Network Performance Monitoring is now generally available! Network Monitoring is now available!

Signal Sciences

Agent Check Agent Check

Supported OS: Linux Mac OS Windows

Overview

Send Signal Sciences metrics and events to Datadog to monitor real-time attacks and abuse against your applications, APIs, and microservices, and to ensure Signal Sciences is functioning and inspecting traffic as expected.

image-datadog-sigsci-dashboard

image-datadog-sigsci-security

Get metrics and events from Signal Sciences in real-time to:

  • See metrics from the WAF related to:

    • Total Requests
    • Top Types of Potential Attacks
    • Command Execution
    • SQL Injection
    • Cross Site Scripting
    • Path Scanning
    • Anomalous Traffic
    • Unknown Sources
    • Server 400/500s
  • See IPs that Signal Sciences has blocked and/or flagged as malicious from any of the following activities:

    • OWASP Injection Attacks
    • Application DoS
    • Brute Force Attacks
    • Application Abuse & Misuse
    • Request Rate Limiting
    • Account Takeover
    • Bad Bots
    • Virtual Patching
  • See alerts on Signal Sciences agent status

Setup

To use the Signal Sciences-Datadog integration, you must be a customer of Signal Sciences. For more information about Signal Sciences, visit us at https://www.signalsciences.com.

Configuration

Metrics Collection

  1. Install the Signal Sciences agent.

  2. Configure the Signal Sciences agent to use DogStatsD:

    Add the following line to each agent’s agent.config file:

    statsd-type = "dogstatsd"
    

    When this is done the agent’s StatsD client has tagging enabled and metrics such as sigsci.agent.signal.<SIGNAL_TYPE> are sent as sigsci.agent.signal and tagged with signal_type:<SIGNAL_TYPE>.

    Example:sigsci.agent.signal.http404 => sigsci.agent.signal with tag signal_type:http404

    If using Kubernetes to run the Datadog Agent, make sure to enable DogStatsD non local traffic as described in the Kubernetes DogStatsD documentation.

  3. Configure the SigSci agent to send metrics to the Datadog Agent:

    Add the following line to each agent’s agent.config file:

    statsd-address="<DATADOG_AGENT_HOSTNAME>:<DATADOG_AGENT_PORT>"
    
  4. Click the button to install the integration.

  5. In Datadog, verify that the “Signal Sciences - Overview” dashboard is created and starting to capture metrics.

Events Collection

  1. Within Datadog, create an API key.

  2. In your Signal Sciences Dashboard on the Site navigation bar, click Manage > Integrations and click Add next to the Datadog Event integration.

  3. Enter the API Key in the API Key field.

  4. Click Add.

Need more information?

Data Collected

Metrics

sigsci.agent.waf.total
sigsci.agent.waf.error
sigsci.agent.waf.allow
sigsci.agent.waf.block
sigsci.agent.waf.perf.decision_time
sigsci.agent.waf.perf.queue_time
sigsci.agent.rpc.connections.open
sigsci.agent.runtime.cpu_pct
sigsci.agent.runtime.mem.sys_bytes
sigsci.agent.runtime.uptime
sigsci.agent.signal

Events

All Signal Sciences events are sent to your Datadog Event Stream

Service Checks

The Signal Sciences integration does not include any service checks.

Troubleshooting

Need help? Contact Datadog support.

Further Reading

Learn more about application security, DevOps, SecOps, and all the ops on Signal Sciences blog.

To sign up for the Signal Sciences-Datadog Monitoring, a free service to see attacks against your applications, APIs, and microservices in real-time without a Signal Sciences subscription, visit our registration page.


Mistake in the docs? Feel free to contribute!