---
title: Threat Protection Overview
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > App and API Protection > Threat Protection > Threat
  Protection Overview
---

# Threat Protection Overview

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

The **Threat Protection** overview page shows how well your services are instrumented and protected against attacks, the security signals they generate, the services most exposed to threats, and the trends in attack activity. The following sections describe each area of the page.

{% image
   source="https://docs.dd-static.net/images/security/application_security/overview/threat_protection.874da7d7f30cd493a2a26228070dd02a.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/application_security/overview/threat_protection.874da7d7f30cd493a2a26228070dd02a.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="Threat Protection overview page" /%}

## Ask Bits panel{% #ask-bits-panel %}

The **Ask Bits** panel is a contextual entry point to Bits AI for questions about your threat protection. It offers ready-made prompts such as **Top priorities**, **Summarize Last Week insights**, and **What I'm exposed to?** to help you start an investigation without writing a query. The panel appears when Bits AI is enabled and you have the required access. You can dismiss it.

## App Instrumentation{% #app-instrumentation %}

The **App Instrumentation** section reports how broadly App and API Protection (AAP) is activated across your services. **Threat detection coverage** shows how many services are actively detecting threats in real time compared to your total services, and **Recommended services activated** tracks your progress in enabling AAP on at-risk services identified by known vulnerabilities and suspicious traffic. From this section you can protect additional services or view the services already protected.

## Attack Coverage{% #attack-coverage %}

The **Attack Coverage** section shows how well your services are protected against attack vectors. **Attack Tools** reports how many exposed services are protected from scanners, bots, and similar tooling through AAP monitoring and blocking, and **Exploit Prevention** reports how many services are protected from exploits through Runtime Application Self-Protection (RASP). The section also highlights services that need [Threat Protection](https://docs.datadoghq.com/security/application_security/how-it-works.md#identify-services-exposed-to-application-attacks) enabled or a tracing library upgrade.

## Open Signals{% #open-signals %}

The **Open Signals** section summarizes the security signals that are open. Signals are broken down by severity (critical, high, medium, and low) with a trend comparison to the previous time window of equal length, and they are shown across **Open** and **Under Review** states. The section also lists the top rules triggering signals so you can see what is driving activity.

## Threats Exposure{% #threats-exposure %}

The **Threats Exposure** section ranks the services that are most exposed to threats, surfacing those that have triggered the most signals. From here you can examine a specific service to investigate the activity targeting it.

## Threat Trends{% #threat-trends %}

The **Threat Trends** section highlights patterns in attack activity. **Top attack types** shows the most common categories of detected attacks, and **Top countries** shows the geographic distribution of attack sources by origin country. You can pivot to the Traces Explorer for deeper analysis of the underlying activity.

## Customize Page{% #customize-page %}

Use the **Customize Page** button in the page header to tailor the page to your needs. In the popover, drag sections between the **Visible** and **Hidden** areas to control which sections appear, and reorder visible sections by dragging them. Your changes persist locally so the page keeps your layout on future visits.

## Further reading{% #further-reading %}

- [API Posture Overview](https://docs.datadoghq.com/security/application_security/api_posture/overview.md)
- [Attack Summary](https://docs.datadoghq.com/security/application_security/attack_summary.md)
