer clone and re-enable it. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 4340782998f52..992e1ff8f3370 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -7,12 +7,12 @@ aliases: further_reading: - link: "https://www.datadoghq.com/blog/threat-detection-fargate/" tag: "Blog" - text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" + text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog Cloud Security" --- -This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Cloud Security][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (AAP)][4], and [Cloud SIEM][5] on AWS Fargate. -{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} +{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how Cloud Security, AAP, and Cloud SIEM are configured on AWS Fargate" width="90%">}} ## Full stack coverage for AWS Fargate @@ -33,13 +33,13 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the
- + - +
CSM Identity RisksCloud Security Identity Risks {{< X >}} {{< X >}}
CSM MisconfigurationsCloud Security Misconfigurations {{< X >}} {{< X >}} {{< X >}}{{< X >}}
CSM VulnerabilitiesCloud Security Vulnerabilities {{< X >}} {{< X >}} {{< X >}}Real time
CSM ThreatsWorkload Protection {{< X >}} {{< X >}}Fargate Application Application Performance Monitoring Software Composition Analysis (SCA) and Code SecurityASM - Threat Detection and ProtectionAAP - Threat Detection and Protection
Fargate Infrastructure Infrastructure Monitoring Not yet supportedCSM ThreatsWorkload Protection
@@ -55,24 +55,24 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the AWS IAM roles and policies Log Management - Cloud Security Management + Cloud Security Cloud SIEM AWS databases Log Management - Cloud Security Management + Cloud Security Cloud SIEM AWS S3 buckets Log Management - Cloud Security Management + Cloud Security Cloud SIEM -## Cloud Security Management +## Cloud Security ### Prerequisites @@ -80,7 +80,7 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the - Access to AWS Management Console - AWS Fargate ECS or EKS workloads -
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security.
### Images @@ -260,7 +260,7 @@ Use the following [Agent RBAC deployment instruction][6] before deploying the Ag #### Deploy the Agent as a sidecar -The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with CSM Threats enabled: +The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with Workload Protection enabled: ```yaml apiVersion: apps/v1 @@ -333,11 +333,11 @@ spec: {{% /tab %}} {{< /tabs >}} -### Verify that the Agent is sending events to CSM +### Verify that the Agent is sending events to Cloud Security -When you enable CSM on AWS Fargate ECS or EKS, the Agent sends an agent event to Datadog to confirm that the default ruleset has been successfully deployed. To view the agent event, navigate to the [Agent Events][9] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. +When you enable Cloud Security on AWS Fargate ECS or EKS, the Agent sends an agent event to Datadog to confirm that the default ruleset has been successfully deployed. To view the agent event, navigate to the [Agent Events][9] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. -
You can also verify the Agent is sending events to CSM by manually triggering an AWS Fargate security signal.
+
You can also verify the Agent is sending events to Cloud Security by manually triggering an AWS Fargate security signal.
In the task definition, replace the "workload" container with the following: @@ -362,7 +362,7 @@ In the task definition, replace the "workload" container with the following: - The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment - Datadog APM is configured for your application or service -
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with Application Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with App and API Protection.
### Installation diff --git a/content/en/security/notifications/_index.md b/content/en/security/notifications/_index.md index f455e717c6583..6bfa7b67aef68 100644 --- a/content/en/security/notifications/_index.md +++ b/content/en/security/notifications/_index.md @@ -16,10 +16,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index 837d1702b3e03..67ff4b3366e15 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -15,10 +15,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/variables.md b/content/en/security/notifications/variables.md index 2bc1b3f587a08..9d3a65be769d2 100644 --- a/content/en/security/notifications/variables.md +++ b/content/en/security/notifications/variables.md @@ -13,10 +13,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -139,7 +139,7 @@ user@domain.com just logged in without MFA from 1.2.3.4. {{% /tab %}} -{{% tab "Application Security Management" %}} +{{% tab "App and API Protection" %}} ```json { diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 1ed00bc4a4720..c71e6dca28ea9 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -3,10 +3,10 @@ title: Security Inbox further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Learn more about Application Security Management" + text: "Learn more about App and API Protection" - link: "/security/cloud_security_management" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Cloud Security" - link: "/security/default_rules/#all" tag: "Documentation" text: "Out-of-the-box Detection Rules" @@ -14,10 +14,10 @@ further_reading: tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" products: -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -30,10 +30,10 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from App and API Protection (AAP) and Cloud Security. By default, these include the following types of findings: -- A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. -- A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. +- A curated set of [misconfigurations][1] for [Cloud Security Misconfigurations][2], compiled by Datadog Security Research. +- A curated set of [identity risks][1] for [Cloud Security Identity Risks][3], compiled by Datadog Security Research. - Application library vulnerabilities for [Software Composition Analysis(SCA)][4]. All high and critical application library vulnerabilities on production services under attack appear in the inbox. - Application code vulnerabilities for [Code Security vulnerabilities][5]. All high and critical application code vulnerabilities appear in the inbox. - [Attack Paths][1]. An attack path outlines a series of interconnected misconfigurations, container image, host, and application vulnerabilities that malicious actors could leverage to gain unauthorized access, escalate privileges, or compromise sensitive data in your cloud environment. All attack paths are listed in Security Inbox by default. @@ -94,6 +94,6 @@ For more information, see [Automation Pipelines][11] and [Add to Security Inbox [7]: https://www.cisa.gov/ [8]: https://www.exploit-db.com/ [9]: https://nvd.nist.gov/ -[10]: /security/cloud_security_management/severity_scoring/#csm-severity-scoring-framework +[10]: /security/cloud_security_management/severity_scoring/#cloud-security-severity-scoring-framework [11]: /security/automation_pipelines/ [12]: /security/automation_pipelines/security_inbox \ No newline at end of file diff --git a/content/en/security/sensitive_data_scanner/_index.md b/content/en/security/sensitive_data_scanner/_index.md index 4b68161d3bba5..ae02a1c60d6ef 100644 --- a/content/en/security/sensitive_data_scanner/_index.md +++ b/content/en/security/sensitive_data_scanner/_index.md @@ -93,7 +93,7 @@ Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners Sensitive Data Scanner leverages its [entire rules library][10] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. **Note**: Data stores and their files are only read in your environment—no sensitive data that was scanned is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security. See [Set up Sensitive Data Scanner for Cloud Storage][12] for setup details. diff --git a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md index 2bf872751a920..f2a623dff0e86 100644 --- a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md +++ b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md @@ -82,7 +82,7 @@ To investigate a datastore: - If it is not supposed to be in the bucket, delete the files or move them to an appropriate bucket. - If it is supposed to be in the bucket, complete the following steps to improve your security posture: 1. Click the **Security** tab in the side panel and review the **Misconfigurations** section. - 1. Click on a misconfiguration to see details in Cloud Security Management. + 1. Click on a misconfiguration to see details in Cloud Security. 1. In the **Next Steps** section: 1. Under **Triage**, click the dropdown to change the triage status of the signal. The default status is `OPEN`. 1. Click **Assign Signal** to assign a signal to yourself or another Datadog user. diff --git a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md index 4e94ac62a62d5..e6afee0d07a26 100644 --- a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md +++ b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md @@ -85,7 +85,7 @@ You can add a scanner to a new AWS account or an existing AWS account. 1. Select the AWS region in the dropdown menu. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. **Note**: Only users with `api_keys_write` permissions can enable Remote Configuration for individual API keys. 1. If you want to send AWS logs to Datadog, leave **Yes** selected. -1. Select **Yes** if you want to use Datadog Cloud Security Management. +1. Select **Yes** if you want to use Datadog Cloud Security. 1. **Enable Sensitive Data Scanner** is automatically selected by default. This tells CloudFormation to add the AWS Managed SecurityAudit policy to your Datadog AWS Integration role and enable Agentless Scanning to start scanning your cloud data stores. 1. Click **Launch CloudFormation Template**. diff --git a/content/en/security/suppressions.md b/content/en/security/suppressions.md index 875a2a8fc7629..2d4049650c87c 100644 --- a/content/en/security/suppressions.md +++ b/content/en/security/suppressions.md @@ -9,10 +9,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threat_intelligence.md b/content/en/security/threat_intelligence.md index 3b2df4261245e..a995cb707aa0a 100644 --- a/content/en/security/threat_intelligence.md +++ b/content/en/security/threat_intelligence.md @@ -6,15 +6,15 @@ description: "Threat Intelligence at Datadog" further_reading: - link: "/security/application_security/threats/threat-intelligence/" tag: "documentation" - text: "ASM Threat Intelligence" + text: "AAP Threat Intelligence" products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -66,13 +66,13 @@ Sources, categories, and intents are available as facets and filters on relevant | Source | Category | Source Use Cases | Primary Products | |--------|------------|-----------|------------------| -| Datadog Threat Research| scanners, Redis exploitation, Docker exploitation, malware, bruteforcer | Honeypots focused on software specific threats | ASM, CWS and Cloud SIEM | -| [Datadog ASM](https://docs.datadoghq.com/security/application_security/) | scanner | List of IPs that have been observed attacking multiple ASM customers | ASM | -| [Spur](https://spur.us/) | residential_proxy | Proxies associated credential stuffing and fraud | ASM and Cloud SIEM | +| Datadog Threat Research| scanners, Redis exploitation, Docker exploitation, malware, bruteforcer | Honeypots focused on software specific threats | AAP, CWS and Cloud SIEM | +| [Datadog AAP](https://docs.datadoghq.com/security/application_security/) | scanner | List of IPs that have been observed attacking multiple AAP customers | AAP | +| [Spur](https://spur.us/) | residential_proxy | Proxies associated credential stuffing and fraud | AAP and Cloud SIEM | | [Spur](https://spur.us/) | malware_proxy | Proxies associated with malware command and control | Cloud SIEM | | [Abuse.ch](https://abuse.ch/) Malware Bazaar| malware | Malware on hosts | CWS | | [Minerstat](https://minerstat.com/mining-pool-whitelist.txt) | malware | Coinminer activity with known mining pools| CWS | -| Tor | tor | Policy violations for user activity | ASM, Cloud SIEM, and CWS | +| Tor | tor | Policy violations for user activity | AAP, Cloud SIEM, and CWS | | [Threatfox](https://threatfox.abuse.ch/) | malware | Identify hosts communicating with known malware infrastructure | Cloud SIEM, and CWS | @@ -80,13 +80,13 @@ Sources, categories, and intents are available as facets and filters on relevant | Category | Intention | Entity Types | Product Use Cases | Primary Products | |----------|----------|--------------|----------|------------------| -| residential_proxy | suspicious | IP addresses | Reputation for credential stuffing and fraud | ASM and Cloud SIEM | -| botnet_proxy | suspicious | IP addresses | Reputation for being part of a botnet and contributing to distributed attacks | ASM and Cloud SIEM | +| residential_proxy | suspicious | IP addresses | Reputation for credential stuffing and fraud | AAP and Cloud SIEM | +| botnet_proxy | suspicious | IP addresses | Reputation for being part of a botnet and contributing to distributed attacks | AAP and Cloud SIEM | | malware | malicious | application library versions, file hashes | Malicious packages and communication with mining pools| CWS | -| scanner | suspicious | IP addresses | Reputation for scanners | ASM and Cloud SIEM | -| hosting_proxy | suspicious | IP addresses | Datacenter IPs with a reputation of abuse, such as for distributed credential stuffing attacks | ASM and Cloud SIEM | -| tor | suspicious | IP addresses | Corporate policy violations for user activity | ASM and Cloud SIEM | -| disposable_email | suspicious | Email domain | Detect product usage from disposable email addresses | ASM | +| scanner | suspicious | IP addresses | Reputation for scanners | AAP and Cloud SIEM | +| hosting_proxy | suspicious | IP addresses | Datacenter IPs with a reputation of abuse, such as for distributed credential stuffing attacks | AAP and Cloud SIEM | +| tor | suspicious | IP addresses | Corporate policy violations for user activity | AAP and Cloud SIEM | +| disposable_email | suspicious | Email domain | Detect product usage from disposable email addresses | AAP | ### Threat Intelligence Intents | Intent | Use Case | diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index bd81d4d3d1710..f8ca742995dc0 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Threats +title: Workload Protection aliases: - /security_platform/cloud_workload_security/ - /security/cloud_workload_security/ @@ -9,20 +9,20 @@ aliases: - /security/threats/runtime_anomaly_detection --- -Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. +Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. ## Detect threats to your production workloads in real-time -Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine CSM Threats with [Cloud Network Monitoring][9] and detect suspicious activity at the network level before a workload is compromised. +Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine Workload Protection with [Cloud Network Monitoring][9] and detect suspicious activity at the network level before a workload is compromised. -CSM Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for CSM Threats: +Workload Protection Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for Workload Protection: 1. **Process Execution Monitoring** to watch process executions for malicious activity on hosts or containers in real-time. 2. **File Integrity Monitoring** to watch for changes to key files and directories on hosts or containers in real-time. 3. **DNS Activity Monitoring** to watch network traffic for malicious activity on hosts and containers in real-time. 4. **Kernel Activity Monitoring** to watch for kernel-layer attacks like process hijacking, container breakouts, and more in real-time. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues to remediate" width="100%">}} ## Proactively block threats with Active Protection @@ -32,11 +32,11 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and ## Manage out-of-the-box and custom detection rules -CSM Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior. +Workload Protection Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior. Use [Remote Configuration][7] to automatically deploy new and updated rules to the Agent. [Customize the rules][5] by defining how each rule monitors process, network, and file activity, [create custom rules][6], and [set up real-time notifications](#set-up-real-time-notifications) for new signals. -{{< img src="security/cws/threats_detection_rules.png" alt="CSM Threats detection rules in the Datadog app" width="100%">}} +{{< img src="security/cws/threats_detection_rules.png" alt="Workload Protection detection rules in the Datadog app" width="100%">}} ## Set up real-time notifications @@ -48,7 +48,7 @@ Use template variables and Markdown to [customize notification messages][5]. Edi Investigate and triage security signals in the [Signals Explorer][8]. View detailed information about the impacted files or processes, related signals and logs, and remediation steps. -{{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} +{{< img src="security/cws/signals_explorer.png" alt="Cloud Security Signals Explorer page" width="100%">}} {{< callout url="https://docs.google.com/forms/d/e/1FAIpQLSfzQARsTPr3tiJDnS_4bGx7w35LDfAbGUggaUzHYoL0dIUMWQ/viewform" btn_hidden="false" header="Active Protection">}} @@ -59,10 +59,10 @@ Datadog is introducing a new feature called Active Protection to address the cry {{< whatsnext >}} {{< nextlink href="/security/threats/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Threats{{< /nextlink >}} - {{< nextlink href="/security/threats/workload_security_rules">}}Learn about CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for Workload Protection{{< /nextlink >}} + {{< nextlink href="/security/threats/workload_security_rules">}}Learn about Workload Protection detection rules{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box Workload Protection detection rules{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security{{< /nextlink >}} {{< /whatsnext >}} [1]: /security/threats/setup/?tab=kuberneteshelm#prerequisites diff --git a/content/en/security/threats/investigate_agent_events.md b/content/en/security/threats/investigate_agent_events.md index 48032ff3512b2..76bf4339a6c48 100644 --- a/content/en/security/threats/investigate_agent_events.md +++ b/content/en/security/threats/investigate_agent_events.md @@ -4,16 +4,13 @@ disable_toc: false further_reading: - link: "/security/default_rules/?category=cat-csm-threats#all" tag: "Documentation" - text: "Explore CSM Threats detection rules" + text: "Explore Workload Protection detection rules" - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Learn how to manage CSM Threats detection rules" + text: "Learn how to manage Workload Protection detection rules" - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" - - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" --- diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index f5c7e78af4b90..16746de13d84b 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -4,23 +4,20 @@ disable_toc: false further_reading: - link: "/security/default_rules/?category=cat-csm-threats#all" tag: "Documentation" - text: "Explore CSM Threats detection rules" + text: "Explore Workload Protection detection rules" - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Learn how to manage CSM Threats detection rules" + text: "Learn how to manage Workload Protection detection rules" - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" - - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" --- -[Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. +[Workload Protection][9] security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. -To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. +To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security. -{{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} +{{< img src="security/cws/signals_explorer.png" alt="Cloud Security Signals Explorer page" width="100%">}} ## Filter security signals diff --git a/content/en/security/threats/supported_linux_distributions.md b/content/en/security/threats/supported_linux_distributions.md index fed1bbb57f1b6..b994074c5203e 100644 --- a/content/en/security/threats/supported_linux_distributions.md +++ b/content/en/security/threats/supported_linux_distributions.md @@ -1,8 +1,8 @@ --- -title: CSM Threats Supported Linux Distributions +title: Workload Protection Supported Linux Distributions --- -Cloud Security Management Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distributions | Supported Versions | |---------------------------------------------------------------|-------------------------| @@ -19,8 +19,8 @@ Cloud Security Management Threats supports the following Linux distributions: **Notes:** - Custom kernel builds are not supported. -- The [CSM Threats eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. -- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Cloud Security Management Threats][1]. +- The [Workload Protection eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. +- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see [Troubleshooting Workload Protection][1]. - Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported). [1]: /security/cloud_security_management/troubleshooting/threats diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index ac9d5b0163d6a..383ce1475520c 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -1,24 +1,24 @@ --- -title: CSM Threats Detection Rules +title: Workload Protection Detection Rules aliases: - /security_platform/cloud_workload_security/workload_security_rules - /security/cloud_workload_security/workload_security_rules further_reading: - link: "/security/threats/setup" tag: "Documentation" - text: "Setting Up CSM Threats" + text: "Setting Up Workload Protection" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expressions" - link: "security/threats/backend" tag: "Documentation" - text: "CSM Threats Events" + text: "Workload Protection Events" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" --- -This topic explains how Cloud Security Management Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. +This topic explains how Workload Protection actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. ## Proactively block threats with Active Protection @@ -26,11 +26,11 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and [Active Protection][12] enables you to proactively block and terminate crypto mining threats identified by the Datadog Agent threat detection rules. -## CSM Threats rules construction +## Workload Protection rules construction -CSM Threats rules consist of two different components: Agent rules and threat detection rules. +Workload Protection rules consist of two different components: Agent rules and threat detection rules. -- **Agent rules:** [Agent rules][9] are evaluated on the Agent host. CSM Threats first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

+- **Agent rules:** [Agent rules][9] are evaluated on the Agent host. Workload Protection first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

For example, here is the *Agent rule* expression `cryptominer_args`: @@ -56,9 +56,9 @@ CSM Threats rules consist of two different components: Agent rules and threat de -@process.executable.path:"/usr/bin/grep" ``` -### CSM Threats rules pipeline +### Workload Protection rules pipeline -CSM Threats uses the following pipeline when evaluating events: +Workload Protection uses the following pipeline when evaluating events: 1. The Agent rules evaluate system activity on the Agent host. 2. When activity matches an Agent rule expression, the Agent generates a detection event and passes it to the Datadog backend. @@ -68,11 +68,11 @@ CSM Threats uses the following pipeline when evaluating events: The following diagram illustrates this pipeline: -{{< img src="security/cws/threat_detection_pipeline_2.png" alt="CSM Threats detection pipeline" style="width:100%;" >}} +{{< img src="security/cws/threat_detection_pipeline_2.png" alt="Workload Protection detection pipeline" style="width:100%;" >}} ### Saving resources by design -CSM Threats detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. +Workload Protection detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. Datadog solves this problem by keeping the Agent lightweight with only a few rules, and processes most rules using the threat detection rules on the Datadog backend. @@ -87,15 +87,15 @@ There are two use cases: - **Create a threat detection rule using an existing Agent rule:** To create a threat detection rule that uses an existing Agent rule, you only need to create a threat detection rule that references the Agent rule and adds any additional expression parameters you need. - **Create a threat detection rule using a new Agent rule:** To detect an event that the current Agent rules do not support, create a custom Agent rule to detect that event, and then create a custom threat detection rule that uses the custom Agent rule. -For a detailed explanation, see [CSM Threats Detection Rules][11]. +For a detailed explanation, see [Workload Protection Detection Rules][11]. ## Agent rules summary Agent rules contain [Agent expressions](#agent-expressions) that determine which activities the Agent collects. A full set of Agent rules is called a policy. Datadog provides you with several [out-of-the-box Agent rules][6] powered by the default Agent policy. -With [Remote Configuration][7] enabled, you automatically receive new and updated CSM Threats Agent rules when they're released. These bundled Agent rules are used in the [default detection rules][1]. +With [Remote Configuration][7] enabled, you automatically receive new and updated Workload Protection Agent rules when they're released. These bundled Agent rules are used in the [default detection rules][1]. -
Remote Configuration for CSM Threats is in Preview. If you have any feedback or questions, contact Datadog support.
+
Remote Configuration for Workload Protection is in Preview. If you have any feedback or questions, contact Datadog support.
### Agent expressions @@ -105,11 +105,11 @@ Agent expressions use [Datadog's Security Language (SECL)][2] to define behavior To detect when the `passwd` command is executed, there are a few attributes to note. -On most Linux distributions, the `passwd` utility is installed at `/usr/bin/passwd`. Execution events include `exec`, `execve`, `fork`, and other system calls. In the CSM Threats environment, all of these events are identified by the `exec` symbol. +On most Linux distributions, the `passwd` utility is installed at `/usr/bin/passwd`. Execution events include `exec`, `execve`, `fork`, and other system calls. In the Workload Protection environment, all of these events are identified by the `exec` symbol. Putting it all together, the rule expression is `exec.file.path == "/usr/bin/passwd"`. -The `passwd` command rule is already present in the default CSM Threats Agent policy. However, Agent expressions can also be more advanced, and can define rules that match on process ancestors or use wildcards for broader detections. +The `passwd` command rule is already present in the default Workload Protection Agent policy. However, Agent expressions can also be more advanced, and can define rules that match on process ancestors or use wildcards for broader detections. #### Detect when a PHP or Nginx process launches Bash @@ -117,7 +117,7 @@ To detect when a PHP or Nginx process launches Bash, there are a few attributes On most Linux distributions, Bash is installed at `/usr/bin/bash`. As in the previous example, to detect execution, include `exec.file.path == "/usr/bin/bash"` in your rule. This ensures the rule is accounting for the execution of Bash, and also Bash as a child process of PHP or Nginx. -A process ancestor's filename in CSM Threats is an attribute with the symbol `process.ancestors.file.name`. To check if the ancestor is Nginx, add `process.ancestors.file.name == "nginx"`. Since PHP runs as multiple processes, use a wildcard to expand the rule to any process with the prefix `php`. To check if the ancestor is a PHP process, add `process.ancestors.file.name =~ "php*"`. +A process ancestor's filename in Workload Protection is an attribute with the symbol `process.ancestors.file.name`. To check if the ancestor is Nginx, add `process.ancestors.file.name == "nginx"`. Since PHP runs as multiple processes, use a wildcard to expand the rule to any process with the prefix `php`. To check if the ancestor is a PHP process, add `process.ancestors.file.name =~ "php*"`. Putting it all together, the rule expression is `exec.file.path == "/usr/bin/bash" && (process.ancestors.file.name == "nginx" || process.ancestors.file.name =~ "php*")`. diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index c01af0b88437d..c806b194e5ee0 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -3,19 +3,19 @@ title: Create Policies and Custom Rules further_reading: - link: "/security/threats/setup" tag: "Documentation" - text: "Setting Up CSM Threats" + text: "Setting Up Workload Protection" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expressions" - link: "security/threats/backend" tag: "Documentation" - text: "CSM Threats Events" + text: "Workload Protection Events" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" --- -This topic explains how to create custom Datadog Agent policies and detection rules for [CSM Threats][8]. +This topic explains how to create custom Datadog Agent policies and detection rules for [Workload Protection][8]. In addition to the out of the box (OOTB) [default Agent and detection rules][7], you can write custom Agent and detection rules. Custom rules help to detect events Datadog is not detecting with its OOTB rules. @@ -33,7 +33,7 @@ Here are some important [role and permissions][11] to use for custom rules RBAC: ## Policies -Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security Management > Agent Configuration][3]. +Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security > Agent Configuration][3]. You can create and deploy different custom policies containing rules you want to apply to different sets of hosts in your infrastructure. @@ -48,7 +48,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Create a policy -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Click **New Policy**. You can also open an existing policy, click **Actions**, and clone it. 3. Enter a name for the policy and click **Create**. The new policy is created and placed as the top priority, but it is not enabled or deployed. @@ -60,7 +60,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Prioritize policies -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Click **Determine Priority**. 3. Drag the policies to set their priority. 4. Click **Confirm Reordering**. @@ -75,7 +75,7 @@ When a policy is overridden, the **Overridden** status is displayed. Hover over Tags identify two things: the Agents using the policy and the infrastructure where those Agents apply the policy. For example, if a policy has the tag `cluster_name:mycluster` the Agents in that cluster use the policy on the hosts in that cluster. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Hover over a policy, or open a policy, and click **Apply Tags & Deploy Policy**. 3. Enter tags and click **Apply**. If the policy is enabled, the policy is applied to the tag targets. @@ -92,7 +92,7 @@ There are two use cases: - **Create a detection rule using an existing Agent rule:** To create a threat detection rule that uses an existing Agent rule, you only need to create a threat detection rule that references the Agent rule and adds any additional expression parameters you need. - **Create a threat detection rule using a new Agent rule:** To detect an event that the current Agent rules do not support, you need to create a custom Agent rule to detect that event, and then create a custom threat detection rule that uses the custom Agent rule. -For more information, see [CSM Threats Detection Rules][7]. +For more information, see [Workload Protection Detection Rules][7]. You can create custom rules using these methods: @@ -103,8 +103,7 @@ You can create custom rules using these methods: ## Create the custom Agent and detection rules together -CSM custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. - +Workload Protection custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. ## Create the custom Agent and detection rules together @@ -116,7 +115,7 @@ As you define the rules using this tool, the threat expressions generated for th To use the Assisted rule creator: -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Assisted rule creator**. 4. Define the detection. To monitor your resource effectively, you have the following detection type options: @@ -136,7 +135,7 @@ To use the Assisted rule creator: You can create a custom Agent rule and deploy it as part of a new Agent policy. Later, when defining a custom [detection rule][3], you reference the custom Agent rule and add expression parameters. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Manual rule creator**. 4. Add a name and description for the rule. @@ -229,7 +228,7 @@ After you upload the new default policy file to the Agent, navigate to the [**Th 1. In **Detection rule types**, select **Workload Security**. 2. Select a detection method such as **Threshold** or **New Value**. 3. **Define search queries:** - 1. Configure a new CSM Threats rule. A rule can have multiple rule cases combined with Boolean logic, for example `(||, &&)`. You can also set the counter, group by, and roll-up window. + 1. Configure a new Workload Protection rule. A rule can have multiple rule cases combined with Boolean logic, for example `(||, &&)`. You can also set the counter, group by, and roll-up window. {{< img src="security/cws/workload_security_rules/define_runtime_expression2.png" alt="Adding a rule to the search queries field" >}} diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index f2c77c63bc596..8117f0b65477d 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -10,30 +10,30 @@ further_reading: text: "Notification Rules" --- -This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security Management (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. +This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security][4], and more specifically cloud configuration and infrastructure configuration signals. Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). -## Signals deprecation for CSM Misconfigurations +## Signals deprecation for Cloud Security Misconfigurations -Until today, notifications for [CSM Misconfigurations][2] would only be sent out for detection rules that have signals enabled, as shown in the following diagram: +Until today, notifications for [Cloud Security Misconfigurations][2] would only be sent out for detection rules that have signals enabled, as shown in the following diagram: **Previous workflow**: -{{< img src="security/csm/notification_rules_old_workflow.png" alt="Diagram that shows the current workflow for enabling notifications for CSM Misconfigurations" width="80%">}} +{{< img src="security/csm/notification_rules_old_workflow.png" alt="Diagram that shows the current workflow for enabling notifications for Cloud Security Misconfigurations" width="80%">}} As part of the upcoming changes to notification rules, you are no longer required to enable signals in order to generate notifications. The new workflow is shown in the following diagram: **New workflow**: -{{< img src="security/csm/notification_rules_new_workflow.png" alt="Diagram that shows the new workflow for enabling notifications for CSM Misconfigurations" width="100%">}} +{{< img src="security/csm/notification_rules_new_workflow.png" alt="Diagram that shows the new workflow for enabling notifications for Cloud Security Misconfigurations" width="100%">}} -This change has the following impact on how notifications are generated for CSM Misconfigurations: +This change has the following impact on how notifications are generated for Cloud Security Misconfigurations: 1. You will now be able to specify misconfiguration as a source type when creating notification rules. 2. You will now be able to choose whether you want to get notified for every new issue matching your query, or if you want to receive periodic notifications that summarize the new findings. -3. Signals are no longer generated for CSM Misconfigurations. This also means that notifications can no longer be enabled and configured at the detection rule level. -4. Support for CSM Misconfigurations signals will be deprecated in early 2025. Legacy signals will be retained for 15 months from their trigger date (free of charge). +3. Signals are no longer generated for Cloud Security Misconfigurations. This also means that notifications can no longer be enabled and configured at the detection rule level. +4. Support for Cloud Security Misconfigurations signals will be deprecated in early 2025. Legacy signals will be retained for 15 months from their trigger date (free of charge).
While there will be no immediate change in behavior, depending on how you configure your new notification rules, you may notice an increase in the number of notifications generated. If the conditions set in a notification rule results in a high number of notifications, a warning message is displayed in the Preview of Matching Results panel. To help control noise, you can refine your query and use the new time aggregation mechanism. At this time, this feature is only available for vulnerabilities.
@@ -49,7 +49,7 @@ When you create a notification rule, you are now required to choose between two ## Additional changes - Notification rules can now be configured for identity risks and attack paths, as well as container image vulnerabilities. -- CSM Misconfigurations notifications now contain the full finding metadata. Previously, the notification contained only limited signal metadata. +- Cloud Security Misconfigurations notifications now contain the full finding metadata. Previously, the notification contained only limited signal metadata. - Terraformed custom detection rules using the legacy notifications attribute will no longer be supported after the final deprecation date (early 2025). Terraform support for Notification Rules will be available in late 2024. ## How to migrate existing notifications diff --git a/content/en/serverless/aws_lambda/_index.md b/content/en/serverless/aws_lambda/_index.md index 9ca209721de7a..cc0b4c5cb9a60 100644 --- a/content/en/serverless/aws_lambda/_index.md +++ b/content/en/serverless/aws_lambda/_index.md @@ -86,7 +86,7 @@ Easily correlate serverless code, configuration, and deployment changes with met {{< whatsnext desc=" ">}} {{< nextlink href="/serverless/aws_lambda/profiling" >}}Continuous Profiler: Enable Datadog's Continuous Profiler to find the exact line of code in your Lambda function that is causing bottlenecks.{{< /nextlink >}} - {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use Application Security Management (ASM) to manage threats to your functions.{{< /nextlink >}} + {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use App and API Protection (AAP) to manage threats to your functions.{{< /nextlink >}} {{< nextlink href="/serverless/deployment_tracking" >}}Deployment Tracking: Track deployments to see when a new version of code or a configuration change causes a regression.{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md index c32bb442c1a41..1a4593d0e9b31 100644 --- a/content/en/serverless/aws_lambda/configuration.md +++ b/content/en/serverless/aws_lambda/configuration.md @@ -57,13 +57,13 @@ To enable threat monitoring, add the following environment variables to your dep AWS_LAMBDA_EXEC_WRAPPER: /opt/datadog_wrapper ``` -Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: +To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: ```sh - curl -H 'My-ASM-Test-Header: acunetix-product' https:/// + curl -H 'My-AAP-Test-Header: acunetix-product' https:/// ``` A few minutes after you enable your application and send the attack patterns, **threat information appears in the [Application Signals Explorer][41]**. diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/installation/dotnet.md index ce99e9c5c2b05..f075d3c8b6e73 100644 --- a/content/en/serverless/aws_lambda/installation/dotnet.md +++ b/content/en/serverless/aws_lambda/installation/dotnet.md @@ -305,7 +305,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/installation/go.md index 6cf84b71e522d..8772d28bc8a29 100644 --- a/content/en/serverless/aws_lambda/installation/go.md +++ b/content/en/serverless/aws_lambda/installation/go.md @@ -166,7 +166,7 @@ func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, er ## Minimize cold start duration Version 67+ of [the Datadog Extension][5] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/installation/java.md index 2ed5cede85033..a265d5d1fa907 100644 --- a/content/en/serverless/aws_lambda/installation/java.md +++ b/content/en/serverless/aws_lambda/installation/java.md @@ -372,7 +372,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][12] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/installation/nodejs.md index de0e54273478a..631709717c4fa 100644 --- a/content/en/serverless/aws_lambda/installation/nodejs.md +++ b/content/en/serverless/aws_lambda/installation/nodejs.md @@ -389,7 +389,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/installation/python.md index ac1a09ae0c11a..ea8d766fb0678 100644 --- a/content/en/serverless/aws_lambda/installation/python.md +++ b/content/en/serverless/aws_lambda/installation/python.md @@ -408,7 +408,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/installation/ruby.md index 0d872a443ebd7..adbba9a443096 100644 --- a/content/en/serverless/aws_lambda/installation/ruby.md +++ b/content/en/serverless/aws_lambda/installation/ruby.md @@ -333,7 +333,7 @@ To install and configure the Datadog Serverless Plugin, follow these steps: ## Minimize cold start duration Version 67+ of [the Datadog Extension][10] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/securing_functions.md b/content/en/serverless/aws_lambda/securing_functions.md index 8a7bae7a2cd73..19489e8c2ea25 100644 --- a/content/en/serverless/aws_lambda/securing_functions.md +++ b/content/en/serverless/aws_lambda/securing_functions.md @@ -3,19 +3,19 @@ title: Securing Functions further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management" + text: "App and API Protection" - link: "/security/application_security/how-appsec-works" tag: "Documentation" text: "How Application Security Works" --- -[Datadog Application Security Management (ASM)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. +[Datadog App and API Protection (AAP)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. -ASM secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. +AAP secures functions written in Python, Node, Go, Java, and .NET. Because AAP is built on top of Serverless APM, you can set it up by adding an environment variable. -ASM supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. +AAP supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. -You can [get started managing threats to your functions with ASM][3] today. +You can [get started managing threats to your functions with AAP][3] today. ## Further reading diff --git a/content/en/serverless/azure_app_services/azure_app_services_windows.md b/content/en/serverless/azure_app_services/azure_app_services_windows.md index 716db99f624d6..fbb18b32caabe 100644 --- a/content/en/serverless/azure_app_services/azure_app_services_windows.md +++ b/content/en/serverless/azure_app_services/azure_app_services_windows.md @@ -267,7 +267,7 @@ Datadog's Azure App Service Node.js extension supports Azure App Service Web App - `DD_ENV`: Your environment name - `DD_SERVICE`: Your service name (defaults to your Web App name) - `DD_RUNTIME_METRICS_ENABLED`: `true` to enable runtime metrics - - `DD_APPSEC_ENABLED`: `true` to enable [Application Security Management][11] + - `DD_APPSEC_ENABLED`: `true` to enable [App and API Protection][11] See the full list of [optional configuration settings][5]. 6. Select **Save**. This restarts your application. diff --git a/content/en/serverless/guide/serverless_warnings.md b/content/en/serverless/guide/serverless_warnings.md index d50fcc33dc74f..148f6a5de544d 100644 --- a/content/en/serverless/guide/serverless_warnings.md +++ b/content/en/serverless/guide/serverless_warnings.md @@ -100,7 +100,7 @@ No invocation in the selected time range used more than 10% of the allocated mem Attack attempts were detected targeting the serverless application. -**Resolution:** Investigate the attack attempts in ASM by clicking the **Security Signals** button to determine how to respond. If immediate action is needed, you can block the attacking IP in your WAF through the [Workflows integration][11]. +**Resolution:** Investigate the attack attempts in AAP by clicking the **Security Signals** button to determine how to respond. If immediate action is needed, you can block the attacking IP in your WAF through the [Workflows integration][11]. ### Under provisioned diff --git a/content/en/service_management/incident_management/declare.md b/content/en/service_management/incident_management/declare.md index e90f9f71a2efb..7ec48be6b1556 100644 --- a/content/en/service_management/incident_management/declare.md +++ b/content/en/service_management/incident_management/declare.md @@ -29,10 +29,10 @@ Incidents created from a monitor will inherit [field values][10] from the monito ## From a Security Signal -Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. +Declare an incident directly from a Cloud SIEM or Workload Protection signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security. -Declare an incident from an Application Security Management signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. -For more information, see [Investigate Security Signals][4] for Application Security Management. +Declare an incident from an App and API Protection signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. +For more information, see [Investigate Security Signals][4] for App and API Protection. {{< img src="/service_management/incidents/declare/declare_asm.png" alt="Your image description" style="width:90%;" >}} diff --git a/content/en/software_catalog/endpoints/_index.md b/content/en/software_catalog/endpoints/_index.md index 9afe227c21d2f..8fbb80b69d97f 100644 --- a/content/en/software_catalog/endpoints/_index.md +++ b/content/en/software_catalog/endpoints/_index.md @@ -12,7 +12,7 @@ further_reading: text: "Synthetic API Tests" - link: "/security/application_security/how-appsec-works/#api-security" tag: "Documentation" - text: "ASM API Security" + text: "AAP API Security" - link: "https://www.datadoghq.com/blog/primary-risks-to-api-security/" tag: "Blog" text: "Mitigate the primary risks to API security" diff --git a/content/en/software_catalog/navigating.md b/content/en/software_catalog/navigating.md index 54ac70b299655..c8d05ebedf989 100644 --- a/content/en/software_catalog/navigating.md +++ b/content/en/software_catalog/navigating.md @@ -88,7 +88,7 @@ The **Security tab** provides several ways to assess and improve the security po - Are receiving the most attack attempts. - Are targeted by the most attackers. - Have the most severe threats, where the services are impacted by the attacks. -- Are monitored and protected by [Application Security Management][8] +- Are monitored and protected by [App and API Protection][8] To access additional details describing security vulnerabilities and signals, click on the service row to open a detailed side panel. Alternatively, click on the pop-over **View Service Details** button, which opens the service page, and in turn, its security tab. diff --git a/content/en/software_catalog/use_cases/_index.md b/content/en/software_catalog/use_cases/_index.md index 7e95dfb2e1ca8..843e6ac2d90d8 100644 --- a/content/en/software_catalog/use_cases/_index.md +++ b/content/en/software_catalog/use_cases/_index.md @@ -12,7 +12,7 @@ Learn how teams use Datadog Software Catalog to centralize knowledge, streamline {{< whatsnext desc=" " >}} {{< nextlink href="/software_catalog/use_cases/api_management/" >}}API Management{{< /nextlink >}} {{< nextlink href="/software_catalog/use_cases/cloud_cost_management" >}}Cloud Cost Management{{< /nextlink >}} - {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}Application Security Management{{< /nextlink >}} + {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}App and API Protection{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dev_onboarding" >}}Developer Onboarding{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dependency_management" >}}Dependency Management{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/production_readiness" >}}Production Readiness{{< /nextlink >}} diff --git a/content/en/software_catalog/use_cases/appsec_management.md b/content/en/software_catalog/use_cases/appsec_management.md index 3adc8eb98c20f..eb1ad9cb0ee64 100644 --- a/content/en/software_catalog/use_cases/appsec_management.md +++ b/content/en/software_catalog/use_cases/appsec_management.md @@ -12,7 +12,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Datadog Application Security Management" + text: "Datadog App and API Protection" --- The Software Catalog enables organizations to seamlessly incorporate security into every development stage, ensuring a strong security posture across teams, applications, and systems. diff --git a/content/en/tracing/configure_data_security/_index.md b/content/en/tracing/configure_data_security/_index.md index 48f58d644eecb..81c8d2d925428 100644 --- a/content/en/tracing/configure_data_security/_index.md +++ b/content/en/tracing/configure_data_security/_index.md @@ -226,7 +226,7 @@ The table below describes the default behavior of each language tracing library {{% /tabs %}} -If you use Datadog Application Security Management (ASM), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. +If you use Datadog App and API Protection (AAP), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog AAP automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog AAP [data privacy][13] documentation. ## Agent diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md index aa7972ce7000d..87be59e1f768b 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md @@ -66,7 +66,7 @@ Refer to the instructions in the section corresponding to your preference below: - Comprehensive tracing coverage: - Instruments your code and all dependencies, including the Go standard library - Instruments your code during compilation, preventing gaps in tracing coverage due to overlooked manual instrumentation -- Exclusive [Application Security Management][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). +- Exclusive [App and API Protection][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). ### Requirements diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md index a03a75b2e74c6..64163091bbcff 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md @@ -56,13 +56,13 @@ apk add libgcc Run the installer: ```shell -# Full installation: APM + ASM + Profiling +# Full installation: APM + AAP + Profiling php datadog-setup.php --php-bin=all --enable-appsec --enable-profiling # APM only php datadog-setup.php --php-bin=all -# APM + ASM +# APM + AAP php datadog-setup.php --php-bin=all --enable-appsec # APM + Profiling diff --git a/content/en/tracing/trace_collection/compatibility/nodejs.md b/content/en/tracing/trace_collection/compatibility/nodejs.md index c4b07ebb68b71..765678681b5fc 100644 --- a/content/en/tracing/trace_collection/compatibility/nodejs.md +++ b/content/en/tracing/trace_collection/compatibility/nodejs.md @@ -49,7 +49,7 @@ For more information about Node.js release, see the [official Node.js documentat ### Operating system support -The following operating systems are officially supported by `dd-trace`. Any operating system not listed is still likely to work, but with some features missing, for example ASM, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported. +The following operating systems are officially supported by `dd-trace`. Any operating system not listed is still likely to work, but with some features missing, for example AAP, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported. | dd-trace Version | Operating System | Architectures | Minimum Versions | | ------------------- | --------------------- | --------------------- | ---------------------------------------- | diff --git a/content/en/tracing/trace_collection/library_config/java.md b/content/en/tracing/trace_collection/library_config/java.md index 20a6beb550507..af44fb44852ae 100644 --- a/content/en/tracing/trace_collection/library_config/java.md +++ b/content/en/tracing/trace_collection/library_config/java.md @@ -293,13 +293,13 @@ When set to `true` db spans get assigned the instance name as the service name **Default**: `false`
When set to `true` db spans get assigned the remote database hostname as the service name -### ASM +### AAP `dd.appsec.enabled` : **Environment Variable**: `DD_APPSEC_ENABLED`
**Default**: `false`
When `true`, enables Datadog Application Security Monitoring. Additionally, this automatically enables client IP collection (`dd.trace.client-ip.enabled`).
-For more information, see [Enabling ASM for Java][19]. +For more information, see [Enabling AAP for Java][19]. ### Errors diff --git a/content/en/tracing/trace_collection/library_config/nodejs.md b/content/en/tracing/trace_collection/library_config/nodejs.md index 88a8fa111fa79..8bd06b56b279a 100644 --- a/content/en/tracing/trace_collection/library_config/nodejs.md +++ b/content/en/tracing/trace_collection/library_config/nodejs.md @@ -213,12 +213,12 @@ The port of the DogStatsD Agent that metrics are submitted to. If the [Agent con **Default**: 5
Remote configuration polling interval in seconds. -### ASM +### AAP `DD_APPSEC_ENABLED` : **Configuration**: `appsec.enabled`
**Default**: `false`
-Enable Application Security Management features. +Enable App and API Protection features. `DD_APPSEC_RULES` : **Configuration**: `appsec.rules`
diff --git a/content/en/tracing/trace_collection/library_config/php.md b/content/en/tracing/trace_collection/library_config/php.md index 589bdd4981a1f..b707f342ddeaf 100644 --- a/content/en/tracing/trace_collection/library_config/php.md +++ b/content/en/tracing/trace_collection/library_config/php.md @@ -322,7 +322,7 @@ Enables IP collection client side. Added in version `0.84.0`. `DD_TRACE_CLIENT_IP_HEADER` : **INI**: `datadog.trace.client_ip_header`
**Default**: `null`
-The IP header to be used for client IP collection, for example: `x-forwarded-for`. Added in version `0.84.0` (`0.76.0` when using ASM). +The IP header to be used for client IP collection, for example: `x-forwarded-for`. Added in version `0.84.0` (`0.76.0` when using AAP). `DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP` : **INI**: `datadog.trace.obfuscation_query_string_regexp`
diff --git a/content/en/tracing/trace_explorer/trace_view.md b/content/en/tracing/trace_explorer/trace_view.md index 5f24ae7dbbc87..ab2c24ee7eea5 100644 --- a/content/en/tracing/trace_explorer/trace_view.md +++ b/content/en/tracing/trace_explorer/trace_view.md @@ -228,7 +228,7 @@ Click on a service's span to see network dependencies of the service making the See attack attempts that target the services of the distributed trace. You can see the pattern used by the attacker, the rule that detects the attack, and whether the attacker found a vulnerability in your service. -Click **View in ASM** to investigate further using [Datadog Application Security Management][1]. +Click **View in AAP** to investigate further using [Datadog App and API Protection][1]. {{< img src="tracing/trace_view/security_tab.png" alt="Security tab" style="width:90%;">}} diff --git a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md index ab9b6dfc2ec24..4ecc49e76795f 100644 --- a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md +++ b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md @@ -849,7 +849,7 @@ Some additional ingestion reasons are attributed to spans that are generated by | Product | Ingestion Reason | Ingestion Mechanism Description | |------------|-------------------------------------|---------------------------------| | Serverless | `lambda` and `xray` | Your traces received from the [Serverless applications][14] traced with Datadog Tracing Libraries or the AWS X-Ray integration. | -| Application Security Management | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | +| App and API Protection | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [AAP][15] as a threat. | | Data Jobs Monitoring | `data_jobs` | Traces ingested from the Datadog Java Tracer Spark integration or the Databricks integration. | ## Ingestion mechanisms in OpenTelemetry diff --git a/content/en/tracing/trace_pipeline/trace_retention.md b/content/en/tracing/trace_pipeline/trace_retention.md index 83065a91e4c3a..65fe0432d4cb2 100644 --- a/content/en/tracing/trace_pipeline/trace_retention.md +++ b/content/en/tracing/trace_pipeline/trace_retention.md @@ -77,7 +77,7 @@ There are two types of retention filters: The following retention filters are enabled by default: - The `Error Default` retention filter indexes error spans with `status:error`. The retention rate and the query are configurable. For example, to capture production errors, set the query to `status:error, env:production`. Disable the retention filter if you do not want to capture the errors by default. -- The `Application Security Monitoring Default` retention filter is enabled if you are using [Application Security Management][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). +- The `Application Security Monitoring Default` retention filter is enabled if you are using [App and API Protection][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). - The `Synthetics Default` retention filter is enabled if you are using Synthetic Monitoring. It ensures that traces generated from synthetic API and browser tests remain available by default. See [Synthetic APM][15] for more information, including how to correlate traces with synthetic tests. - The `Dynamic Instrumentation Default` retention filter is enabled if you are using [Dynamic Instrumentation][17]. It ensures spans created dynamically with Dynamic instrumentation remain available in the long term by default. diff --git a/layouts/shortcodes/appsec-getstarted-2-canary.en.md b/layouts/shortcodes/appsec-getstarted-2-canary.en.md index 069a4fd0087c9..d18c7d6a4d2d3 100644 --- a/layouts/shortcodes/appsec-getstarted-2-canary.en.md +++ b/layouts/shortcodes/appsec-getstarted-2-canary.en.md @@ -1,6 +1,6 @@ The library collects security data from your application and sends it to the Agent, which sends it to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -3. **To see Application Security Management threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +3. **To see App and API Protection threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A dd-test-scanner-log;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A dd-test-scanner-log;
done
diff --git a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md index fc52fe61c0da4..c2a2231786bc4 100644 --- a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md +++ b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md @@ -1,12 +1,12 @@ After this configuration is complete, the library collects security data from your application and sends it to the Agent. The Agent sends the data to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -1. To see Application Security Management threat detection in action, send known attack patterns to your application. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +1. To see App and API Protection threat detection in action, send known attack patterns to your application. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A dd-test-scanner-log;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A dd-test-scanner-log;
done
**Note**: The `dd-test-scanner-log` value is supported in the most recent releases. - A few minutes after you enable your application and send known attack patterns to it, threat information appears in the [Application Signals Explorer][201] and vulnerability information appears in the [Vulnerability Explorer][204]. + A few minutes after you enable your application and send known attack patterns to it, threat information appears in the [Application Signals Explorer][201] and vulnerability information appears in the [Vulnerabilities explorer][204]. [201]: https://app.datadoghq.com/security/appsec [202]: /security/default_rules/#cat-application-security diff --git a/layouts/shortcodes/appsec-getstarted-2.en.md b/layouts/shortcodes/appsec-getstarted-2.en.md index 30a4d52c2e511..eaa5175c8b0ed 100644 --- a/layouts/shortcodes/appsec-getstarted-2.en.md +++ b/layouts/shortcodes/appsec-getstarted-2.en.md @@ -1,6 +1,6 @@ The library collects security data from your application and sends it to the Agent, which sends it to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -1. **To see Application Security Management threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +1. **To see App and API Protection threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A Arachni/v1.0;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A Arachni/v1.0;
done
diff --git a/layouts/shortcodes/appsec-getstarted-with-rc.en.md b/layouts/shortcodes/appsec-getstarted-with-rc.en.md index 0852fcd5240bf..27faaef4d41f2 100644 --- a/layouts/shortcodes/appsec-getstarted-with-rc.en.md +++ b/layouts/shortcodes/appsec-getstarted-with-rc.en.md @@ -1,2 +1,2 @@
1-Click Enablement
-If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the ASM Status column and click Enable ASM. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.

+If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the AAP Status column and click Enable AAP. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.
diff --git a/layouts/shortcodes/appsec-getstarted.en.md b/layouts/shortcodes/appsec-getstarted.en.md index 86d44ea225d25..e416d1af4d9a4 100644 --- a/layouts/shortcodes/appsec-getstarted.en.md +++ b/layouts/shortcodes/appsec-getstarted.en.md @@ -2,7 +2,7 @@ ## Prerequisites
1-Click Enablement
-If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the ASM Status column and click Enable ASM. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.
+If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the AAP Status column and click Enable AAP. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags. - The [Datadog Agent][101] is installed and configured for your application's operating system or container, cloud, or virtual environment. - [Datadog APM][103] is configured for your application or service, and traces are being received by Datadog. diff --git a/layouts/shortcodes/asm-libraries-capabilities.en.md b/layouts/shortcodes/asm-libraries-capabilities.en.md index d0ab5e6a0f415..e9ab465e776a9 100644 --- a/layouts/shortcodes/asm-libraries-capabilities.en.md +++ b/layouts/shortcodes/asm-libraries-capabilities.en.md @@ -1,7 +1,7 @@ -The following ASM capabilities are supported relative to each language's tracing library: +The following AAP capabilities are supported relative to each language's tracing library: -| ASM capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | +| AAP capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | |----------------------------------------|---------|----------|--------------------------------------------------|---------------|-----------------|---------------|---------------| | Threat Detection | 1.8.0 | 2.23.0 | 4.0.0 | 1.9.0 | 1.47.0 | 1.9.0 | 0.84.0 | | API Security | 1.31.0 | 2.42.0 | 4.30.0 for Node.js 16+, or 5.6.0 for Node.js 18+ | 2.6.0 | 1.59.0 | 1.15.0 | 0.98.0 | diff --git a/layouts/shortcodes/asm-protect.en.md b/layouts/shortcodes/asm-protect.en.md index 0221008879290..d746555444f0f 100644 --- a/layouts/shortcodes/asm-protect.en.md +++ b/layouts/shortcodes/asm-protect.en.md @@ -1,11 +1,11 @@ If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][108], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -ASM Protect goes beyond Threat Detection and enables you to take blocking action to slow down attacks and attackers. Unlike perimeter WAFs that apply a broad range of rules to inspect traffic, ASM uses the full context of your application---its databases, frameworks, and programming language---to narrowly apply the most efficient set of inspection rules. +AAP Protect goes beyond Threat Detection and enables you to take blocking action to slow down attacks and attackers. Unlike perimeter WAFs that apply a broad range of rules to inspect traffic, AAP uses the full context of your application---its databases, frameworks, and programming language---to narrowly apply the most efficient set of inspection rules. -ASM leverages the same [tracing libraries][107] as Application Performance Monitoring (APM) to protect your applications against: +AAP leverages the same [tracing libraries][107] as Application Performance Monitoring (APM) to protect your applications against: -- **Attacks**: ASM's In-App WAF inspects all incoming traffic and uses pattern-matching to detect and block malicious traffic (security traces). +- **Attacks**: AAP's In-App WAF inspects all incoming traffic and uses pattern-matching to detect and block malicious traffic (security traces). - **Attackers**: IP addresses and authenticated users that are launching attacks against your applications are detected from the insights collected by the libraries and flagged in Security Signals. Security traces are blocked in real time by the Datadog tracing libraries. Blocks are saved in Datadog, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. For details, read [How Remote Configuration Works][108]. diff --git a/layouts/shortcodes/audit-trail-asm.en.md b/layouts/shortcodes/audit-trail-asm.en.md index 6560350495fba..5a087c623a483 100644 --- a/layouts/shortcodes/audit-trail-asm.en.md +++ b/layouts/shortcodes/audit-trail-asm.en.md @@ -1,7 +1,7 @@ | Name | Description of audit event | Query in audit explorer | |------------------------------|---------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| -| [One-click Activation][1001] | A user activated or de-activated ASM on a service. | `@evt.name:"Application Security" @asset.type:compatible_services` | -| [Protection][1002] | A user enabled or disabled the ASM protection. | `@evt.name:"Application Security" @asset.type:blocking_configuration` | +| [One-click Activation][1001] | A user activated or de-activated AAP on a service. | `@evt.name:"Application Security" @asset.type:compatible_services` | +| [Protection][1002] | A user enabled or disabled the AAP protection. | `@evt.name:"Application Security" @asset.type:blocking_configuration` | | [Denylist][1003] | A user blocked, unblocked, or extended the blocking duration of an IP address or a user ID. | `@evt.name:"Application Security" @asset.type:ip_user_denylist` | | [Passlist][1004] | A user added, modified, or deleted an entry to the passlist. | `@evt.name:"Application Security" @asset.type:passlist_entry` | | [In-App WAF Policy][1005] | A user created, modified, or deleted an In-App WAF policy. | `@evt.name:"Application Security" @asset.type:policy_entry` | diff --git a/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md b/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md index 1d18b86164f83..eacb851372050 100644 --- a/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md +++ b/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md @@ -5,7 +5,7 @@ 1. Select the AWS Region where the CloudFormation stack will be launched. 1. Select or create the Datadog API Key used to send data from your AWS account to Datadog. 1. To configure the Datadog Lambda Forwarder, select **Yes** for **Send Logs to Datadog**. This enables AWS CloudTrail logs to be sent to Datadog. -1. To enable Cloud Security Management, select **Yes** for **Detect security issues**. +1. To enable Cloud Security, select **Yes** for **Detect security issues**. 1. If you select **Yes** for **Detect security issues**, the **Enable Sensitive Data Scanner for Cloud Storage** option appears. Turn this on to automatically identify and classify sensitive data stored in Amazon S3. 1. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack with the parameters filled in based on your selections in the Datadog form. 1. Check the required boxes from AWS and click **Create stack**. diff --git a/layouts/shortcodes/csm-agentless-azure-resource-manager.md b/layouts/shortcodes/csm-agentless-azure-resource-manager.md index b3c797d4e802f..d106ba074aade 100644 --- a/layouts/shortcodes/csm-agentless-azure-resource-manager.md +++ b/layouts/shortcodes/csm-agentless-azure-resource-manager.md @@ -2,9 +2,9 @@ Complete the following steps to enable Agentless Scanning for your Azure subscriptions: -#### Cloud Security Management Setup page +#### Cloud Security Setup page -1. On the [Cloud Security Management Setup][1010] page, click **Cloud Integrations** > **Azure**. +1. On the [Cloud Security Setup][1010] page, click **Cloud Integrations** > **Azure**. 1. Locate the tenant ID of your subscription. 1. **(Optional)** To enable detection of misconfigurations, toggle **Resource Scanning** to the on position. 1. Expand the list of Azure subscriptions and locate the subscription where you want to deploy the Agentless scanner. diff --git a/layouts/shortcodes/csm-agentless-prereqs.en.md b/layouts/shortcodes/csm-agentless-prereqs.en.md index 754bdf7ef5a79..5009236e50c65 100644 --- a/layouts/shortcodes/csm-agentless-prereqs.en.md +++ b/layouts/shortcodes/csm-agentless-prereqs.en.md @@ -1,13 +1,13 @@ ## Prerequisites -To deploy Agentless scanning in your AWS environment, in addition to having [Cloud Security Management][3] enabled, you must enable Remote Configuration. +To deploy Agentless scanning in your AWS environment, in addition to having [Cloud Security][3] enabled, you must enable Remote Configuration. ### Enable Remote Configuration [Remote Configuration][1] (enabled by [default][2] as of **April 8th, 2024**) is required to allow Datadog to send information to Agentless scanners, such as which cloud resources should be scanned. If Remote Configuration has not been enabled for your organization, navigate to your [Organization Settings in Datadog][4] and follow [steps 1-4][2] in the Remote Configuration docs. -**Note**: CSM-enabled AWS accounts that have scanners deployed require Remote-config enabled API keys. +**Note**: Cloud Security-enabled AWS accounts that have scanners deployed require Remote-config enabled API keys. ### Permissions diff --git a/layouts/shortcodes/csm-fargate-eks-sidecar.en.md b/layouts/shortcodes/csm-fargate-eks-sidecar.en.md index a209e359103e3..65e5af236af30 100644 --- a/layouts/shortcodes/csm-fargate-eks-sidecar.en.md +++ b/layouts/shortcodes/csm-fargate-eks-sidecar.en.md @@ -1,4 +1,4 @@ -The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with CSM Threats enabled: +The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with Workload Protection enabled: ```yaml apiVersion: apps/v1 diff --git a/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md b/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md index 6fee4fd3573ee..34de6fb434a02 100644 --- a/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md +++ b/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md @@ -1,5 +1,5 @@ * Datadog Agent 7.44 or later. -* Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. CSM Threats supports the following Linux distributions: +* Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. Workload Protection supports the following Linux distributions: * Ubuntu LTS (18.04, 20.04, and 22.04) * Debian 10 or later * Amazon Linux 2 (kernels 4.15, 5.4, and 5.10) and 2023 diff --git a/layouts/shortcodes/csm-prereqs-pro.en.md b/layouts/shortcodes/csm-prereqs-pro.en.md index e7bbc5d4dc19c..f38c225814be8 100644 --- a/layouts/shortcodes/csm-prereqs-pro.en.md +++ b/layouts/shortcodes/csm-prereqs-pro.en.md @@ -1,13 +1,13 @@ Datadog Agent `7.46` or later installed on your hosts or containers. -### CSM Vulnerabilities +### Cloud Security Vulnerabilities | Component | Version/Requirement | | ------------------------ | ----------------------------------------| | [Helm Chart][102] | v3.49.6 or later (Kubernetes only) | | [containerd][103] | v1.5.6 or later (Kubernetes and hosts only)| -**Note**: CSM Vulnerabilities is **not** available for the following environments: +**Note**: Cloud Security Vulnerabilities is **not** available for the following environments: - Windows - AWS Fargate diff --git a/layouts/shortcodes/csm-prereqs-workload-security.en.md b/layouts/shortcodes/csm-prereqs-workload-security.en.md index 1168edcd19f9b..7fa0eef4b3ab7 100644 --- a/layouts/shortcodes/csm-prereqs-workload-security.en.md +++ b/layouts/shortcodes/csm-prereqs-workload-security.en.md @@ -1,6 +1,6 @@ Datadog Agent `7.46` or later installed on your hosts or containers. -CSM Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distribution | Supported Versions | | ---------------------------------- | ------------------------------------------------- | | Ubuntu LTS | 18.04, 20.04, 22.04 | @@ -13,7 +13,7 @@ CSM Threats supports the following Linux distributions: **Notes**: -* [CSM Threats on Windows is available in beta][103]. +* [Workload Protection on Windows is available in beta][103]. * Custom kernel builds are not supported. * Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. * For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting page][102]. diff --git a/layouts/shortcodes/csm-prereqs.en.md b/layouts/shortcodes/csm-prereqs.en.md index e52203a0236c3..9ceec29f66cbf 100644 --- a/layouts/shortcodes/csm-prereqs.en.md +++ b/layouts/shortcodes/csm-prereqs.en.md @@ -1,7 +1,7 @@ -### CSM Threats +### Workload Protection -CSM Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distributions | Supported Versions | | ---------------------------| --------------------------------------| @@ -19,27 +19,27 @@ CSM Threats supports the following Linux distributions: - For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting page][102]. - Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. -### CSM Vulnerabilities +### Cloud Security Vulnerabilities | Component | Version/Requirement | | ------------------------ | ----------------------------------------| | [Helm Chart][103] | v3.49.6 or later (Kubernetes only) | | [containerd][104] | v1.5.6 or later (Kubernetes and hosts only)| -**Note**: CSM Vulnerabilities is **not** available for the following container runtimes: +**Note**: Cloud Security Vulnerabilities is **not** available for the following container runtimes: - CRI-O runtime - podman runtime -### CSM Identity Risks +### Cloud Security Identity Risks -
Note: At this time, CSM Identity Risks is available for AWS only.
+
Note: At this time, Cloud Security Identity Risks is available for AWS only.
-To use CSM Identity Risks, you must [enable resource collection for AWS][105]. If you've already done this, no additional setup is required. +To use Cloud Security Identity Risks, you must [enable resource collection for AWS][105]. If you've already done this, no additional setup is required. **Notes**: -- If you've [enabled CSM Misconfigurations for your AWS accounts][106], you already have cloud resource collection enabled. +- If you've [enabled Cloud Security Misconfigurations for your AWS accounts][106], you already have cloud resource collection enabled. - Although not required, when you [enable CloudTrail logs forwarding][107], you get additional insights based on the actual usage (or non-usage) of resources in your infrastructure, for example, users and roles with significant gaps between provisioned and used permissions. [102]: /security/cloud_security_management/troubleshooting diff --git a/layouts/shortcodes/csm-setup-aws.en.md b/layouts/shortcodes/csm-setup-aws.en.md index 8889f2044a27f..12cb1511cd844 100644 --- a/layouts/shortcodes/csm-setup-aws.en.md +++ b/layouts/shortcodes/csm-setup-aws.en.md @@ -2,13 +2,13 @@ If you haven't already, set up the [Amazon Web Services integration][1]. You must also [enable resource collection][2] by attaching the AWS-managed SecurityAudit Policy to the Datadog IAM role in your AWS account. -### Enable CSM for your AWS accounts +### Enable Cloud Security for your AWS accounts -1. On the [**Cloud Security Management Setup**][3] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To enable resource scanning for an account, click the **Plus** button, then switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done**. -1. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][5]. +1. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][5]. 1. Click **Done**. [1]: https://docs.datadoghq.com/integrations/amazon_web_services/ diff --git a/layouts/shortcodes/csm-setup-azure.en.md b/layouts/shortcodes/csm-setup-azure.en.md index 24ca9c37b719f..0597aef9add54 100644 --- a/layouts/shortcodes/csm-setup-azure.en.md +++ b/layouts/shortcodes/csm-setup-azure.en.md @@ -4,12 +4,12 @@ If you haven't already, set up the [Microsoft Azure integration][1]. **Note**: To access the full set of Azure compliance rules—including [Identity Risks][5]—you must enable the `Application.Read.All`, `Directory.Read.All`, `Group.Read.All`, `Policy.Read.All`, and `User.Read.All` permissions for the [Microsoft Graph API][2]. -### Enable CSM for your Azure subscriptions +### Enable Cloud Security for your Azure subscriptions -1. On the [**Cloud Security Management Setup**][3] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 2. Expand the **Azure** section. 3. To enable resource scanning for a subscription, switch the **Resource Scanning** toggle to the on position. -4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][4]. +4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][4]. 5. Click **Done**. [1]: https://docs.datadoghq.com/integrations/azure diff --git a/layouts/shortcodes/csm-setup-google-cloud.en.md b/layouts/shortcodes/csm-setup-google-cloud.en.md index 93bbcabbc45fe..a9831ccba624d 100644 --- a/layouts/shortcodes/csm-setup-google-cloud.en.md +++ b/layouts/shortcodes/csm-setup-google-cloud.en.md @@ -13,12 +13,12 @@ The Datadog Google Cloud Platform integration uses service accounts to create an - Repeat the process above to use multiple service accounts. - Use the same service account by updating the `project_id` in the downloaded JSON file. Then, upload the file to Datadog as described in steps 1-3. -### Enable CSM for your Google Cloud projects +### Enable Cloud Security for your Google Cloud projects -1. On the [**Cloud Security Management Setup**][2] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][2] page, click **Cloud Integrations**. 2. Expand the **GCP** section. 3. To enable resource scanning for a project, switch the **Resource Scanning** toggle to the on position. -4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][11]. +4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][11]. 5. Click **Done**. [1]: https://docs.datadoghq.com/integrations/google_cloud_platform diff --git a/layouts/shortcodes/csm-windows-setup.en.md b/layouts/shortcodes/csm-windows-setup.en.md index d60923ffa7177..6cd8e58e9116a 100644 --- a/layouts/shortcodes/csm-windows-setup.en.md +++ b/layouts/shortcodes/csm-windows-setup.en.md @@ -1,7 +1,7 @@ Use the following instructions to enable Threat Detection and Vulnerability scanning on Windows. -Datadog Cloud Security Management on Windows includes host vulnerability detection as well as built-in threat detection for Windows process and network events. The out-of-the-box Windows ruleset includes the following default rules: +Datadog Cloud Security on Windows includes host vulnerability detection as well as built-in threat detection for Windows process and network events. The out-of-the-box Windows ruleset includes the following default rules: - Certutil used to transmit or decode a file - Process memory was dumped using the minidump functions of comsvcs.dll @@ -43,7 +43,7 @@ It can take up to 15 minutes to complete the installation. In certain cases, Mic ## Configuration -### Enable CSM +### Enable Cloud Security 1. Ensure you have access to `C:\ProgramData`, which is a hidden folder. - In **File Explorer**, click the **View** tab, and clear the **Hidden items** checkbox. The **ProgramData** folder should now be visible when navigating to the `C:` drive. The transparent icon indicates it is a hidden folder. @@ -57,16 +57,16 @@ It can take up to 15 minutes to complete the installation. In certain cases, Mic runtime_security_config: enabled: true ``` -4. [Restart the Datadog Agent][6] to enable CSM. +4. [Restart the Datadog Agent][6] to enable Cloud Security. -### Verify that the Agent is sending events to CSM +### Verify that the Agent is sending events to Cloud Security -When you enable CSM on Windows, the Agent sends a log to Datadog to confirm that the Windows default ruleset has been successfully deployed. To view the log, navigate to the [**Logs**][7] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. +When you enable Cloud Security on Windows, the Agent sends a log to Datadog to confirm that the Windows default ruleset has been successfully deployed. To view the log, navigate to the [**Logs**][7] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. -Another method to verify that the Agent is sending events to CSM is to manually trigger a Windows security signal. +Another method to verify that the Agent is sending events to Cloud Security is to manually trigger a Windows security signal. 1. In Windows, open a command prompt as Administrator and run the command `schtasks /create /?`. -2. In Datadog, navigate to the [CSM Signals Explorer][8] to view the generated Windows signals. +2. In Datadog, navigate to the [Cloud Security Signals Explorer][8] to view the generated Windows signals. - To view signals originating from configured Windows hosts, filter the signals by hostname using the **Hosts** > **Hostnames** facet. - To filter by Windows rules, use the **Workflow** > **Rule Name** facet. @@ -86,7 +86,7 @@ To get alerts whenever a Windows signal is created, create a [Notification Rule] runtime_security_config: fim_enabled: true ``` -1. [Restart the Datadog Agent][6] to enable CSM. +1. [Restart the Datadog Agent][6] to enable Cloud Security. ### Enable Vulnerability scanning @@ -101,7 +101,7 @@ To get alerts whenever a Windows signal is created, create a [Notification Rule] enabled: true ``` -4. [Restart the Datadog Agent][6] to enable CSM Vulnerability Management. +4. [Restart the Datadog Agent][6] to enable Cloud Security Vulnerability Management. [1]: /security/cloud_security_management/ [2]: /network_monitoring/performance/setup/?tab=agentwindows#setup diff --git a/layouts/shortcodes/product-availability.html b/layouts/shortcodes/product-availability.html index 18a90b4a5c9a2..ee15bd154a6f0 100644 --- a/layouts/shortcodes/product-availability.html +++ b/layouts/shortcodes/product-availability.html @@ -15,7 +15,7 @@ - name: Cloud SIEM url: /security/cloud_siem/ icon: siem - - name: CSM Threats + - name: Workload Protection url: /security/threats/ icon: cloud-security-management */}} diff --git a/layouts/shortcodes/semantic-color.en.md b/layouts/shortcodes/semantic-color.en.md index fec48237f138f..9b163eb44dccf 100644 --- a/layouts/shortcodes/semantic-color.en.md +++ b/layouts/shortcodes/semantic-color.en.md @@ -10,8 +10,8 @@ | `@static_analysis.result.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | | `@deployment.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | | `@evaluation.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | -| `evaluation` | Used by [Cloud Security Management](https://www.datadoghq.com/product/cloud-security-management/) | -| `severity` | Used by [Cloud Security Management](https://www.datadoghq.com/product/cloud-security-management/) | +| `evaluation` | Used by [Cloud Security](https://www.datadoghq.com/product/cloud-security-management/) | +| `severity` | Used by [Cloud Security](https://www.datadoghq.com/product/cloud-security-management/) | | `@resource.status_code` | Used by [RUM & Session Replay](https://docs.datadoghq.com/real_user_monitoring/). Uses the same colors as `http.status_code`. | | `@error.resource.status_code` | Used by [RUM & Session Replay](https://docs.datadoghq.com/real_user_monitoring/). Uses the same colors as `http.status_code`. | | `@batch.status` | Used by [Synthetic Monitoring](https://docs.datadoghq.com/synthetics/) for test batch results. |