Overview

Datadog App and API Protection (AAP) helps secure your web applications and APIs in production.

• With threat detection, Datadog provides real-time protection against attacks and attackers targeting code-level vulnerabilities.
• With Code Security, Datadog detects code and library vulnerabilities in your repositories and your running services, providing end-to-end visibility from development to production.

This guide walks you through best practices for getting your team up and running with AAP.

Identify services that have security risk

Identify services vulnerable or exposed to attacks that would benefit from AAP. On the Software Catalog > Security page, view and select the services you wish to enable.

These security insights are detected from data reported by APM. The insights help prioritize your security efforts. AAP identifies, prioritizes, and helps remediate all security risks on your services.

Note: If no vulnerabilities or suspicious requests are reported, ensure your services are using a recent Datadog tracing library version. From the Security Software Catalog, open any service’s side panel and look at its Tracing Configuration.

Enable AAP

Enable AAP with in-app instructions

• To enable Threat Management in-app, navigate to Application Security > Setup.
• To enable Code Security in-app, navigate to Code Security > Setup.

Enable AAP with Remote Configuration

Prerequisites:

• Datadog Agent versions 7.42.0 or higher installed on your hosts or containers.
• Datadog Tracer versions are compatible with Remote Configuration.

Setup Remote Configuration (if not enabled already)

Follow the steps to enable Remote Configuration in your Datadog UI. This includes:

1. Activate Remote Config capability for your organization.
2. Add Remote Configuration capability to an existing API key, or create a new one.
3. Update your Datadog Agent configuration to use the API key with Remote Configuration capability.

See Setting up Remote Configuration for more information.

Test AAP

Once enabled, AAP immediately identifies application vulnerabilities and detects attacks and attackers targeting your services.

1. Validate vulnerabilities: Navigate to the Vulnerabilities tab, triage and remediate your vulnerabilities.
2. Validate attacks: Send attack patterns to trigger a test detection rule. From your terminal, run the following script:

  for ((i=1;i<=250;i++)); do
  # Target existing service's routes
  curl https://your-application-url/<EXISTING ROUTE> -A
  'dd-test-scanner-log';
  # Target non existing service's routes
  curl https://your-application-url/<NON-EXISTING ROUTE> -A
  'dd-test-scanner-log';
  done

3. Go to Security Signals Explorer to see the signal that is generated after a few seconds.

Disable AAP

For information on disabling AAP or its related capabilities, see the following:

• Disabling threat management and protection
• Disabling Code Security (SAST, SCA, or IAST)

Reports and notifications

1. Set up notification rules to receive alerts using Slack, Jira, email, and more.
2. Subscribe to the weekly threat digest reports to begin investigation and remediation of the most important security threats discovered in the last seven days.

Further reading

Additional helpful documentation, links, and articles:

Application Security terms and conceptsDOCUMENTATION How App and API Protection worksDOCUMENTATION Join an interactive session to elevate your security and threat detectionFOUNDATION ENABLEMENT Security research, reports, tips, and videos from DatadogSECURITY LABS