Enabling ASM

Enable your application to detect and protect against threats targeting your production systems, and to manage risks in your code and its open source dependencies, using the Datadog library for your application language. You can detect vulnerabilities and threats for apps hosted on a server, Docker, Kubernetes, AWS ECS, and (for supported languages) AWS Fargate.

In general, setting up Application Security Management (ASM) involves:

Identifying services that are vulnerable or are under attack, which would most benefit from ASM. Find them on the Security tab of your Service Catalog.
Updating to the latest Datadog library (the most recent APM tracing library).
Enabling the library to collect the application security data from the services and send it to Datadog.
Triggering security signals in your application and seeing how Datadog displays the resulting information.

Prerequisites

The Datadog Agent is installed and configured for your application’s operating system or container, cloud, or virtual environment.
Datadog APM is configured for your application or service, and traces are being received by Datadog.

Beta: 1-Click Enablement
If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the ASM Status column and click Enable ASM. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.

Beta: IP and user blocking
If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, you can block attackers from the Datadog UI without additional configuration of the Agent or tracing libraries.

Select your application language for details on how to do these steps for your language and infrastructure types.

Enabling ASM

Prerequisites

Further Reading