- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect excessive activity performed from an IP.
This may be caused by a malicious actor trying to cause issues in your platform, create spam content, or similar.
You can read more about the purpose of rate limiting there.
Datadog auto-instruments many event types. Review your instrumented business logic events. This detection requires the following instrumented event:
activity.sensitive
Count the number of a given activity generated coming from a single IP.
Require the activity to be flagged using a user event named activity.sensitive
. User authentication isn’t necessary.
However, it is very important that the event be given a name in the metadata.
The rule will count the number of events sharing the same names. This enables you to rate limit multiple activities separately without one counting for another (60 activity named A + 60 activity named B won’t trigger the rate limit). The rule won’t run if no name is provided.
The rule determines the standard rate for IPs to trigger this activity.
If an IP is seen significantly exceeding the normal rate, a Medium
signal will be generated.
This rule is using a new feature of ASM that isn’t yet available in custom detection rules.
This will prevent you from cloning this rule and having it work the same way as the Datadog version.
We’re working toward solving this limitation.