- 重要な情報
- はじめに
- 用語集
- ガイド
- エージェント
- インテグレーション
- OpenTelemetry
- 開発者
- API
- CoScreen
- アプリ内
- Service Management
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
Detect excessive activity performed from an IP.
This may be caused by a malicious actor trying to cause issues in your platform, create spam content, or similar.
You can read more about the purpose of rate limiting there.
Datadog auto-instruments many event types. Review your instrumented business logic events. This detection requires the following instrumented event:
activity.sensitiveCount the number of a given activity generated coming from a single IP.
Require the activity to be flagged using a user event named activity.sensitive. User authentication isn’t necessary.
However, it is very important that the event be given a name in the metadata.
The rule will count the number of events sharing the same names. This enables you to rate limit multiple activities separately without one counting for another (60 activity named A + 60 activity named B won’t trigger the rate limit). The rule won’t run if no name is provided.
The rule determines the standard rate for IPs to trigger this activity.
If an IP is seen significantly exceeding the normal rate, a Medium signal will be generated.
This rule is using a new feature of ASM that isn’t yet available in custom detection rules.
This will prevent you from cloning this rule and having it work the same way as the Datadog version.
We’re working toward solving this limitation.