From 9f12f1540a090dc7955a87a08d279fdcaa76f750 Mon Sep 17 00:00:00 2001 From: Michael Cretzman Date: Wed, 9 Apr 2025 12:53:08 -0700 Subject: [PATCH 01/28] names changed --- config/_default/menus/main.en.yaml | 10 +-- .../account_management/audit_trail/events.md | 65 ++++++++++++------- .../billing/product_allotments.md | 4 +- .../en/agent/configuration/dual-shipping.md | 4 +- content/en/agent/remote_config/_index.md | 4 +- content/en/all_guides.md | 4 +- .../en/api/v1/usage-metering/examples.json | 6 +- .../en/containers/kubernetes/installation.md | 2 +- content/en/data_security/_index.md | 2 +- .../data-collection-resolution-retention.md | 4 +- content/en/getting_started/_index.md | 4 +- .../en/getting_started/devsecops/_index.md | 10 +-- .../en/getting_started/integrations/aws.md | 4 +- .../integrations/google_cloud.md | 6 +- content/en/getting_started/security/_index.md | 2 +- .../security/application_security.md | 6 +- .../security/cloud_security_management.md | 10 +-- content/en/glossary/terms/resource.md | 2 +- .../glossary/terms/security_posture_score.md | 2 +- .../containers/container_images.md | 8 +-- .../infrastructure/resource_catalog/_index.md | 8 +-- .../guide/aws-organizations-setup.md | 4 +- .../azure-architecture-and-configuration.md | 2 +- .../integrations/guide/azure-manual-setup.md | 2 +- content/en/integrations/guide/azure-portal.md | 4 +- .../network_analytics.md | 2 +- content/en/opentelemetry/compatibility.md | 2 +- .../instrument/api_support/_index.md | 2 +- .../setup/otlp_ingest_in_the_agent.md | 2 +- content/en/security/_index.md | 8 +-- content/en/security/access_control.md | 2 +- .../security/account_takeover_protection.md | 8 +-- .../security/application_security/_index.md | 18 ++--- .../application_security/guide/_index.md | 4 +- .../guide/manage_account_theft_appsec.md | 10 +-- .../application_security/how-appsec-works.md | 2 +- .../application_security/serverless/_index.md | 6 +- .../application_security/threats/_index.md | 6 +- .../threats/add-user-info.md | 2 +- .../threats/attacker-explorer.md | 2 +- .../threats/attacker_clustering.md | 2 +- .../threats/attacker_fingerprint.md | 2 +- .../threats/custom_rules.md | 8 +-- .../threats/exploit-prevention.md | 8 +-- .../threats/inapp_waf_rules.md | 6 +- .../threats/library_configuration.md | 8 +-- .../threats/protection.md | 6 +- .../threats/security_signals.md | 6 +- .../threats/setup/compatibility/_index.md | 4 +- .../compatibility/gcp-service-extensions.md | 2 +- .../threats/setup/threat_detection/_index.md | 8 +-- .../threats/setup/threat_detection/dotnet.md | 4 +- .../threats/setup/threat_detection/envoy.md | 4 +- .../gcp-service-extensions.md | 6 +- .../threats/setup/threat_detection/go.md | 4 +- .../threats/setup/threat_detection/java.md | 4 +- .../threats/setup/threat_detection/nginx.md | 4 +- .../threats/setup/threat_detection/nodejs.md | 6 +- .../threats/setup/threat_detection/php.md | 4 +- .../threats/setup/threat_detection/python.md | 4 +- .../threats/setup/threat_detection/ruby.md | 4 +- .../threats/threat-intelligence.md | 6 +- .../threats/trace_qualification.md | 8 +-- .../application_security/troubleshooting.md | 22 +++---- content/en/security/audit_trail.md | 6 +- .../cloud_security_management/_index.md | 22 +++---- .../cloud_security_management/guide/_index.md | 8 +-- .../guide/agent_variables.md | 4 +- .../guide/custom-rules-guidelines.md | 2 +- .../guide/eBPF-free-agent.md | 2 +- .../guide/public-accessibility-logic.md | 2 +- .../guide/resource_evaluation_filters.md | 12 ++-- .../guide/tuning-rules.md | 2 +- .../cloud_security_management/iac_scanning.md | 2 +- .../identity_risks/_index.md | 10 +-- .../misconfigurations/_index.md | 8 +-- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/findings/_index.md | 2 +- .../custom_frameworks.md | 2 +- .../misconfigurations/kspm.md | 2 +- .../misconfigurations/signals_explorer.md | 2 +- .../review_remediate/_index.md | 4 +- .../review_remediate/jira.md | 6 +- .../review_remediate/mute_issues.md | 2 +- .../review_remediate/workflows.md | 4 +- .../cloud_security_management/setup/_index.md | 20 +++--- .../setup/agent/_index.md | 4 +- .../setup/agent/docker.md | 2 +- .../setup/agent/ecs_ec2.md | 2 +- .../setup/agent/kubernetes.md | 2 +- .../setup/agent/linux.md | 2 +- .../setup/agent/windows.md | 2 +- .../setup/agentless_scanning/_index.md | 12 ++-- .../agentless_scanning/deployment_methods.md | 2 +- .../setup/agentless_scanning/enable.md | 42 ++++++------ .../setup/cloud_integrations.md | 8 +-- .../setup/cloudtrail_logs.md | 2 +- .../setup/iac_remediation.md | 6 +- .../setup/iac_scanning/_index.md | 6 +- .../iac_scanning/iac_scanning_exclusions.md | 2 +- .../without_infrastructure_monitoring.md | 8 +-- .../severity_scoring.md | 2 +- .../troubleshooting/_index.md | 6 +- .../troubleshooting/threats.md | 6 +- .../troubleshooting/vulnerabilities.md | 4 +- .../vulnerabilities/_index.md | 8 +-- .../hosts_containers_compatibility.md | 4 +- content/en/security/cloud_siem/_index.md | 2 +- .../signal_correlation_rules.md | 2 +- .../cloud_siem/entities_and_risk_scoring.md | 2 +- ...p-security-filters-using-cloud-siem-api.md | 2 +- .../iast/setup/compatibility/_index.md | 4 +- content/en/security/default_rules/_index.md | 4 +- content/en/security/detection_rules/_index.md | 14 ++-- .../guide/aws_fargate_config_guide.md | 14 ++-- content/en/security/notifications/_index.md | 4 +- content/en/security/notifications/rules.md | 4 +- .../en/security/notifications/variables.md | 6 +- content/en/security/security_inbox.md | 10 +-- .../security/sensitive_data_scanner/_index.md | 2 +- .../investigate_sensitive_data_issues.md | 2 +- .../setup/cloud_storage.md | 2 +- content/en/security/suppressions.md | 2 +- content/en/security/threat_intelligence.md | 2 +- content/en/security/threats/_index.md | 8 +-- content/en/security/threats/agent.md | 2 +- .../threats/investigate_agent_events.md | 2 +- .../en/security/threats/security_signals.md | 6 +- .../threats/supported_linux_distributions.md | 4 +- .../threats/workload_security_rules/_index.md | 2 +- .../workload_security_rules/custom_rules.md | 12 ++-- .../upcoming_changes_notification_rules.md | 2 +- content/en/serverless/aws_lambda/_index.md | 2 +- .../en/serverless/aws_lambda/configuration.md | 2 +- .../aws_lambda/installation/dotnet.md | 2 +- .../serverless/aws_lambda/installation/go.md | 2 +- .../aws_lambda/installation/java.md | 2 +- .../aws_lambda/installation/nodejs.md | 2 +- .../aws_lambda/installation/python.md | 2 +- .../aws_lambda/installation/ruby.md | 2 +- .../aws_lambda/securing_functions.md | 8 +-- .../azure_app_services_windows.md | 2 +- .../incident_management/declare.md | 6 +- content/en/software_catalog/navigating.md | 2 +- .../en/software_catalog/use_cases/_index.md | 2 +- .../use_cases/appsec_management.md | 2 +- .../tracing/configure_data_security/_index.md | 2 +- .../dd_libraries/go.md | 2 +- .../trace_collection/library_config/nodejs.md | 2 +- .../en/tracing/trace_explorer/trace_view.md | 2 +- .../trace_pipeline/ingestion_mechanisms.md | 2 +- .../tracing/trace_pipeline/trace_retention.md | 2 +- 152 files changed, 417 insertions(+), 402 deletions(-) diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index 64199bc85777f..2becc9147d8f1 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -155,12 +155,12 @@ menu: url: getting_started/security/ parent: getting_started weight: 17 - - name: Application Security Management + - name: App & API Protection identifier: getting_started_application_security url: getting_started/security/application_security parent: getting_started_security weight: 1701 - - name: Cloud Security Management + - name: Workload Protection identifier: getting_started_cloud_security_management url: getting_started/security/cloud_security_management/ parent: getting_started_security @@ -2034,7 +2034,7 @@ menu: parent: software_catalog_use_cases identifier: software_catalog_use_cases_cloud_cost_management weight: 402 - - name: Application Security Management + - name: App & API Protection url: software_catalog/use_cases/appsec_management parent: software_catalog_use_cases identifier: software_catalog_use_cases_appsec_management @@ -6127,7 +6127,7 @@ menu: parent: cloud_siem identifier: siem_guides weight: 10 - - name: Cloud Security Management + - name: Workload Protection url: security/cloud_security_management parent: security_platform_heading pre: cloud-security-management @@ -6353,7 +6353,7 @@ menu: parent: csm_troubleshooting identifier: csm_troubleshooting_vulnerabilities weight: 1202 - - name: Application Security Management + - name: App & API Protection url: security/application_security/ parent: security_platform_heading pre: app-sec diff --git a/content/en/account_management/audit_trail/events.md b/content/en/account_management/audit_trail/events.md index 8bb61e86ce4bb..53bb662c31d23 100644 --- a/content/en/account_management/audit_trail/events.md +++ b/content/en/account_management/audit_trail/events.md @@ -27,29 +27,46 @@ further_reading: - [Teams management](#teams-management-events) #### Product-Specific Events -- [App Builder](#app-builder-events) -- [Application Performance Monitoring (APM)](#application-performance-monitoring-apm-events) -- [Application Security Management (ASM)](#application-security-management) -- [Audit Trail](#audit-trail-events) -- [CI Visibility](#ci-visibility-events) -- [Quality Gates](#quality-gates-events) -- [Cloud Security Platform](#cloud-security-platform-events) -- [Dynamic Instrumentation](#dynamic-instrumentation-events) -- [Error Tracking](#error-tracking-events) -- [Log Management](#log-management-events) -- [Metrics](#metrics-events) -- [Real User Monitoring](#real-user-monitoring-events) -- [Security Notification events](#security-notification-events) -- [Sensitive Data Scanner](#sensitive-data-scanner-events) -- [Service Level Objectives](#service-level-objectives-slo-events) -- [Synthetic Monitoring](#synthetic-monitoring-events) -- [Reference Tables](#reference-table-events) -- [Workflows](#workflow-events) -- [App Datastore](#app-datastore) -- [Event Management](#event-management) -- [Private Action Runners](#private-action-runners) -- [Observability Pipelines](#observability-pipelines) -- [On-Call](#on-call) +- [Overview](#overview) + - [Platform Events](#platform-events) + - [Product-Specific Events](#product-specific-events) +- [Audit Events](#audit-events) + - [Access management events](#access-management-events) + - [Agent](#agent) + - [API request events](#api-request-events) + - [App Builder events](#app-builder-events) + - [Application Performance Monitoring (APM) events](#application-performance-monitoring-apm-events) + - [App & API Protection](#app-and-api-protection) + - [Audit Trail events](#audit-trail-events) + - [Authentication events](#authentication-events) + - [CI Visibility events](#ci-visibility-events) + - [Quality Gates events](#quality-gates-events) + - [Cloud Security Platform events](#cloud-security-platform-events) + - [Dashboard events](#dashboard-events) + - [Dynamic Instrumentation events](#dynamic-instrumentation-events) + - [Error Tracking events](#error-tracking-events) + - [Integration events](#integration-events) + - [Log Management events](#log-management-events) + - [Metrics events](#metrics-events) + - [Monitor events](#monitor-events) + - [Notebook events](#notebook-events) + - [OAuth events](#oauth-events) + - [Organization management events](#organization-management-events) + - [Real User Monitoring events](#real-user-monitoring-events) + - [Security Notification events](#security-notification-events) + - [Sensitive Data Scanner events](#sensitive-data-scanner-events) + - [Service Level Objectives (SLO) events](#service-level-objectives-slo-events) + - [Synthetic Monitoring events](#synthetic-monitoring-events) + - [Reference Table events](#reference-table-events) + - [Teams Management events](#teams-management-events) + - [Test Optimization events](#test-optimization-events) + - [Workflow events](#workflow-events) + - [App Datastore](#app-datastore) + - [Event Management](#event-management) + - [Private Action Runners](#private-action-runners) + - [Observability Pipelines](#observability-pipelines) + - [On-Call](#on-call) +- [Further Reading](#further-reading) See the [Audit Trail documentation][2] for more information on setting up and configuring Audit Trail. @@ -110,7 +127,7 @@ See the [Audit Trail documentation][2] for more information on setting up and co | [Sampling rates remotely configured][27] | A user remotely configured the APM sampling rates. | `@evt.name:APM @asset.type:samplerconfig` | | [Saved view][112] | A user created, modified, or deleted a saved view. | `@evt.name:APM @action:(created OR modified OR deleted) @asset.type:saved_view` | -### Application Security Management +### App & API Protection {{% audit-trail-asm %}} diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index bdc0c748f2b62..aea72ece806f1 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Cloud Security Management (CSM) | N/A | Sum | +| CSM Enterprise Containers | Workload Protection | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | @@ -150,7 +150,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | APM Ingested Spans | APM, APM Pro, APM Enterprise
Serverless APM, Legacy - Serverless Invocations
Legacy - Serverless Functions
Fargate Task (APM Pro), Fargate Task (APM Enterprise) | Sum | Sum | | DBM Normalized Queries | Database Monitoring (DBM) | Average | Average | | Data Streams Monitoring | APM Pro, APM Enterprise | HWMP | Sum | -| CSPM Workflow Executions | Cloud Security Management Pro, Cloud Security Management Enterprise | Sum | Sum | +| CSPM Workflow Executions | Workload Protection Pro, Workload Protection Enterprise | Sum | Sum | | Fargate Task (Continuous Profiler) | Fargate Task (APM Enterprise) | Average | N/A | [1]: https://www.datadoghq.com/pricing/list/ diff --git a/content/en/agent/configuration/dual-shipping.md b/content/en/agent/configuration/dual-shipping.md index 61655031be72a..f8abb621df45f 100644 --- a/content/en/agent/configuration/dual-shipping.md +++ b/content/en/agent/configuration/dual-shipping.md @@ -361,7 +361,7 @@ DD_NETWORK_PATH_FORWARDER_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", \"Ho {{% agent-dual-shipping %}} -## Cloud Security Management Misconfigurations +## Workload Protection Misconfigurations ### YAML configuration @@ -386,7 +386,7 @@ DD_COMPLIANCE_CONFIG_ENDPOINTS_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", {{% agent-dual-shipping %}} -## Cloud Security Management Threats +## Workload Protection Threats ### YAML configuration In `datadog.yaml`: diff --git a/content/en/agent/remote_config/_index.md b/content/en/agent/remote_config/_index.md index 323f456b7f2ac..8b1b64178ab3c 100644 --- a/content/en/agent/remote_config/_index.md +++ b/content/en/agent/remote_config/_index.md @@ -30,7 +30,7 @@ algolia: ## Overview Remote Configuration is a Datadog capability that allows you to remotely configure and change the behavior of Datadog components (for example, Agents, tracing libraries, and Observability Pipelines Worker) deployed in your infrastructure, for select product features. Use Remote Configuration to apply configurations to Datadog components in your environment on demand, decreasing management costs, reducing friction between teams, and accelerating issue resolution times. -For Datadog security products, Application Security Management and Cloud Security Management Threats (CSM Threats), Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. +For Datadog security products, App & API Protection and Workload Protection Threats (CSM Threats), Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. ## How it works When Remote Configuration is enabled on the Datadog Agent, it periodically polls the configured [Datadog site][1], to determine whether there are configuration changes to apply to your Remote Configuration-enabled Agents or tracing libraries. @@ -68,7 +68,7 @@ The following products and features are supported with Remote Configuration: ### Fleet Automation **[Send flares][27] directly from the Datadog site**. Seamlessly troubleshoot the Datadog Agent without directly accessing the host. -### Application Security Management (ASM) +### App & API Protection (AAP) - **1-click ASM activation**: Enable ASM in 1-click from the Datadog UI. - **In-App attack patterns updates**: Receive the newest Web Application Firewall (WAF) attack patterns automatically as Datadog releases them, following newly disclosed vulnerabilities or attack vectors. diff --git a/content/en/all_guides.md b/content/en/all_guides.md index dcc8093de201a..d61f4062098d0 100644 --- a/content/en/all_guides.md +++ b/content/en/all_guides.md @@ -44,8 +44,8 @@ Guides in the Datadog documentation are pages that provide background knowledge, {{< whatsnext desc="Security:">}} {{< nextlink href="/security/cloud_siem/guide" >}}    Cloud SIEM{{< /nextlink >}} -{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security Management{{< /nextlink >}} -{{< nextlink href="/security/application_security/guide" >}}    Application Security Management{{< /nextlink >}} +{{< nextlink href="/security/cloud_security_management/guide" >}}    Workload Protection{{< /nextlink >}} +{{< nextlink href="/security/application_security/guide" >}}    App & API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Digital Experience:">}} diff --git a/content/en/api/v1/usage-metering/examples.json b/content/en/api/v1/usage-metering/examples.json index 8713cc548ef4c..c63384ca6937d 100644 --- a/content/en/api/v1/usage-metering/examples.json +++ b/content/en/api/v1/usage-metering/examples.json @@ -1283,7 +1283,7 @@ } ] }, - "html": "
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get hourly usage for Cloud Security Management Pro.

\n
\n
\n
\n
\n
\n

aas_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro Azure app services hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro AWS hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro Azure hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

compliance_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

container_count

\n
\n

double

\n

The total number of Cloud Security Management Pro containers during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro GCP hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

host_count

\n
\n

double

\n

The total number of Cloud Security Management Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

hour

\n
\n

date-time

\n

The hour for the usage.

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get hourly usage for Workload Protection Pro.

\n
\n
\n
\n
\n
\n

aas_host_count

\n
\n

double

\n

The number of Workload Protection Pro Azure app services hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_count

\n
\n

double

\n

The number of Workload Protection Pro AWS hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_count

\n
\n

double

\n

The number of Workload Protection Pro Azure hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

compliance_host_count

\n
\n

double

\n

The number of Workload Protection Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

container_count

\n
\n

double

\n

The total number of Workload Protection Pro containers during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_count

\n
\n

double

\n

The number of Workload Protection Pro GCP hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

host_count

\n
\n

double

\n

The total number of Workload Protection Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

hour

\n
\n

date-time

\n

The hour for the usage.

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -2076,7 +2076,7 @@ } ] }, - "html": "
\n
\n
\n
\n

metadata

\n
\n

object

\n

The object containing document metadata.

\n
\n
\n
\n
\n
\n

aggregates

\n
\n

[object]

\n

An array of available aggregates.

\n
\n
\n
\n
\n
\n

agg_type

\n
\n

string

\n

The aggregate type.

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field.

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

double

\n

The value for a given field.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

pagination

\n
\n

object

\n

The metadata for the current pagination.

\n
\n
\n
\n
\n
\n

next_record_id

\n
\n

string

\n

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the next_record_id.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get usage summary by tag(s).

\n
\n
\n
\n
\n
\n

month

\n
\n

date-time

\n

Datetime in ISO-8601 format, UTC, precise to month: [YYYY-MM].

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The name of the organization.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the Datadog instance that the organization belongs to.

\n
\n \n
\n
\n
\n
\n
\n

tag_config_source

\n
\n

string

\n

The source of the usage attribution tag configuration and the selected tags in the format <source_org_name>:::<selected tag 1>///<selected tag 2>///<selected tag 3>.

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

object

\n

Tag keys and values.

\n

A null value here means that the requested tag breakdown cannot be applied because it does not match the tags\nconfigured for usage attribution.\nIn this scenario the API returns the total usage, not broken down by tags.

\n
\n
\n
\n
\n
\n

<any-key>

\n
\n

[string]

\n

A list of values that are associated with each tag key.

\n
    \n
  • An empty list means the resource use wasn't tagged with the respective tag.
    • \n
  • Multiple values means the respective tag was applied multiple times on the resource.
    • \n
  • An <empty> value means the resource was tagged with the respective tag but did not have a value.
    • \n
\n
\n \n
\n
\n
\n
\n
\n
\n
\n

updated_at

\n
\n

date-time

\n

Datetime of the most recent update to the usage values.

\n
\n \n
\n
\n
\n
\n
\n

values

\n
\n

object

\n

Fields in Usage Summary by tag(s).

\n
\n
\n
\n
\n
\n

api_percentage

\n
\n

double

\n

The percentage of synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

api_usage

\n
\n

double

\n

The synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_percentage

\n
\n

double

\n

The percentage of APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_usage

\n
\n

double

\n

The APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_percentage

\n
\n

double

\n

The percentage of APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_usage

\n
\n

double

\n

The APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_percentage

\n
\n

double

\n

The percentage of APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_usage

\n
\n

double

\n

The APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_usage

\n
\n

double

\n

The Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_usage

\n
\n

double

\n

The Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_usage

\n
\n

double

\n

The Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_percentage

\n
\n

double

\n

The percentage of synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_usage

\n
\n

double

\n

The synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_usage

\n
\n

double

\n

The total CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_usage

\n
\n

double

\n

The total CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_percentage

\n
\n

double

\n

The percentage of Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_usage

\n
\n

double

\n

The Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_percentage

\n
\n

double

\n

The percentage of Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_usage

\n
\n

double

\n

The Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_percentage

\n
\n

double

\n

The percentage of Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_usage

\n
\n

double

\n

The Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_percentage

\n
\n

double

\n

The percentage of container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_usage

\n
\n

double

\n

The container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_percentage

\n
\n

double

\n

The percentage of container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_usage

\n
\n

double

\n

The container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_percentage

\n
\n

double

\n

The percentage of Cloud Security Management Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_usage

\n
\n

double

\n

The Cloud Security Management Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Security Management Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_usage

\n
\n

double

\n

The Cloud Security Management Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_percentage

\n
\n

double

\n

The percentage of Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_usage

\n
\n

double

\n

The total Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_percentage

\n
\n

double

\n

The percentage of ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_usage

\n
\n

double

\n

The ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_percentage

\n
\n

double

\n

The percentage of indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_usage

\n
\n

double

\n

The indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_usage

\n
\n

double

\n

The Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_usage

\n
\n

double

\n

The Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_usage

\n
\n

double

\n

The Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_usage

\n
\n

double

\n

The Data Jobs Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_stream_monitoring_usage

\n
\n

double

\n

The Data Stream Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_percentage

\n
\n

double

\n

The percentage of Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_usage

\n
\n

double

\n

The Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_percentage

\n
\n

double

\n

The percentage of Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_usage

\n
\n

double

\n

The Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_percentage

\n
\n

double

\n

The percentage of error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_usage

\n
\n

double

\n

The error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_percentage

\n
\n

double

\n

The percentage of estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_usage

\n
\n

double

\n

The estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_percentage

\n
\n

double

\n

The percentage of estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_usage

\n
\n

double

\n

The estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

fargate_percentage

\n
\n

double

\n

The percentage of Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

fargate_usage

\n
\n

double

\n

The Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

functions_percentage

\n
\n

double

\n

The percentage of Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

functions_usage

\n
\n

double

\n

The Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_percentage

\n
\n

double

\n

The percentage of Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_usage

\n
\n

double

\n

The Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_percentage

\n
\n

double

\n

The percentage of APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_usage

\n
\n

double

\n

The total APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_percentage

\n
\n

double

\n

The percentage of infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_usage

\n
\n

double

\n

The infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_percentage

\n
\n

double

\n

The percentage of Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_usage

\n
\n

double

\n

The total Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_percentage

\n
\n

double

\n

The percentage of APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_usage

\n
\n

double

\n

The total APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_percentage

\n
\n

double

\n

The percentage of Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_usage

\n
\n

double

\n

The Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_percentage

\n
\n

double

\n

The percentage of Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_usage

\n
\n

double

\n

The Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_usage

\n
\n

double

\n

The total Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_usage

\n
\n

double

\n

The total Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_usage

\n
\n

double

\n

The total Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_usage

\n
\n

double

\n

The total Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_usage

\n
\n

double

\n

The total Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_usage

\n
\n

double

\n

The total Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_usage

\n
\n

double

\n

The total Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_usage

\n
\n

double

\n

The total Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_usage

\n
\n

double

\n

The total Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_usage

\n
\n

double

\n

The total Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_percentage

\n
\n

double

\n

The percentage of Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_usage

\n
\n

double

\n

The total Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_percentage

\n
\n

double

\n

The percentage of Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_usage

\n
\n

double

\n

The Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_percentage

\n
\n

double

\n

The percentage of Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_usage

\n
\n

double

\n

The Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_percentage

\n
\n

double

\n

The percentage of network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_usage

\n
\n

double

\n

The network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_percentage

\n
\n

double

\n

The percentage of observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_usage

\n
\n

double

\n

The observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_percentage

\n
\n

double

\n

The percentage of observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_usage

\n
\n

double

\n

The observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_percentage

\n
\n

double

\n

The percentage of online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_usage

\n
\n

double

\n

The online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_percentage

\n
\n

double

\n

The percentage of profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_usage

\n
\n

double

\n

The profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_percentage

\n
\n

double

\n

The percentage of profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_usage

\n
\n

double

\n

The profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_percentage

\n
\n

double

\n

The percentage of profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_usage

\n
\n

double

\n

The profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_percentage

\n
\n

double

\n

The percentage of RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_usage

\n
\n

double

\n

The total RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_percentage

\n
\n

double

\n

The percentage of RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_usage

\n
\n

double

\n

The total RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_percentage

\n
\n

double

\n

The percentage of Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_usage

\n
\n

double

\n

The total Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_percentage

\n
\n

double

\n

The percentage of Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_usage

\n
\n

double

\n

The total Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_percentage

\n
\n

double

\n

The percentage of Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_usage

\n
\n

double

\n

The total Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_percentage

\n
\n

double

\n

The percentage of log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_usage

\n
\n

double

\n

The log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_percentage

\n
\n

double

\n

The percentage of SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_usage

\n
\n

double

\n

The total SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_percentage

\n
\n

double

\n

The percentage of network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_usage

\n
\n

double

\n

The network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_percentage

\n
\n

double

\n

The percentage of universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_usage

\n
\n

double

\n

The universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_percentage

\n
\n

double

\n

The percentage of Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_usage

\n
\n

double

\n

The Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_percentage

\n
\n

double

\n

The percentage of workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage

\n
\n

double

\n

The total workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

metadata

\n
\n

object

\n

The object containing document metadata.

\n
\n
\n
\n
\n
\n

aggregates

\n
\n

[object]

\n

An array of available aggregates.

\n
\n
\n
\n
\n
\n

agg_type

\n
\n

string

\n

The aggregate type.

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field.

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

double

\n

The value for a given field.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

pagination

\n
\n

object

\n

The metadata for the current pagination.

\n
\n
\n
\n
\n
\n

next_record_id

\n
\n

string

\n

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the next_record_id.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get usage summary by tag(s).

\n
\n
\n
\n
\n
\n

month

\n
\n

date-time

\n

Datetime in ISO-8601 format, UTC, precise to month: [YYYY-MM].

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The name of the organization.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the Datadog instance that the organization belongs to.

\n
\n \n
\n
\n
\n
\n
\n

tag_config_source

\n
\n

string

\n

The source of the usage attribution tag configuration and the selected tags in the format <source_org_name>:::<selected tag 1>///<selected tag 2>///<selected tag 3>.

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

object

\n

Tag keys and values.

\n

A null value here means that the requested tag breakdown cannot be applied because it does not match the tags\nconfigured for usage attribution.\nIn this scenario the API returns the total usage, not broken down by tags.

\n
\n
\n
\n
\n
\n

<any-key>

\n
\n

[string]

\n

A list of values that are associated with each tag key.

\n
    \n
  • An empty list means the resource use wasn't tagged with the respective tag.
    • \n
  • Multiple values means the respective tag was applied multiple times on the resource.
    • \n
  • An <empty> value means the resource was tagged with the respective tag but did not have a value.
    • \n
\n
\n \n
\n
\n
\n
\n
\n
\n
\n

updated_at

\n
\n

date-time

\n

Datetime of the most recent update to the usage values.

\n
\n \n
\n
\n
\n
\n
\n

values

\n
\n

object

\n

Fields in Usage Summary by tag(s).

\n
\n
\n
\n
\n
\n

api_percentage

\n
\n

double

\n

The percentage of synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

api_usage

\n
\n

double

\n

The synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_percentage

\n
\n

double

\n

The percentage of APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_usage

\n
\n

double

\n

The APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_percentage

\n
\n

double

\n

The percentage of APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_usage

\n
\n

double

\n

The APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_percentage

\n
\n

double

\n

The percentage of APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_usage

\n
\n

double

\n

The APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_usage

\n
\n

double

\n

The Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_usage

\n
\n

double

\n

The Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_usage

\n
\n

double

\n

The Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_percentage

\n
\n

double

\n

The percentage of synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_usage

\n
\n

double

\n

The synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_usage

\n
\n

double

\n

The total CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_usage

\n
\n

double

\n

The total CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_percentage

\n
\n

double

\n

The percentage of Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_usage

\n
\n

double

\n

The Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_percentage

\n
\n

double

\n

The percentage of Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_usage

\n
\n

double

\n

The Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_percentage

\n
\n

double

\n

The percentage of Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_usage

\n
\n

double

\n

The Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_percentage

\n
\n

double

\n

The percentage of container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_usage

\n
\n

double

\n

The container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_percentage

\n
\n

double

\n

The percentage of container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_usage

\n
\n

double

\n

The container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_percentage

\n
\n

double

\n

The percentage of Workload Protection Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_usage

\n
\n

double

\n

The Workload Protection Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_percentage

\n
\n

double

\n

The percentage of Workload Protection Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_usage

\n
\n

double

\n

The Workload Protection Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_percentage

\n
\n

double

\n

The percentage of Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_usage

\n
\n

double

\n

The total Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_percentage

\n
\n

double

\n

The percentage of ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_usage

\n
\n

double

\n

The ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_percentage

\n
\n

double

\n

The percentage of indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_usage

\n
\n

double

\n

The indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_usage

\n
\n

double

\n

The Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_usage

\n
\n

double

\n

The Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_usage

\n
\n

double

\n

The Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_usage

\n
\n

double

\n

The Data Jobs Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_stream_monitoring_usage

\n
\n

double

\n

The Data Stream Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_percentage

\n
\n

double

\n

The percentage of Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_usage

\n
\n

double

\n

The Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_percentage

\n
\n

double

\n

The percentage of Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_usage

\n
\n

double

\n

The Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_percentage

\n
\n

double

\n

The percentage of error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_usage

\n
\n

double

\n

The error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_percentage

\n
\n

double

\n

The percentage of estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_usage

\n
\n

double

\n

The estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_percentage

\n
\n

double

\n

The percentage of estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_usage

\n
\n

double

\n

The estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

fargate_percentage

\n
\n

double

\n

The percentage of Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

fargate_usage

\n
\n

double

\n

The Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

functions_percentage

\n
\n

double

\n

The percentage of Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

functions_usage

\n
\n

double

\n

The Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_percentage

\n
\n

double

\n

The percentage of Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_usage

\n
\n

double

\n

The Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_percentage

\n
\n

double

\n

The percentage of APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_usage

\n
\n

double

\n

The total APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_percentage

\n
\n

double

\n

The percentage of infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_usage

\n
\n

double

\n

The infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_percentage

\n
\n

double

\n

The percentage of Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_usage

\n
\n

double

\n

The total Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_percentage

\n
\n

double

\n

The percentage of APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_usage

\n
\n

double

\n

The total APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_percentage

\n
\n

double

\n

The percentage of Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_usage

\n
\n

double

\n

The Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_percentage

\n
\n

double

\n

The percentage of Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_usage

\n
\n

double

\n

The Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_usage

\n
\n

double

\n

The total Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_usage

\n
\n

double

\n

The total Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_usage

\n
\n

double

\n

The total Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_usage

\n
\n

double

\n

The total Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_usage

\n
\n

double

\n

The total Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_usage

\n
\n

double

\n

The total Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_usage

\n
\n

double

\n

The total Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_usage

\n
\n

double

\n

The total Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_usage

\n
\n

double

\n

The total Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_usage

\n
\n

double

\n

The total Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_percentage

\n
\n

double

\n

The percentage of Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_usage

\n
\n

double

\n

The total Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_percentage

\n
\n

double

\n

The percentage of Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_usage

\n
\n

double

\n

The Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_percentage

\n
\n

double

\n

The percentage of Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_usage

\n
\n

double

\n

The Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_percentage

\n
\n

double

\n

The percentage of network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_usage

\n
\n

double

\n

The network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_percentage

\n
\n

double

\n

The percentage of observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_usage

\n
\n

double

\n

The observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_percentage

\n
\n

double

\n

The percentage of observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_usage

\n
\n

double

\n

The observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_percentage

\n
\n

double

\n

The percentage of online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_usage

\n
\n

double

\n

The online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_percentage

\n
\n

double

\n

The percentage of profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_usage

\n
\n

double

\n

The profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_percentage

\n
\n

double

\n

The percentage of profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_usage

\n
\n

double

\n

The profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_percentage

\n
\n

double

\n

The percentage of profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_usage

\n
\n

double

\n

The profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_percentage

\n
\n

double

\n

The percentage of RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_usage

\n
\n

double

\n

The total RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_percentage

\n
\n

double

\n

The percentage of RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_usage

\n
\n

double

\n

The total RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_percentage

\n
\n

double

\n

The percentage of Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_usage

\n
\n

double

\n

The total Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_percentage

\n
\n

double

\n

The percentage of Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_usage

\n
\n

double

\n

The total Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_percentage

\n
\n

double

\n

The percentage of Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_usage

\n
\n

double

\n

The total Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_percentage

\n
\n

double

\n

The percentage of log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_usage

\n
\n

double

\n

The log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_percentage

\n
\n

double

\n

The percentage of SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_usage

\n
\n

double

\n

The total SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_percentage

\n
\n

double

\n

The percentage of network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_usage

\n
\n

double

\n

The network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_percentage

\n
\n

double

\n

The percentage of universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_usage

\n
\n

double

\n

The universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_percentage

\n
\n

double

\n

The percentage of Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_usage

\n
\n

double

\n

The Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_percentage

\n
\n

double

\n

The percentage of workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage

\n
\n

double

\n

The total workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n
" }, "403": { "json": { @@ -3032,7 +3032,7 @@ "vuln_management_host_count_top99p_sum": "integer", "workflow_executions_usage_agg_sum": "integer" }, - "html": "
\n
\n
\n
\n

agent_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current month all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_agg_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm_sum

\n
\n

int64

\n

Shows the total number of organizations that had Audit Trail enabled over a specific number of months.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks_sum

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for AWS.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for Azure.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for GCP.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for all cloud providers.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg_sum

\n
\n

int64

\n

Shows the average of the containers without the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg_sum

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of Cloud Security Management Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_sum

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_sum

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_sum

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_agg_sum

\n
\n

int64

\n

Shows the sum of Data Jobs Monitoring hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring Normalized Queries over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

end_date

\n
\n

date-time

\n

Shows the last date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg_sum

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg_sum

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all logs forwarding bytes over all hours in the current month for all organizations (data available as of April 1, 2023)

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm_sum

\n
\n

int64

\n

Shows sum of the high-water marks of incident management monthly active users in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current month of all organizations.

\n
\n \n
\n
\n
\n
\n
\n

last_updated

\n
\n

date-time

\n

Shows the most recent hour in the current month for all organizations for which all usages were calculated.

\n
\n \n
\n
\n
\n
\n
\n

live_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all live logs indexed over all hours in the current month for all organization (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

live_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all live logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

logs_by_retention

\n
\n

object

\n

Object containing logs usage data broken down by retention period.

\n
\n
\n
\n
\n
\n

orgs

\n
\n

object

\n

Indexed logs usage summary for each organization for each retention period with usage.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage summary for each organization.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the organization.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Aggregated index logs usage for each retention period with usage.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

usage_by_month

\n
\n

object

\n

Object containing a summary of indexed logs usage by retention period for a single month.

\n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The month for the usage.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the month.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_agg_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_agg_sum

\n
\n

int64

\n

Shows the sum of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_agg_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_container_agent_count_avg

\n
\n

int64

\n

Shows the average number of profiled containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all rehydrated logs indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all rehydrated logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure and Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_agg_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

start_date

\n
\n

date-time

\n

Shows the first date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_agg_sum

\n
\n

int64

\n

Shows the sum of Synthetic mobile application tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of used synthetics parallel testing slots over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

An array of objects regarding hourly usage.

\n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of audit logs lines indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows the number of organizations that had Audit Trail enabled in the current date.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Cloud Security Management Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The date for the usage.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_count_avg

\n
\n

int64

\n

Shows the average of all normalized Database Monitoring queries over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

Shows the high-watermark of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all log events indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

orgs

\n
\n

[object]

\n

Organizations associated with a user.

\n
\n
\n
\n
\n
\n

account_name

\n
\n

string

\n

The account name.

\n
\n \n
\n
\n
\n
\n
\n

account_public_id

\n
\n

string

\n

The account public id.

\n
\n \n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows whether Audit Trail is enabled for the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for the given organization.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Cloud Security Management Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_avg

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_avg

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring normalized queries over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

The average task count for Fargate.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the high-water mark of all Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The organization id.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public id.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the organization.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy Sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all universal service management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

vsphere_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_agg_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current month for all organizations.

\n
\n \n
\n
" + "html": "
\n
\n
\n
\n

agent_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current month all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_agg_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm_sum

\n
\n

int64

\n

Shows the total number of organizations that had Audit Trail enabled over a specific number of months.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks_sum

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for AWS.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for Azure.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for GCP.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for all cloud providers.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg_sum

\n
\n

int64

\n

Shows the average of the containers without the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg_sum

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of Workload Protection Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_sum

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_sum

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_sum

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_agg_sum

\n
\n

int64

\n

Shows the sum of Data Jobs Monitoring hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring Normalized Queries over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

end_date

\n
\n

date-time

\n

Shows the last date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg_sum

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg_sum

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all logs forwarding bytes over all hours in the current month for all organizations (data available as of April 1, 2023)

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm_sum

\n
\n

int64

\n

Shows sum of the high-water marks of incident management monthly active users in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current month of all organizations.

\n
\n \n
\n
\n
\n
\n
\n

last_updated

\n
\n

date-time

\n

Shows the most recent hour in the current month for all organizations for which all usages were calculated.

\n
\n \n
\n
\n
\n
\n
\n

live_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all live logs indexed over all hours in the current month for all organization (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

live_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all live logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

logs_by_retention

\n
\n

object

\n

Object containing logs usage data broken down by retention period.

\n
\n
\n
\n
\n
\n

orgs

\n
\n

object

\n

Indexed logs usage summary for each organization for each retention period with usage.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage summary for each organization.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the organization.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Aggregated index logs usage for each retention period with usage.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

usage_by_month

\n
\n

object

\n

Object containing a summary of indexed logs usage by retention period for a single month.

\n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The month for the usage.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the month.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_agg_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_agg_sum

\n
\n

int64

\n

Shows the sum of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_agg_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_container_agent_count_avg

\n
\n

int64

\n

Shows the average number of profiled containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all rehydrated logs indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all rehydrated logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure and Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_agg_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

start_date

\n
\n

date-time

\n

Shows the first date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_agg_sum

\n
\n

int64

\n

Shows the sum of Synthetic mobile application tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of used synthetics parallel testing slots over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

An array of objects regarding hourly usage.

\n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of audit logs lines indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows the number of organizations that had Audit Trail enabled in the current date.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Workload Protection Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The date for the usage.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_count_avg

\n
\n

int64

\n

Shows the average of all normalized Database Monitoring queries over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

Shows the high-watermark of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all log events indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

orgs

\n
\n

[object]

\n

Organizations associated with a user.

\n
\n
\n
\n
\n
\n

account_name

\n
\n

string

\n

The account name.

\n
\n \n
\n
\n
\n
\n
\n

account_public_id

\n
\n

string

\n

The account public id.

\n
\n \n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows whether Audit Trail is enabled for the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for the given organization.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Workload Protection Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_avg

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_avg

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring normalized queries over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

The average task count for Fargate.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the high-water mark of all Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The organization id.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public id.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the organization.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy Sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all universal service management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

vsphere_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_agg_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current month for all organizations.

\n
\n \n
\n
" }, "400": { "json": { diff --git a/content/en/containers/kubernetes/installation.md b/content/en/containers/kubernetes/installation.md index 3faaf564f6c99..fee0fcd488abf 100644 --- a/content/en/containers/kubernetes/installation.md +++ b/content/en/containers/kubernetes/installation.md @@ -293,7 +293,7 @@ helm uninstall datadog-agent ### Monitor your infrastructure in Datadog Use the [Containers][13] page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see [Containers View][14]. -Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security Management][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. +Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Workload Protection][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. The [Kubernetes][21] section features an overview of all your Kubernetes resources. [Orchestrator Explorer][22] allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The [Resource Utilization][23] page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see [Orchestrator Explorer][24] and [Kubernetes Resource Utilization][25]. diff --git a/content/en/data_security/_index.md b/content/en/data_security/_index.md index bb276d720c66f..02af251eedc97 100644 --- a/content/en/data_security/_index.md +++ b/content/en/data_security/_index.md @@ -86,7 +86,7 @@ The Datadog tracing libraries are used to instrument your applications, services - Application Performance Monitoring (APM) - Continuous Profiler - CI Visibility -- Application Security Management +- App & API Protection For detailed information about how tracing-library sourced data is managed, default basic security settings, and custom obfuscating, scrubbing, excluding, and modifying of trace-related elements, read [Configuring Agent and Tracer for trace data security][18]. diff --git a/content/en/developers/guide/data-collection-resolution-retention.md b/content/en/developers/guide/data-collection-resolution-retention.md index a340ed0b8feef..889b1c1754162 100644 --- a/content/en/developers/guide/data-collection-resolution-retention.md +++ b/content/en/developers/guide/data-collection-resolution-retention.md @@ -30,8 +30,8 @@ Find below a summary of Datadog data [collection][1], [resolution][2], and reten | Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | 15 months | | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | 15 months | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | 15 months | -| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | -| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 ms | 15 months | +| Workload Protection | Findings | Datadog Workload Protection Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | +| CSM Threats | Signals | Datadog Workload Protection Threats | Real time | 1 ms | 15 months | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | 15 months | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | 15 days | | DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | 15 months | diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index 2fca7185e5b99..e175fce555f8c 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -120,8 +120,8 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/synthetics" >}}Synthetic Monitoring: Start testing and monitoring your API endpoints and key business journeys with Synthetic tests.{{< /nextlink >}} {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} -{{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} -{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security Management: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} +{{< nextlink href="/getting_started/application_security" >}}App & API Protection: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} +{{< nextlink href="/getting_started/cloud_security_management" >}}Workload Protection: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} {{< nextlink href="/getting_started/ci_visibility" >}}CI Visibility: Collect CI pipeline data by setting up integrations with your CI providers.{{< /nextlink >}} diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index d6b5339508aab..391f8474ee0a9 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -6,7 +6,7 @@ This guide introduces the Infrastructure Monitoring DevSecOps bundles, with link ## Infrastructure DevSecOps -The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security Management (CSM)][3]. +The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Workload Protection][3]. {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} @@ -23,7 +23,7 @@ To get started with Infrastructure DevSecOps Pro, [install and configure the Dat After you install the Agent, configure CSM Pro for your environment. -- [Cloud Security Management Pro][6] +- [Workload Protection Pro][6] ### Next steps @@ -34,7 +34,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: - [Host and Container Maps][9]: Visualize your hosts and containers - [Live Containers][10]: Gain real-time visibility into all containers across your environment - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless applications -- [Cloud Security Management][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Workload Protection][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ @@ -64,7 +64,7 @@ To get started with Infrastructure DevSecOps Enterprise, [install and configure After you install the Agent, configure CSM Enterprise for your environment. -- [Cloud Security Management Enterprise][8] +- [Workload Protection Enterprise][8] ### Next steps @@ -78,7 +78,7 @@ Learn more about the features included with Infrastructure DevSecOps Enterprise: - [Live Processes][14]: Gain real-time visibility into the process running on your infrastructure - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless - [Watchdog][15]: Automatically detect potential application and infrastructure issues -- [Cloud Security Management][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Workload Protection][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ diff --git a/content/en/getting_started/integrations/aws.md b/content/en/getting_started/integrations/aws.md index 9dfdb5f22c452..252ac34242ec7 100644 --- a/content/en/getting_started/integrations/aws.md +++ b/content/en/getting_started/integrations/aws.md @@ -114,7 +114,7 @@ Before getting started, ensure you have the following prerequisites: a. Select the AWS regions to integrate with. b. Add your Datadog [API key][9]. c. Optionally, send logs and other data to Datadog with the [Datadog Forwarder Lambda][1]. - d. Optionally, enable [Cloud Security Management Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + d. Optionally, enable [Workload Protection Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. 5. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack. All the parameters are filled in based on your selections in the prior Datadog form, so you do not need to edit those unless desired. **Note:** The `DatadogAppKey` parameter enables the CloudFormation stack to make API calls to Datadog to add and edit the Datadog configuration for this AWS account. The key is automatically generated and tied to your Datadog account. @@ -208,7 +208,7 @@ Additionally, you can use [Watchdog][49], an algorithmic feature for APM perform Review [Getting Started with Cloud SIEM][50] to evaluate your logs against the out-of-the-box [Log Detection Rules][51]. These rules are customizable, and when threats are detected, they generate security signals which can be accessed on the [Security Signals Explorer][52]. To ensure that the correct team is notified, use [Notification Rules][53] to configure notification preferences across multiple rules. -#### Cloud Security Management Misconfigurations +#### Workload Protection Misconfigurations Use the [Setting Up CSM Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index 967240d379d7e..8a642b0c60166 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -272,10 +272,10 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo {{< img src="integrations/google_cloud_platform/security_findings.png" alt="The security findings tab in the Google Cloud integration tile" style="width:90%;" >}} -### Cloud Security Management +### Workload Protection -Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. -Check out the [Setting up Cloud Security Management guide][49] to get started. +Datadog Workload Protection delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. +Check out the [Setting up Workload Protection guide][49] to get started. After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. diff --git a/content/en/getting_started/security/_index.md b/content/en/getting_started/security/_index.md index 72ea4a0d562e4..e87ee3cec4aa7 100644 --- a/content/en/getting_started/security/_index.md +++ b/content/en/getting_started/security/_index.md @@ -4,7 +4,7 @@ title: Getting Started with Security {{< whatsnext desc=" " >}} {{< nextlink href="getting_started/security/application_security" tag="documentation" >}}Getting Started with Application Security{{< /nextlink >}} - {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Workload Protection{{< /nextlink >}} {{< nextlink href="getting_started/security/cloud_siem" tag="documentation" >}}Getting Started with Cloud SIEM{{< /nextlink >}} {{< nextlink href="getting_started/code_security" tag="documentation" >}}Getting Started with Code Security{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/getting_started/security/application_security.md b/content/en/getting_started/security/application_security.md index 4930ded86c752..668e4b404b99d 100644 --- a/content/en/getting_started/security/application_security.md +++ b/content/en/getting_started/security/application_security.md @@ -1,5 +1,5 @@ --- -title: Getting Started with Application Security Management +title: Getting Started with App & API Protection aliases: - /security/security_monitoring/getting_started/ - /getting_started/application_security @@ -9,7 +9,7 @@ further_reading: text: "Application Security terms and concepts" - link: "/security/application_security/how-appsec-works" tag: "Documentation" - text: "How Application Security Management works" + text: "How App & API Protection works" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -20,7 +20,7 @@ further_reading: ## Overview -Datadog Application Security Management (ASM) helps secure your web applications and APIs in production. +Datadog App & API Protection (AAP) helps secure your web applications and APIs in production. - With threat detection, Datadog provides real-time protection against attacks and attackers targeting code-level vulnerabilities. - With [Code Security][28], Datadog detects code and library vulnerabilities in your repositories and your running services, providing end-to-end visibility from development to production. diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 6a141f0d53b39..52a78f767aaad 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -1,11 +1,11 @@ --- -title: Getting Started with Cloud Security Management +title: Getting Started with Workload Protection aliases: - /getting_started/cloud_security_management further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Cloud Security Management" + text: "Workload Protection" - link: "/infrastructure/resource_catalog/schema/" tag: "Documentation" text: "Cloud Resources Schema Reference" @@ -20,10 +20,10 @@ further_reading: text: "How we detect and notify users about leaked Datadog credentials" - link: "https://www.datadoghq.com/blog/security-posture-csm/" tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" + text: "Report on changes to your security posture with Workload Protection" - link: "https://www.datadoghq.com/blog/agentless-scanning/" tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" + text: "Detect vulnerabilities in minutes with Agentless Scanning for Workload Protection" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -34,7 +34,7 @@ further_reading: ## Overview -[Datadog Cloud Security Management][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +[Datadog Workload Protection][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. diff --git a/content/en/glossary/terms/resource.md b/content/en/glossary/terms/resource.md index e18414965a8c0..606c0a1016821 100644 --- a/content/en/glossary/terms/resource.md +++ b/content/en/glossary/terms/resource.md @@ -6,4 +6,4 @@ core_product: --- 1. In APM, a resource is a particular domain of an application, typically an instrumented web endpoint, database query, or background job. 2. In RUM, a resource is a type of event. A resource event is generated for images, XHR, Fetch, CSS, or JS libraries loaded on a page. -3. In Cloud Security Management Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file +3. In Workload Protection Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file diff --git a/content/en/glossary/terms/security_posture_score.md b/content/en/glossary/terms/security_posture_score.md index 0ea060ace1d06..114a845e37ec2 100644 --- a/content/en/glossary/terms/security_posture_score.md +++ b/content/en/glossary/terms/security_posture_score.md @@ -10,7 +10,7 @@ core_product: {{< jqmath-vanilla >}} -Available for [Cloud Security Management Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. +Available for [Workload Protection Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. **Formula**: diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index 334b251b2f817..3af7c01f164fd 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -6,18 +6,18 @@ further_reading: text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" - link: "/security/cloud_security_management/vulnerabilities" tag: "Documentation" - text: "Cloud Security Management Vulnerabilities" + text: "Workload Protection Vulnerabilities" - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" text: "Enable SBOM collection in CSM Vulnerabilities" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities/" tag: "Documentation" - text: "Troubleshooting Cloud Security Management Vulnerabilities" + text: "Troubleshooting Workload Protection Vulnerabilities" --- ## Overview -The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security Management][2] (CSM) to help you streamline your security efforts. +The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Workload Protection][2] (CSM) to help you streamline your security efforts. {{< img src="security/vulnerabilities/container_images.png" alt="The container images view highlighting vulnerabilities and container column sort feature" width="100%">}} @@ -35,7 +35,7 @@ To enable live container collection, see the [containers][3] documentation. It p ### Image collection -Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security Management][8] (CSM) vulnerabilities. +Datadog collects container image metadata to provide enhanced debugging context for related containers and [Workload Protection][8] (CSM) vulnerabilities. #### Enable container image collection diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 0d59b14b7922d..842b749b4f07a 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -8,10 +8,10 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Cloud Security Management Misconfigurations" + text: "Workload Protection Misconfigurations" - link: "/security/threats/" tag: "Documentation" - text: "Cloud Security Management Threats" + text: "Workload Protection Threats" - link: "https://www.datadoghq.com/blog/datadog-resource-catalog/" tag: "Blog" text: "Govern your infrastructure resources with the Datadog Resource Catalog" @@ -54,13 +54,13 @@ Resource Catalog leverages Datadog cloud integrations and the Datadog Agent to g ## Setup -By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security Management][1] for each cloud account. +By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Workload Protection][1] for each cloud account. {{< img src="/infrastructure/resource_catalog/resource-catalog-doc-img-2.png" alt="The Resource Catalog configuration page for extending resource collection" width="100%">}} **Note**: - Extending resource collection does _not_ incur additional costs. The Resource Catalog is a free product for Infrastructure Monitoring customers. -- Enabling Cloud Security Management automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. +- Enabling Workload Protection automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. ## Browse the Resource Catalog diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index 27fc1425d96fd..f0130a8cea2be 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -32,7 +32,7 @@ The Datadog CloudFormation StackSet performs the following steps: 1. Deploys the Datadog AWS CloudFormation Stack in every account under an AWS Organization or Organizational Unit. 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. -4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Management Misconfigurations (CSM Misconfigurations) specific use cases. +4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Workload Protection Misconfigurations (CSM Misconfigurations) specific use cases. 5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -60,7 +60,7 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - Select your Datadog APP key on Datadog AWS integration configuration page and use it in the `DatadogAppKey` parameter in the StackSet. - *Optionally:* - a. Enable [Cloud Security Management Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + a. Enable [Workload Protection Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. 3. **Configure StackSet options** diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index 463c1fb4dceb7..e11bd3ebaac4b 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -117,7 +117,7 @@ The implications of restricting access below the Monitoring Reader role are: - Partial or total loss of monitoring data - Partial or total loss of metadata in the form of tags on your resource metrics - - Partial or total loss of data for [Cloud Security Management Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] + - Partial or total loss of data for [Workload Protection Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] - Partial or total loss of Datadog-generated metrics The implications of restricting or omitting the Azure AD roles are: diff --git a/content/en/integrations/guide/azure-manual-setup.md b/content/en/integrations/guide/azure-manual-setup.md index 968ea1f3cafb5..7d62943373936 100644 --- a/content/en/integrations/guide/azure-manual-setup.md +++ b/content/en/integrations/guide/azure-manual-setup.md @@ -172,7 +172,7 @@ A form to create a new app registration is displayed: **Note**: If you've selected to monitor individual subscriptions rather than a management group, select the subscriptions to monitor from the **Subscriptions to monitor** dropdown. -13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security Management][17]. +13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Workload Protection][17]. 14. Click **Review + create**, then click **Create**. diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index f3161c2c7d145..2d9a093f2fb26 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -298,9 +298,9 @@ The Azure portal provides a read-only view of the API keys. To manage the keys, The Azure Datadog integration allows you to install the Datadog Agent on a VM or app service. If there is no default key selected, a Datadog Agent installation fails. -### Cloud Security Management Misconfigurations +### Workload Protection Misconfigurations -Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Management Misconfigurations (CSM Misconfigurations)][8]. +Select `Cloud Security Posture Management` in the left sidebar to configure [Workload Protection Misconfigurations (CSM Misconfigurations)][8]. By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. diff --git a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md index e6c3f69b790b5..033e77c6a78c5 100644 --- a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md +++ b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md @@ -380,7 +380,7 @@ The top of the sidepanel displays common client and server tags shared by the in ### Security -The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. +The **Security** tab highlights potential network threats and findings detected by [Workload Protection Threats][6] and [Workload Protection Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. ## Further Reading diff --git a/content/en/opentelemetry/compatibility.md b/content/en/opentelemetry/compatibility.md index 679b8a0b9b771..a5a17c8629883 100644 --- a/content/en/opentelemetry/compatibility.md +++ b/content/en/opentelemetry/compatibility.md @@ -46,7 +46,7 @@ The following table shows Datadog feature compatibility across different setups: | [Live Container Monitoring/Kubernetes Explorer][20] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Live Processes][16] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Universal Service Monitoring][17] (USM) | |{{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | -| [Application Security Management][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | +| [App & API Protection][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Continuous Profiler][12] | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Jobs Monitoring][13] (DJM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Streams Monitoring][15] (DSM) | {{< tooltip text="N/A" tooltip="OTel does not offer DSM functionality" >}}| | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | diff --git a/content/en/opentelemetry/instrument/api_support/_index.md b/content/en/opentelemetry/instrument/api_support/_index.md index d29280e2e9bc7..e9e41f46bddd1 100644 --- a/content/en/opentelemetry/instrument/api_support/_index.md +++ b/content/en/opentelemetry/instrument/api_support/_index.md @@ -31,7 +31,7 @@ By [instrumenting your code with OpenTelemetry APIs][2], your code: - Remains free of vendor-specific API calls. - Does not depend on Datadog tracing libraries at compile time (only runtime). -Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [Application Security Management][5], and [Live Processes][6]. +Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [App & API Protection][5], and [Live Processes][6]. To learn more, follow the link for your language: diff --git a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md index da98290ea1920..139ca240f9550 100644 --- a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md +++ b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md @@ -21,7 +21,7 @@ further_reading: OTLP Ingest in the Agent is a way to send telemetry data directly from applications instrumented with [OpenTelemetry SDKs][1] to Datadog Agent. Since versions 6.32.0 and 7.32.0, the Datadog Agent can ingest OTLP traces and [OTLP metrics][2] through gRPC or HTTP. Since versions 6.48.0 and 7.48.0, the Datadog Agent can ingest OTLP logs through gRPC or HTTP. -OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as Application Security Management, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. +OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as App & API Protection, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. {{< img src="/opentelemetry/setup/dd-agent-otlp-ingest.png" alt="Diagram: OpenTelemetry SDK sends data through OTLP protocol to a Collector with Datadog Exporter, which forwards to Datadog's platform." style="width:100%;" >}} diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 777940865836a..bbdc98bf703a0 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -87,7 +87,7 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security Management](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Workload Protection](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. ## Application Security @@ -106,13 +106,13 @@ In addition to threat detection, Datadog provides end-to-end code and library vu {{< img src="security/security_monitoring/cloud_siem_overview_2.png" alt="The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends" width="100%">}} -## Cloud Security Management +## Workload Protection -[Cloud Security Management (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. +[Workload Protection][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues" width="100%">}} To get started with Datadog Security, navigate to the [**Security** > **Setup**][9] page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform. diff --git a/content/en/security/access_control.md b/content/en/security/access_control.md index 0bc804e995a3f..483418850b3a0 100644 --- a/content/en/security/access_control.md +++ b/content/en/security/access_control.md @@ -8,7 +8,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec further_reading: diff --git a/content/en/security/account_takeover_protection.md b/content/en/security/account_takeover_protection.md index d8e072482231c..13121dab4fab8 100644 --- a/content/en/security/account_takeover_protection.md +++ b/content/en/security/account_takeover_protection.md @@ -10,10 +10,10 @@ further_reading: text: "User Monitoring and Protection" - link: "security/application_security/guide/" tag: "Documentation" - text: "Application Security Management Guides" + text: "App & API Protection Guides" --- -ASM provides account takeover (ATO) protection to detect and mitigate account takeover attacks. +AAP provides account takeover (ATO) protection to detect and mitigate account takeover attacks. ATO protection has the following benefits: @@ -54,7 +54,7 @@ Brute force ## Setting up ATO detection and prevention -ASM provides managed detections of ATO attacks. +AAP provides managed detections of ATO attacks. Effective ATO detection and prevention requires the following: @@ -95,7 +95,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Review your first detection -ASM highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. +AAP highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. {{An Account Takeover signal showing different highlighted areas of interest}} diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md index 4811cff838d5e..68318575cdd46 100644 --- a/content/en/security/application_security/_index.md +++ b/content/en/security/application_security/_index.md @@ -1,5 +1,5 @@ --- -title: Application Security Management +title: App & API Protection description: Monitor threats targeting production system, leveraging the execution context provided by distributed traces. aliases: - /security_platform/application_security @@ -10,7 +10,7 @@ aliases: further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App & API Protection Works" - link: "/security/application_security/threats/" tag: "Documentation" text: "Threat Management" @@ -19,7 +19,7 @@ further_reading: text: "Software Composition Analysis" - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/" tag: "Product Page" - text: "Datadog Application Security Management" + text: "Datadog App & API Protection" - link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" tag: "Blog" text: "Secure serverless applications with Datadog ASM" @@ -28,10 +28,10 @@ further_reading: text: "Gain visibility into risks, vulnerabilities, and attacks with APM Security View" - link: "https://www.datadoghq.com/blog/block-attackers-application-security-management-datadog/" tag: "Blog" - text: "Block attackers in your apps and APIs with Datadog Application Security Management" + text: "Block attackers in your apps and APIs with Datadog App & API Protection" - link: "https://www.datadoghq.com/blog/threat-modeling-datadog-application-security-management/" tag: "Blog" - text: "Threat modeling with Datadog Application Security Management" + text: "Threat modeling with Datadog App & API Protection" - link: "https://www.datadoghq.com/blog/aws-waf-datadog/" tag: "Blog" text: "Monitor AWS WAF activity with Datadog" @@ -46,14 +46,14 @@ algolia: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}} -Datadog Application Security Management (ASM) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. +Datadog App & API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. -ASM leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. +AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats. @@ -65,7 +65,7 @@ Until you fully remediate the potential vulnerabilities in your application code ## Understanding how application security is implemented in Datadog -If you're curious how Application Security Management is structured and how it uses tracing data to identify security problems, read [How Application Security Management Works][3]. +If you're curious how App & API Protection is structured and how it uses tracing data to identify security problems, read [How App & API Protection Works][3]. ## Configure your environment diff --git a/content/en/security/application_security/guide/_index.md b/content/en/security/application_security/guide/_index.md index 797fde0fafce7..0a7b31e2922ff 100644 --- a/content/en/security/application_security/guide/_index.md +++ b/content/en/security/application_security/guide/_index.md @@ -1,11 +1,11 @@ --- -title: Application Security Management Guides +title: App & API Protection Guides private: true disable_toc: true --- {{< whatsnext desc="Getting Started" >}} - {{< nextlink href="/getting_started/application_security/" >}}First steps with Application Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/application_security/" >}}First steps with App & API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Advanced Topics" >}} diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md index d51550b47138e..b6984c51e5810 100644 --- a/content/en/security/application_security/guide/manage_account_theft_appsec.md +++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md @@ -5,7 +5,7 @@ disable_toc: false Users are trusted entities in your systems with access to sensitive information and the ability to perform sensitive actions. Malicious actors have identified users as an opportunity to target websites and steal valuable data and resources. -Datadog Application Security Management (ASM) provides [built-in][1] detection and protection capabilities to help you manage this threat. +Datadog App & API Protection (AAP) provides [built-in][1] detection and protection capabilities to help you manage this threat. This guide describes how to use ASM to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: @@ -108,7 +108,7 @@ In the event of a **false** user (`usr.exists:false`), look for the following is ### Step 1.5: Manually instrumenting your services -ASM collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained. +AAP collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained.
For an alternative to modifying the service's code, go to Step 1.6: Remote instrumentation of your services.
@@ -124,7 +124,7 @@ To manually instrument your services, do the following: ### Step 1.6: Remote instrumentation of your services -ASM can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. +AAP can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. This approach requires that [Remote Configuration][11] is enabled and working. Verify Remote Configuration is running for this service in [Remote Configuration][12]. @@ -152,7 +152,7 @@ After setting up instrumentation for your services, ASM monitors for attack camp -ASM detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. +AAP detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. The severity of the signal is set based on the urgency of the threat: from **Low** in case of unsuccessful attacks to **Critical** in case of successful account compromises. @@ -192,7 +192,7 @@ In microservice environments, services are generally reached by internal hosts r
Before you begin: Verify that the IP addresses are properly configured, as described in Step 2.2: Validate proper data propagation.
-ASM automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. +AAP automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. You can configure automatic blocking to block IPs identified as part of an attack. This is only a partial remediation because attackers can change IPs; however, it can give you more time to implement comprehensive remediation. diff --git a/content/en/security/application_security/how-appsec-works.md b/content/en/security/application_security/how-appsec-works.md index fa548f15c8b42..ee9e486106f0f 100644 --- a/content/en/security/application_security/how-appsec-works.md +++ b/content/en/security/application_security/how-appsec-works.md @@ -11,7 +11,7 @@ further_reading: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index c22ccd1e541bb..9eed2f25d9e74 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -9,10 +9,10 @@ further_reading: text: "How Application Security Works" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" - link: "/security/application_security/threats/" tag: "Documentation" text: "Application Threat Management" @@ -1002,7 +1002,7 @@ Download the [`datadog_wrapper`][8] file from the releases and upload it to your ## Testing threat detection -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: +To see App & API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: ```sh curl -A 'dd-test-scanner-log' https://your-function-url/existing-route ``` diff --git a/content/en/security/application_security/threats/_index.md b/content/en/security/application_security/threats/_index.md index bd583c3e74349..5b1fd4d13e99f 100644 --- a/content/en/security/application_security/threats/_index.md +++ b/content/en/security/application_security/threats/_index.md @@ -16,10 +16,10 @@ further_reading: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} -Datadog's Application Security Management (ASM) Threat Management protects web applications and APIs from a wide range of security threats, including: +Datadog's App & API Protection (AAP) Threat Management protects web applications and APIs from a wide range of security threats, including: - Exploit attempts - Application abuse and fraud @@ -27,7 +27,7 @@ Datadog's Application Security Management (ASM) Threat Management protects web a Integrated into the Datadog platform, ASM Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. -ASM Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. +AAP Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. ## Use cases diff --git a/content/en/security/application_security/threats/add-user-info.md b/content/en/security/application_security/threats/add-user-info.md index 2f06fc6ee9720..a4ffa2ca7a556 100644 --- a/content/en/security/application_security/threats/add-user-info.md +++ b/content/en/security/application_security/threats/add-user-info.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" diff --git a/content/en/security/application_security/threats/attacker-explorer.md b/content/en/security/application_security/threats/attacker-explorer.md index 2d929dc0370af..830da261b7db0 100644 --- a/content/en/security/application_security/threats/attacker-explorer.md +++ b/content/en/security/application_security/threats/attacker-explorer.md @@ -11,7 +11,7 @@ This topic describes how to use **Attacker Explorer** to investigate and block F ## Overview -Datadog Application Security Management (ASM) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. +Datadog App & API Protection (AAP) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. ### Definitions diff --git a/content/en/security/application_security/threats/attacker_clustering.md b/content/en/security/application_security/threats/attacker_clustering.md index b95d6a86728db..45408fd6b7a17 100644 --- a/content/en/security/application_security/threats/attacker_clustering.md +++ b/content/en/security/application_security/threats/attacker_clustering.md @@ -22,7 +22,7 @@ further_reading: ## Overview -Attacker Clustering improves distributed attack blocking. Datadog Application Security Management (ASM) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. +Attacker Clustering improves distributed attack blocking. Datadog App & API Protection (AAP) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. Attacker clustering highlights a set of common attributes shared by a significant portion of traffic and suggests blocking based on those attributes. diff --git a/content/en/security/application_security/threats/attacker_fingerprint.md b/content/en/security/application_security/threats/attacker_fingerprint.md index 7b699545cdf7b..b32f7acc41acd 100644 --- a/content/en/security/application_security/threats/attacker_fingerprint.md +++ b/content/en/security/application_security/threats/attacker_fingerprint.md @@ -11,7 +11,7 @@ This topic describes a feature called **Datadog Attacker Fingerprint** to identi ## Overview -Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when Application Security Management (ASM) is enabled on your service. +Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when App & API Protection (AAP) is enabled on your service. Datadog Attacker fingerprints are composed of several fragments: * Endpoint Identifier diff --git a/content/en/security/application_security/threats/custom_rules.md b/content/en/security/application_security/threats/custom_rules.md index cd4848d0f2b8f..bec718bd7b8a7 100644 --- a/content/en/security/application_security/threats/custom_rules.md +++ b/content/en/security/application_security/threats/custom_rules.md @@ -6,13 +6,13 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" - link: "/security/application_security/event_rules/" tag: "Documentation" text: "Creating event rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App & API Protection issues" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" @@ -23,7 +23,7 @@ further_reading: ## Overview -Application Security Management (ASM) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. +App & API Protection (AAP) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. However, there are situations where you may want to customize a rule based on your environment or workload. For example, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. @@ -33,7 +33,7 @@ In these situations, a custom detection rule can be created to exclude such even ## Business logic abuse detection rule -ASM offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. +AAP offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. Recent Datadog Tracing Libraries attempt to detect and send user login and signup events automatically without needing to modify the code. If needed, you can [opt out of the automatic user activity event tracking][8]. diff --git a/content/en/security/application_security/threats/exploit-prevention.md b/content/en/security/application_security/threats/exploit-prevention.md index 46eefc69c6338..887c15edfaea6 100644 --- a/content/en/security/application_security/threats/exploit-prevention.md +++ b/content/en/security/application_security/threats/exploit-prevention.md @@ -4,7 +4,7 @@ disable_toc: false further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -38,19 +38,19 @@ Combine telemetry from the Datadog tracer with predefined heuristics to detect a An attacker tricks the server into making unauthorized requests to internal systems or external servers, potentially leaking information or a further exploitation. -ASM Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. +AAP Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. ### Example 2: Local file inclusion An attacker exploits a vulnerable parameter to include local files from the server, potentially exposing sensitive data like configuration files or possibly enabling remote code execution. -ASM Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. +AAP Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. ### Example 3: SQL injection An attacker injects malicious SQL code into a query, potentially gaining unauthorized access to the database, manipulating data, or executing administrative operations. -ASM Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. +AAP Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. ## Prerequisites diff --git a/content/en/security/application_security/threats/inapp_waf_rules.md b/content/en/security/application_security/threats/inapp_waf_rules.md index c7e2613748967..8e3ca17eff4d5 100644 --- a/content/en/security/application_security/threats/inapp_waf_rules.md +++ b/content/en/security/application_security/threats/inapp_waf_rules.md @@ -7,18 +7,18 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" - link: "/security/application_security/custom_rules/" tag: "Documentation" text: "Writing custom detection rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App & API Protection issues" --- ## Overview -With Application Security Management (ASM) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. +With App & API Protection (AAP) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box ASM In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. diff --git a/content/en/security/application_security/threats/library_configuration.md b/content/en/security/application_security/threats/library_configuration.md index c5901cda19814..04f983ba4e52f 100644 --- a/content/en/security/application_security/threats/library_configuration.md +++ b/content/en/security/application_security/threats/library_configuration.md @@ -7,10 +7,10 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog Application Security Management" + text: "Protect against Threats with Datadog App & API Protection" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "Out-of-the-Box Application Security Management Rules" + text: "Out-of-the-Box App & API Protection Rules" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Adding user information to traces" @@ -19,13 +19,13 @@ further_reading: text: "Troubleshooting ASM" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App & API Protection Works in Datadog" --- ## Configuring a client IP header -ASM automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. +AAP automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. ## Track authenticated bad actors diff --git a/content/en/security/application_security/threats/protection.md b/content/en/security/application_security/threats/protection.md index 401128536f8d0..6e07e9baaa0d2 100644 --- a/content/en/security/application_security/threats/protection.md +++ b/content/en/security/application_security/threats/protection.md @@ -4,14 +4,14 @@ is_beta: true further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management with Datadog" + text: "App & API Protection with Datadog" --- ## Overview If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][2], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -Application Security Management (ASM) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. +App & API Protection (AAP) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. ## Prerequisites @@ -52,7 +52,7 @@ You can use the _Passlist_ to permanently allow specific IP addresses access to ## Blocking attack attempts with In-App WAF -ASM In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. +AAP In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. Because ASM is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. ASM can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. diff --git a/content/en/security/application_security/threats/security_signals.md b/content/en/security/application_security/threats/security_signals.md index 86445e7a1b662..062eb0a1f0e52 100644 --- a/content/en/security/application_security/threats/security_signals.md +++ b/content/en/security/application_security/threats/security_signals.md @@ -14,7 +14,7 @@ further_reading: ## Overview -ASM security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. +AAP security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. {{< img src="security/application_security/threats/security_signals/appsec-threat-signals.png" alt="Overview of investigating threats in signals explorer with details side panel">}} @@ -55,7 +55,7 @@ You can triage a signal by assigning it to a user for further investigation. The - **Under Review**: The signal is actively being investigated. From the **Under Review** state, you can move the signal to **Archived** or **Open** as needed. - **Archived**: The detection that caused the signal has been resolved. From the **Archived** state, you can move the signal back to **Open** if it's within 30 days of when the signal was originally detected. -**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for Application Security Management. +**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for App & API Protection. ## Declare an incident @@ -92,7 +92,7 @@ Use [Workflow Automation][5] to manually trigger a workflow for a security signa 2. In the signal details, view each of the sections, such as **What Happened**, **Activity Summary**, and **Detection Rule**. 3. Review the **Next Steps** and take action: - Click **Block all Attacking IPs** (by specific duration or permanently). - - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the Application Security Management **Protect Write** permission. + - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the App & API Protection **Protect Write** permission. - Click **[Block with Edge WAF][11]**. ## Bulk actions diff --git a/content/en/security/application_security/threats/setup/compatibility/_index.md b/content/en/security/application_security/threats/setup/compatibility/_index.md index b115c88a059d2..ca7dcfc28ded3 100644 --- a/content/en/security/application_security/threats/setup/compatibility/_index.md +++ b/content/en/security/application_security/threats/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App & API Protection Works in Datadog" --- The following ASM capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md index 220ad98376657..38b6d19ed3a44 100644 --- a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md @@ -21,7 +21,7 @@ Please review ASM GCP Service Extensions integration version 1.71.0 [limitations ## ASM GCP Service Extensions support -ASM GCP Service Extensions is in Preview. +AAP GCP Service Extensions is in Preview.
If you would like to see support added for any of the unsupported capabilities, let us know! Fill out }} diff --git a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md index 9222a73876c0e..7853968666f0a 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md @@ -12,17 +12,17 @@ further_reading: text: "Google Cloud Service Extensions overview" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- {{< callout url="#" btn_hidden="true" header="ASM Service Extensions is in Preview" >}} To try the preview of ASM Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog Application Security Management (ASM) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (AAP) Service Extensions integration has support for threat detection and blocking. ## Prerequisites diff --git a/content/en/security/application_security/threats/setup/threat_detection/go.md b/content/en/security/application_security/threats/setup/threat_detection/go.md index 58f6db417a13a..2704103120b5c 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/go.md +++ b/content/en/security/application_security/threats/setup/threat_detection/go.md @@ -16,10 +16,10 @@ further_reading: text: 'Go Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- You can monitor application security for Go apps running in Docker, Kubernetes, and Amazon ECS. diff --git a/content/en/security/application_security/threats/setup/threat_detection/java.md b/content/en/security/application_security/threats/setup/threat_detection/java.md index 84e130f20ed3c..2e50b726dbfc0 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/java.md +++ b/content/en/security/application_security/threats/setup/threat_detection/java.md @@ -15,10 +15,10 @@ further_reading: text: 'Java Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- diff --git a/content/en/security/application_security/threats/setup/threat_detection/nginx.md b/content/en/security/application_security/threats/setup/threat_detection/nginx.md index 95d528fb98d08..9d23131abc620 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nginx.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nginx.md @@ -13,10 +13,10 @@ further_reading: text: "nginx integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- The Datadog nginx tracing module has experimental support for threat detection and blocking. diff --git a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md index 58ce761e80057..474c3f77aa4b6 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md @@ -16,10 +16,10 @@ further_reading: text: 'Node.js Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- You can monitor application security for Node.js apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -37,7 +37,7 @@ You can monitor application security for Node.js apps running in Docker, Kuberne ``` Use this [migration guide][1] to assess any breaking changes if you upgraded your library. - Application Security Management is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. + App & API Protection is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. 2. **Where you import and initialize the Node.js library for APM, also enable ASM.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: {{< tabs >}} diff --git a/content/en/security/application_security/threats/setup/threat_detection/php.md b/content/en/security/application_security/threats/setup/threat_detection/php.md index f206a039d4f11..65f4afaf2f412 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/php.md +++ b/content/en/security/application_security/threats/setup/threat_detection/php.md @@ -16,10 +16,10 @@ further_reading: text: 'PHP Datadog Tracer Library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- You can monitor application security for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS. diff --git a/content/en/security/application_security/threats/setup/threat_detection/python.md b/content/en/security/application_security/threats/setup/threat_detection/python.md index d7c6f911379ce..65eb51c0072fe 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/python.md +++ b/content/en/security/application_security/threats/setup/threat_detection/python.md @@ -16,10 +16,10 @@ further_reading: text: 'Python Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- You can monitor the security of your Python apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. diff --git a/content/en/security/application_security/threats/setup/threat_detection/ruby.md b/content/en/security/application_security/threats/setup/threat_detection/ruby.md index b19219b3089ac..e99bc0361bf26 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/ruby.md +++ b/content/en/security/application_security/threats/setup/threat_detection/ruby.md @@ -16,10 +16,10 @@ further_reading: text: 'Ruby Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App & API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" --- You can monitor application security for Ruby apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. diff --git a/content/en/security/application_security/threats/threat-intelligence.md b/content/en/security/application_security/threats/threat-intelligence.md index b5138fc4942a6..d791c9d9b1c29 100644 --- a/content/en/security/application_security/threats/threat-intelligence.md +++ b/content/en/security/application_security/threats/threat-intelligence.md @@ -6,12 +6,12 @@ further_reading: text: "Threat Intelligence at Datadog" - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" --- ## Overview -This topic describes [threat intelligence][1] for Application Security Management (ASM). +This topic describes [threat intelligence][1] for App & API Protection (AAP). Datadog provides built-in threat intelligence [datasets][1] for ASM. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. @@ -42,7 +42,7 @@ To query for all traces containing threat intelligence from any source, use the ## Bring your own threat intelligence -ASM supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. +AAP supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. ### Storing indicators of compromise in reference tables diff --git a/content/en/security/application_security/threats/trace_qualification.md b/content/en/security/application_security/threats/trace_qualification.md index 0665e01a8c895..a07e41710b3d1 100644 --- a/content/en/security/application_security/threats/trace_qualification.md +++ b/content/en/security/application_security/threats/trace_qualification.md @@ -4,15 +4,15 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App & API Protection" - link: "/security/application_security/how-appsec-works//" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App & API Protection Works" --- ## Overview -Application Security Management (ASM) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. +App & API Protection (AAP) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view the possible qualification results: @@ -20,7 +20,7 @@ Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view th ## Qualification outcomes -ASM runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: +AAP runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: | Qualification result | Description | |------|-------------| diff --git a/content/en/security/application_security/troubleshooting.md b/content/en/security/application_security/troubleshooting.md index a5e5e1c8c1be9..81f7ca2b9d982 100644 --- a/content/en/security/application_security/troubleshooting.md +++ b/content/en/security/application_security/troubleshooting.md @@ -1,24 +1,24 @@ --- -title: Troubleshooting Application Security Management +title: Troubleshooting App & API Protection aliases: - /security_platform/application_security/troubleshooting further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Monitoring Threats with Datadog Application Security Management" + text: "Monitoring Threats with Datadog App & API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App & API Protection Works in Datadog" --- ## Overview -If you experience unexpected behavior with Datadog Application Security Management (ASM), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. +If you experience unexpected behavior with Datadog App & API Protection (AAP), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. ## ASM rate limits -ASM traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. +AAP traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. ## No security traces detected by ASM @@ -34,7 +34,7 @@ You can use the metric `datadog.apm.appsec_host` to check if ASM is running. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Send a test attack to your application @@ -147,7 +147,7 @@ A few minutes after you enable your application and exercise it, and if it's suc ### Check if required tracer integrations are deactivated -ASM relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. +AAP relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. The required integrations vary by language. @@ -250,7 +250,7 @@ framework you're using, such as the Django or Flask integration. ### Check if spans are successfully transmitted to Datadog -ASM data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: +AAP data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: ``` 2021-11-29 21:19:58 CET | TRACE | INFO | (pkg/trace/info/stats.go:111 in LogStats) | [lang:.NET lang_version:5.0.10 interpreter:.NET tracer_version:1.30.1.0 endpoint_version:v0.4] -> traces received: 2, traces filtered: 0, traces amount: 1230 bytes, events extracted: 0, events sampled: 0 @@ -447,7 +447,7 @@ Debug logs are verbose but useful. If you open up a ticket with [Datadog support #### Is ASM correctly enabled? -ASM has been correctly enabled if you see logs such as: +AAP has been correctly enabled if you see logs such as: ``` D, [2021-12-14T11:03:32.167125 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib/datadog/appsec/waf.rb:296:in `block in logger=') {:level=>:ddwaf_log_info, :func=> "ddwaf_set_log_cb", :file=>"PowerWAFInterface.cpp", :message=>"Sending log messages to binding, min level trace"} @@ -498,7 +498,7 @@ D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib If you don't see those logs, check that another upstream security system is not filtering out the requests or altering them based on the test header value. #### Is the tracer sending traces with security data? -ASM data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: +AAP data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: ``` Tags: [ @@ -549,7 +549,7 @@ You can use the metric `datadog.apm.appsec_host` to check if ASM is running. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Confirm tracer versions are updated diff --git a/content/en/security/audit_trail.md b/content/en/security/audit_trail.md index 8b859045548ad..c7bb5f4608f0a 100644 --- a/content/en/security/audit_trail.md +++ b/content/en/security/audit_trail.md @@ -12,10 +12,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ To view audit logs generated by actions taken in Datadog Security, navigate to t {{% audit-trail-security-platform %}} -## Application Security Management +## App & API Protection {{% audit-trail-asm %}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 17ee25acba982..4071fbfdaa3cd 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management +title: Workload Protection aliases: - /security_platform/cloud_security_management/ further_reading: @@ -26,7 +26,7 @@ further_reading: text: "Run Atomic Red Team detection tests in container environments with Datadog's Workload Security Evaluator" - link: "https://www.datadoghq.com/blog/security-context-with-datadog-cloud-security-management/" tag: "Blog" - text: "Add security context to observability data with Datadog Cloud Security Management" + text: "Add security context to observability data with Datadog Workload Protection" - link: "https://www.datadoghq.com/blog/security-labs-ruleset-launch/" tag: "Blog" text: "Fix common cloud security risks with the Datadog Security Labs Ruleset" @@ -35,7 +35,7 @@ further_reading: text: "Best practices for application security in cloud-native environments" - link: "https://www.datadoghq.com/blog/custom-detection-rules-with-datadog-cloud-security-management/" tag: "Blog" - text: "Customize rules for detecting cloud misconfigurations with Datadog Cloud Security Management" + text: "Customize rules for detecting cloud misconfigurations with Datadog Workload Protection" - link: "https://www.datadoghq.com/blog/building-security-coverage-for-cloud-environments/" tag: "Blog" text: "Build sufficient security coverage for your cloud environment" @@ -43,11 +43,9 @@ further_reading: tag: "Blog" text: "Key learnings from the 2024 State of Cloud Security study" - link: "https://www.datadoghq.com/blog/cloud-security-malware-detection/" - tag: "Blog" - text: "Detect malware in your containers with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-posture-csm/" tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" + text: "Report on changes to your security posture with Workload Protection" - link: "https://www.datadoghq.com/blog/security-inbox-prioritization/" tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" @@ -58,14 +56,14 @@ algolia: tags: ['csm', 'cloud security management', 'inbox'] cascade: algolia: - subcategory: Cloud Security Management + subcategory: Workload Protection --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Workload Protection elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} -Datadog Cloud Security Management (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +Datadog Workload Protection delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. @@ -76,7 +74,7 @@ CSM leverages both the Datadog Agent and Agentless. It includes a variety of fea - [**Identity Risks**][8]: Provides in-depth visibility into your organization's AWS IAM, Azure, and GCP risks, and enables you to detect and resolve identity risks on an ongoing basis. - [**Vulnerabilities**][9]: Continuously detect, prioritize, and remediate exploitable vulnerabilities in your container images, host images, and hosts running in your infrastructure. -{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security Management in Datadog" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="Workload Protection in Datadog" width="100%">}} {{< partial name="security-platform/CSW-billing-note.html" >}} @@ -108,7 +106,7 @@ Use the [Resource Catalog][12] to view specific misconfigurations and threats th ## Subscribe to weekly digest reports -Receive a weekly summary of Cloud Security Management activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. +Receive a weekly summary of Workload Protection activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. ## Learn about emerging threats and vulnerabilities @@ -116,7 +114,7 @@ Use the [Security Research Feed][15] to stay current with the latest security de ## Next steps -To get started with CSM, navigate to the [**Cloud Security Management Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security Management][10]. +To get started with CSM, navigate to the [**Workload Protection Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Workload Protection][10]. ## Further reading diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 7ce4a811022a6..749b501e8da72 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Guides +title: Workload Protection Guides disable_toc: true aliases: - /security_platform/cloud_workload_security/guide/ @@ -7,9 +7,9 @@ aliases: --- -{{< whatsnext desc="Cloud Security Management (CSM) Guides" >}} - {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security Management{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Management Agent Variables{{< /nextlink >}} +{{< whatsnext desc="Workload Protection Guides" >}} + {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Workload Protection{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Workload Protection Agent Variables{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="CSM Threats Guides" >}} diff --git a/content/en/security/cloud_security_management/guide/agent_variables.md b/content/en/security/cloud_security_management/guide/agent_variables.md index 530e90e24de6d..0820929d15cb3 100644 --- a/content/en/security/cloud_security_management/guide/agent_variables.md +++ b/content/en/security/cloud_security_management/guide/agent_variables.md @@ -1,10 +1,10 @@ --- -title: Cloud Security Management Agent Variables +title: Workload Protection Agent Variables aliases: - /security/cloud_security_management/setup/agent_variables --- -The Datadog Agent has several environment variables that can be enabled for Cloud Security Management. This article describes the purpose of each environment variable. +The Datadog Agent has several environment variables that can be enabled for Workload Protection. This article describes the purpose of each environment variable. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index b20ddc8cf575e..176becef4516b 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -9,7 +9,7 @@ further_reading: text: "Agent Expression Syntax" --- -At some point, you may want to write your own [custom Cloud Security Management Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. +At some point, you may want to write your own [custom Workload Protection Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. ## Attributes diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index fd8658a2458e2..6f3eff281a555 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -152,7 +152,7 @@ runtime_security_config: Ensure you perform the following configuration requirements before deploying the Agent: 1. Customize the [Agent Installation Instructions][5] before proceeding with the installation. -2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security Management on the Agent][4]. +2. Install/update the Agent with CSM enabled. For steps, see [Setting up Workload Protection on the Agent][4]. 3. Specify additional configurations from the previous **eBPF-less agent setup** sections to install the custom version and enable eBPF-less mode. diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 3bbc335342f22..6c6cf933e76bc 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -13,7 +13,7 @@ Datadog uses a graph processing framework to map relationships between cloud res ## Resource dependency graph -The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Management Misconfigurations resource relationships graph. +The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Workload Protection Misconfigurations resource relationships graph. **Note**: Not all resources with the Publicly Accessible attribute are shown in these diagrams. diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index e74ff2f65f802..d3b0519bde039 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -3,13 +3,13 @@ title: Use Filters to Exclude Resources from Evaluation further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Workload Protection Guides - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: Setting Up Cloud Security Management + text: Setting Up Workload Protection --- -You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security Management (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. +You can use resource tags to create filters that include or exclude resources from being evaluated by Workload Protection. The filters must be specified as a comma-separated list of `key:value` pairs. **Notes**: @@ -37,7 +37,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. 2. Expand the **AWS** section. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon for the account you want to add the filter to. 4. Enter a comma-separated list of `key:value` pairs for the tags you want to allowlist or blocklist. @@ -48,7 +48,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. 2. Expand the **Azure** section. 3. Expand a subscription. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. @@ -60,7 +60,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. 2. Expand the **GCP** section. 3. Expand a project. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. diff --git a/content/en/security/cloud_security_management/guide/tuning-rules.md b/content/en/security/cloud_security_management/guide/tuning-rules.md index 46126c39cc0c0..bb28a47863278 100644 --- a/content/en/security/cloud_security_management/guide/tuning-rules.md +++ b/content/en/security/cloud_security_management/guide/tuning-rules.md @@ -7,7 +7,7 @@ aliases: ## Overview -Cloud Security Management Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. +Workload Protection Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. This guide provides considerations for best practices and steps for fine-tuning signal suppression. diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index 7b4712f38006d..e9e700e173dba 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -10,7 +10,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security Management. +Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Workload Protection.
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 84165c8f31223..c115ed95ad4d2 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -1,14 +1,14 @@ --- -title: Cloud Security Management Identity Risks +title: Workload Protection Identity Risks aliases: - /security/identity_risks/ further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Workload Protection" - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting Up Cloud Security Management" + text: "Setting Up Workload Protection" - link: "https://www.datadoghq.com/blog/datadog-ciem/" tag: "Blog" text: "Find and remediate identity risks with Datadog CIEM" @@ -26,7 +26,7 @@ further_reading: text: "Detect cross-account access risks in AWS with Datadog" --- -Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. +Workload Protection Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles.
CSM Identity Risks is available for AWS, Azure, and GCP.
@@ -48,7 +48,7 @@ Click **View Suggested Policy** to view a suggested downsized policy based on th {{< img src="security/identity_risks/downsized_policy.png" alt="Review suggestions for downsizing a policy on the Suggested downsized policy dialog" width="100%">}} -To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Management Issues][2] for more information. +To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Workload Protection Issues][2] for more information. {{< img src="security/identity_risks/side_panel_action_buttons_2.png" alt="Remediate identity risks using the action buttons on the side panel" width="100%">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 729264e474a67..09fb7e8e158a3 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Misconfigurations +title: Workload Protection Misconfigurations aliases: - /security_platform/cspm/ - /security/cspm/#glossary @@ -9,7 +9,7 @@ algolia: tags: ['cspm'] --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. +Workload Protection Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. ## Detect misconfigurations across your cloud resources @@ -19,7 +19,7 @@ View a high-level overview of your security posture on the [Overview page][1]. E CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks @@ -57,7 +57,7 @@ You can also [create a Jira issue][15] and assign it to a team, use Terraform re {{< whatsnext >}} {{< nextlink href="/security/cloud_security_management/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Workload Protection{{< /nextlink >}} {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for CSM Misconfigurations{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index 4b65a14a2046e..299b4a5f9595b 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -18,7 +18,7 @@ further_reading: text: Misconfigurations Reports --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. +Workload Protection Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 3b2db536a18b9..4db94b5ed8fbf 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -14,7 +14,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -The Cloud Security Management Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: +The Workload Protection Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: - Review the detailed configuration of a resource. - Review the compliance rules applied to your resources by CSM Misconfigurations. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index ab241bff2f753..0a5900ee7ffe6 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -17,7 +17,7 @@ further_reading: text: "Securing Datadog's cloud infrastructure: Our playbook and methodology" --- -With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security Management (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. +With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Workload Protection [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. 1. On the [CSM Compliance page][6], click **Create Framework**. 1. Enter the following details: diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index b4060bfc9e4bb..a89826bab7c43 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -11,7 +11,7 @@ further_reading: text: "Create Custom Rules" --- -Kubernetes Security Posture Management (KSPM) for Cloud Security Management (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). +Kubernetes Security Posture Management (KSPM) for Workload Protection helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). ## Setting up KSPM diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index aa25657578a03..89271fbef1f36 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -13,7 +13,7 @@ further_reading: text: "Learn about supported frameworks and industry benchmarks" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" + text: "Secure your Windows workloads with Datadog Workload Protection" ---
Due to changes in how notification rules are configured, cloud configuration and infrastructure configuration signals will be deprecated in early 2025.
diff --git a/content/en/security/cloud_security_management/review_remediate/_index.md b/content/en/security/cloud_security_management/review_remediate/_index.md index 38ebd3a1c4628..853488a8bacdb 100644 --- a/content/en/security/cloud_security_management/review_remediate/_index.md +++ b/content/en/security/cloud_security_management/review_remediate/_index.md @@ -4,7 +4,7 @@ disable_toc: true --- {{< whatsnext desc="" >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Workload Protection{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/review_remediate/workflows" >}}Automate Security Workflows with Workflow Automation{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Management Issues{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Workload Protection Issues{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index ec68565f557f1..bc5517dd195e1 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -1,9 +1,9 @@ --- -title: Create Jira Issues for Cloud Security Management Issues +title: Create Jira Issues for Workload Protection Issues further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Workload Protection Guides - link: "/integrations/jira/" tag: "Documentation" text: Datadog Jira Integration @@ -20,7 +20,7 @@ products: {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security Management (CSM) security issue. Jira for Cloud Security Management is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Workload Protection security issue. Jira for Workload Protection is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. **Notes**: - To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. diff --git a/content/en/security/cloud_security_management/review_remediate/mute_issues.md b/content/en/security/cloud_security_management/review_remediate/mute_issues.md index 71053fbafcba8..a90230b125c8d 100644 --- a/content/en/security/cloud_security_management/review_remediate/mute_issues.md +++ b/content/en/security/cloud_security_management/review_remediate/mute_issues.md @@ -1,5 +1,5 @@ --- -title: Mute Issues in Cloud Security Management +title: Mute Issues in Workload Protection further_reading: - link: "security/default_rules" tag: "Documentation" diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 701d2e6197b39..6eb74e1686531 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -3,7 +3,7 @@ title: Automate Security Workflows with Workflow Automation further_reading: - link: "/security/cloud_security_management" tag: "Documentation" - text: Cloud Security Management + text: Workload Protection - link: "/service_management/workflows/" tag: "Documentation" text: Workflow Automation @@ -29,7 +29,7 @@ products: [Datadog Workflow Automation][1] allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools. -Use Workflow Automation with [Cloud Security Management (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). +Use Workflow Automation with [Workload Protection][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). ## Understanding how triggers and sources work diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 007a3731effc9..15b40ff0d2e9e 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management +title: Setting up Workload Protection aliases: - /security_platform/cloud_workload_security/getting_started - /security/cloud_workload_security/getting_started @@ -23,12 +23,12 @@ further_reading: text: "AWS Fargate Configuration Guide for Datadog Security" - link: "/security/cloud_security_management/guide/agent_variables/" tag: "Guide" - text: "Cloud Security Management Agent Variables" + text: "Workload Protection Agent Variables" --- ## Overview -To get started with Cloud Security Management (CSM), review the following: +To get started with Workload Protection, review the following: - [Overview](#overview) - [Enable Agentless Scanning](#enable-agentless-scanning) @@ -43,13 +43,13 @@ To get started with Cloud Security Management (CSM), review the following: ## Enable Agentless Scanning -The simplest way to get started with Cloud Security Management is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. +The simplest way to get started with Workload Protection is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. -To learn more about Agentless Scanning, see [Cloud Security Management Agentless Scanning][2]. +To learn more about Agentless Scanning, see [Workload Protection Agentless Scanning][2]. ## Deploy the Agent for additional coverage -For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security Management on the Agent][3]. +For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Workload Protection on the Agent][3].
@@ -120,19 +120,19 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to ### AWS CloudTrail Logs -Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security Management][4]. +Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Workload Protection][4]. ### IaC scanning -Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security Management][10]. +Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Workload Protection][10]. ### IaC remediation -Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security Management][5]. +Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Workload Protection][5]. ### Deploy via cloud integrations -Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security Management via Cloud Integrations][7]. +Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Workload Protection via Cloud Integrations][7]. ## Disable CSM diff --git a/content/en/security/cloud_security_management/setup/agent/_index.md b/content/en/security/cloud_security_management/setup/agent/_index.md index 7841b87598b99..f06b63e3637b9 100644 --- a/content/en/security/cloud_security_management/setup/agent/_index.md +++ b/content/en/security/cloud_security_management/setup/agent/_index.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management on the Agent +title: Deploying Workload Protection on the Agent type: multi-code-lang aliases: - /security/cloud_security_management/setup/csm_cloud_workload_security/agent @@ -7,7 +7,7 @@ aliases: - /security/cloud_security_management/setup/csm_enterprise/agent --- -Use the following instructions to enable Cloud Security Management features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. +Use the following instructions to enable Workload Protection features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. {{< partial name="security-platform/CSW-billing-note.html" >}} diff --git a/content/en/security/cloud_security_management/setup/agent/docker.md b/content/en/security/cloud_security_management/setup/agent/docker.md index c7e358398cded..5c15e01f2975f 100644 --- a/content/en/security/cloud_security_management/setup/agent/docker.md +++ b/content/en/security/cloud_security_management/setup/agent/docker.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Docker +title: Setting up Workload Protection on Docker code_lang: docker type: multi-code-lang code_lang_weight: 65 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md index c6ee9a3727f65..23601c6260d8c 100644 --- a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md +++ b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on ECS EC2 +title: Setting up Workload Protection on ECS EC2 code_lang: ecs_ec2 type: multi-code-lang code_lang_weight: 70 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/kubernetes.md b/content/en/security/cloud_security_management/setup/agent/kubernetes.md index 65438f39dd801..36c64b532aaeb 100644 --- a/content/en/security/cloud_security_management/setup/agent/kubernetes.md +++ b/content/en/security/cloud_security_management/setup/agent/kubernetes.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Kubernetes +title: Setting up Workload Protection on Kubernetes code_lang: kubernetes type: multi-code-lang code_lang_weight: 60 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/linux.md b/content/en/security/cloud_security_management/setup/agent/linux.md index 0bf00bec067e2..81d020624edb8 100644 --- a/content/en/security/cloud_security_management/setup/agent/linux.md +++ b/content/en/security/cloud_security_management/setup/agent/linux.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Linux +title: Setting up Workload Protection on Linux code_lang: linux type: multi-code-lang code_lang_weight: 80 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/windows.md b/content/en/security/cloud_security_management/setup/agent/windows.md index 727b62b1826ac..23f06c6cdf245 100644 --- a/content/en/security/cloud_security_management/setup/agent/windows.md +++ b/content/en/security/cloud_security_management/setup/agent/windows.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Windows +title: Setting up Workload Protection on Windows code_lang: windows type: multi-code-lang code_lang_weight: 75 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index 930dce39c81d4..8503e101ab1d1 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -1,19 +1,19 @@ --- -title: Cloud Security Management Agentless Scanning +title: Workload Protection Agentless Scanning aliases: - /security/agentless_scanning - /security/cloud_security_management/agentless_scanning further_reading: - link: "https://www.datadoghq.com/blog/agentless-scanning/" tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" + text: "Detect vulnerabilities in minutes with Agentless Scanning for Workload Protection" - link: "/security/vulnerabilities" tag: "Documentation" text: "Read more about CSM Vulnerabilities" --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Workload Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview @@ -30,7 +30,7 @@ The following diagram illustrates how Agentless Scanning works: 1. Datadog schedules a scan and sends which resources to scan through Remote Configuration. - **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security Management enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. + **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Workload Protection enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. 2. For Lambda functions, the scanners fetch the function's code. 3. The scanner creates snapshots of volumes used in running VM instances. These snapshots serve as the basis for conducting scans. Using the snapshots, or the code, the scanner generates a list of packages. @@ -70,7 +70,7 @@ To further mitigate this risk, Datadog implements the following security measure When installed, the Datadog Agent offers real-time, deep visibility into risks and vulnerabilities that exist in your cloud workloads. It is recommended to fully install the Datadog Agent. -As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security Management offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. +As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Workload Protection offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. The following diagram illustrates how Agentless scanning works with existing Agent installations: @@ -86,7 +86,7 @@ If you have [Sensitive Data Scanner][8] enabled, you can catalog and classify se Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners][1] in your cloud environments. These scanning instances retrieve a list of all S3 buckets and RDS instances through [Remote Configuration][10], and have set instructions to scan text files—such as CSVs and JSONs—and tables in every datastore over time. Sensitive Data Scanner leverages its [entire rules library][11] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. Data stores and their files are only read in your environment—no sensitive data is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Workload Protection][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Workload Protection. ## Cloud service provider cost diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md index d46c77e3de13f..e8005ea6ff4f6 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Workload Protection Agentless Scanning" --- There are two recommended ways to deploy Agentless scanners in your environment, either using cross-account scanning, or same account scanning. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md index 09c537836d5c1..1470b59430878 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md @@ -10,14 +10,14 @@ aliases: further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Workload Protection" - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Workload Protection Agentless Scanning" --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Workload Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} Agentless Scanning provides visibility into vulnerabilities that exist within your cloud infrastructure, without requiring you to install the Datadog Agent. To learn more about Agentless Scanning's capabilities and how it works, see the [Agentless Scanning][12] docs. @@ -71,10 +71,10 @@ To enable Agentless Scanning, use one of the following workflows: ### Quick start -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. +Designed for new users, the quick start workflow offers an efficient setup process for Workload Protection, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. {{% collapse-content title="Quick start setup guide" level="h4" id="quick-start-setup" %}} -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security Management features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management. +Designed for new users, the quick start workflow offers an efficient setup process for Workload Protection, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Workload Protection features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management.
This article provides instructions for the new user quick start workflow that uses AWS CloudFormation to set up Agentless Scanning. For existing users who want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, see the instructions for @@ -84,9 +84,9 @@ For existing users who want to add a new AWS account or enable Agentless Scannin ##### Installation -1. On the [Intro to Cloud Security Management][4] page, click **Get Started with Cloud Security Management**. +1. On the [Intro to Workload Protection][4] page, click **Get Started with Workload Protection**. 1. Click **Quick Start**. The **Features** page is displayed, showing the features included with Agentless Scanning Quick Start. -1. Click **Start Using Cloud Security Management** to continue. +1. Click **Start Using Workload Protection** to continue. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. 1. **Send AWS Logs to Datadog** and **Detect security issues** are automatically selected by default. Leave the selections as-is. @@ -108,7 +108,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -125,14 +125,14 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud The [Terraform Datadog Agentless Scanner module][6] provides a simple and reusable configuration for installing the Datadog Agentless scanner. {{% collapse-content title="Terraform setup guide" level="h4" id="terraform-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. +If you've already [set up Workload Protection][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Workload Protection for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
{{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Under **Choose a method for adding your AWS account**, select **Manually**. 1. Follow the instructions for installing the [Datadog Agentless Scanner module][2]. @@ -147,7 +147,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > AWS**. 1. Click the **Edit scanning** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. **Enable Resource Scanning** should already be toggled on. If it isn't, toggle **Enable Resource Scanning** to the on position. 1. In the **How would you like to set up Agentless Scanning?** section, select **Terraform**. @@ -162,7 +162,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing Azure subscription" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > Azure**. +1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > Azure**. 1. Expand the Tenant containing the subscription where you want to deploy the Agentless scanner. 1. Click the **Enable** button for the Azure subscription where you want to deploy the Agentless scanner. 1. Toggle **Vulnerability Scanning** to the on position. @@ -182,7 +182,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. +1. On the [Workload Protection Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. @@ -209,9 +209,9 @@ For usage examples, refer to our [Github repository](https://github.com/DataDog/ Use the AWS CloudFormation template to create a CloudFormation stack. The template includes the IAM permissions required to deploy and manage Agentless scanners. {{% collapse-content title="AWS CloudFormation setup guide" level="h4" id="aws-cloudformation-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. +If you've already [set up Workload Protection][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Workload Protection for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -220,7 +220,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Workload Protection Setup][1] page, click **Cloud Integrations** > **AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. @@ -234,7 +234,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Workload Protection Setup][1] page, click **Cloud Integrations** > **AWS**. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. Verify that **Enable Resource Scanning** is toggled on. If it isn't, switch the **Enable Resource Scanning** toggle to the on position and complete Steps 3-7 in [New AWS Account][2]. 1. In the **Agentless Scanning** section, toggle **Host Vulnerability Scanning**, **Container Vulnerability Scanning**, **Lambda Vulnerability Scanning**, and **Data Security Scanning** to the on position. @@ -261,7 +261,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -277,7 +277,7 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud Use the Azure Resource Manager template to deploy the Agentless Scanner. The template includes the role definitions required to deploy and manage Agentless scanners. {{% collapse-content title="Azure Resource Manager setup guide" level="h4" id="azure-resource-manager-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach. +If you've already [set up Workload Protection][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -306,7 +306,7 @@ Follow the instructions for setting up the [Datadog Azure integration][1]. ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **Azure**. +1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **Azure**. 1. Locate your subscription's tenant, expand the list of subscriptions, and identify the subscription for which you want to disable Agentless Scanning. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloud_integrations.md b/content/en/security/cloud_security_management/setup/cloud_integrations.md index 589cf66da25a0..f88cb76eec48d 100644 --- a/content/en/security/cloud_security_management/setup/cloud_integrations.md +++ b/content/en/security/cloud_security_management/setup/cloud_integrations.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management via Cloud Integrations +title: Deploying Workload Protection via Cloud Integrations aliases: - /security/cloud_security_management/setup/csm_enterprise/cloud_accounts - /security/cloud_security_management/setup/csm_pro/cloud_accounts @@ -42,7 +42,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To stop resource collection for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and switch the **Enable Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -53,7 +53,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. 1. Expand the **Azure** section. 1. To stop resource collection for a subscription, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -64,7 +64,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. 1. Expand the **GCP** section. 1. To stop resource collection for a project, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md index de44db7a5602a..b213db3c3bb1e 100644 --- a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md +++ b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md @@ -1,5 +1,5 @@ --- -title: Setting up AWS CloudTrail Logs for Cloud Security Management +title: Setting up AWS CloudTrail Logs for Workload Protection --- Set up AWS CloudTrail Logs to get the most out of [CSM Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index 91b3836dac768..849be49a7b1bd 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -1,11 +1,11 @@ --- -title: Setting up IaC Remediation for Cloud Security Management +title: Setting up IaC Remediation for Workload Protection aliases: - /security/cloud_security_management/setup/source_code_integrations further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Workload Protection" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -14,7 +14,7 @@ further_reading: text: "CSM Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security Management (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Workload Protection. IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 07cdc54ec0a08..17cff972cfd90 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -1,9 +1,9 @@ --- -title: Setting up IaC Scanning for Cloud Security Management +title: Setting up IaC Scanning for Workload Protection further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Workload Protection" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -16,7 +16,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security Management (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Workload Protection. IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md index c8b32f26ba22d..4cad083b52299 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md @@ -6,7 +6,7 @@ further_reading: text: "IaC Scanning" - link: "/security/cloud_security_management/setup/iac_scanning" tag: "Documentation" - text: "Setting up IaC Scanning for Cloud Security Management" + text: "Setting up IaC Scanning for Workload Protection" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index 90f05937f82c9..a197635acd526 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -2,7 +2,7 @@ title: Setting Up CSM without Infrastructure Monitoring --- -In addition to setting up Cloud Security Management (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. +In addition to setting up Workload Protection with or without an Agent, you can also set it up without Infrastructure Monitoring. ## Set up CSM on your AWS account @@ -11,7 +11,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required account, add it by clicking **Add AWS Account(s)** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account number, navigate to the **Metric Collection** tab, then click the **disable metric collection** link. Then, click **Disable Metric Collection** to confirm. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, and a setup dialog automatically opens for the selected account. +1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, and a setup dialog automatically opens for the selected account. 1. On the setup dialog, switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -24,7 +24,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required client ID, add it by clicking **Add New App Registration** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the **Metric Collection** tab, then turn off the **Enable Metric Collection** toggle. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -37,7 +37,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required account, add it by clicking **Add GCP Account** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account name, navigate to the **Metric Collection** tab. Then, above the Metric Collection table, click **Disable All**. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 7ff68a05fe476..dfdbee04fa726 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -12,7 +12,7 @@ further_reading: text: "Learn more about CSM Vulnerabilities" --- -Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security Management (CSM) uses different measures of severity to calculate the scores. +Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Workload Protection uses different measures of severity to calculate the scores. ## CSM severity scoring framework diff --git a/content/en/security/cloud_security_management/troubleshooting/_index.md b/content/en/security/cloud_security_management/troubleshooting/_index.md index 67e997f465fcc..53fe01435131f 100644 --- a/content/en/security/cloud_security_management/troubleshooting/_index.md +++ b/content/en/security/cloud_security_management/troubleshooting/_index.md @@ -1,11 +1,11 @@ --- -title: Cloud Security Management Troubleshooting +title: Workload Protection Troubleshooting disable_toc: true --- {{< whatsnext desc="Troubleshooting Guides" >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Cloud Security Management Threats{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Workload Protection Threats{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Management Vulnerabilities{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Workload Protection Vulnerabilities{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 5a12c0d3f8a42..64a8ac9d0f701 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Cloud Security Management Threats +title: Troubleshooting Workload Protection Threats aliases: - /security_platform/cloud_workload_security/troubleshooting/ - /security_platform/cloud_security_management/troubleshooting/ @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" --- -If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Workload Protection Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare @@ -29,7 +29,7 @@ If you don't have a case ID, just enter your email address used to login in Data ## Agent Self tests -In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Cloud Security Management Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: +In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Workload Protection Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: | Platform | Command | | -------- | ------- | diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index 9300532c3e6b6..c3750f170dbbd 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Cloud Security Management Vulnerabilities +title: Troubleshooting Workload Protection Vulnerabilities aliases: - /security/vulnerabilities/troubleshooting/ further_reading: @@ -16,7 +16,7 @@ further_reading: ## Overview -If you experience issues with Cloud Security Management (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Workload Protection Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Error messages diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index bd4fd37b965e9..0924133c84a5b 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Vulnerabilities +title: Workload Protection Vulnerabilities aliases: - /security/infrastructure_vulnerabilities/ - /security/vulnerabilities/ @@ -18,21 +18,21 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" - link: "https://www.datadoghq.com/blog/csm-vulnerability-management/" tag: "Blog" - text: "Mitigate infrastructure vulnerabilities with Datadog Cloud Security Management" + text: "Mitigate infrastructure vulnerabilities with Datadog Workload Protection" - link: "https://www.datadoghq.com/blog/datadog-container-image-view/" tag: "Blog" text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" --- {{< site-region region="gov" >}} -
Cloud Security Management Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). +
Workload Protection Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). Request access by filling this form.
{{< /site-region >}} ## Overview -Cloud Security Management Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. +Workload Protection Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. With CSM Vulnerabilities, you can manage your cloud security management strategy, all in one place: diff --git a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md index d789fe45152f2..099d13a5fb1a2 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md +++ b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md @@ -4,7 +4,7 @@ title: CSM Vulnerabilities Hosts and Containers Compatibility ## Operating systems -Cloud Security Management Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: +Workload Protection Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: | Operating System | Supported Versions | Package Managers / Source | Agentless support | Agent support | |--------------------------|-----------------------------------------------------|---------------------------|-------------------|-------------------| @@ -33,7 +33,7 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho ## Application libraries -Cloud Security Management Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: +Workload Protection Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: | Language | Supported Package Manager | Supported Files | Agentless support | Agent support | |----------|---------------------------|----------------------------------------------------------------------|-------------------|-------------------| diff --git a/content/en/security/cloud_siem/_index.md b/content/en/security/cloud_siem/_index.md index 1c1b7893455de..f1a175bf16853 100644 --- a/content/en/security/cloud_siem/_index.md +++ b/content/en/security/cloud_siem/_index.md @@ -39,7 +39,7 @@ further_reading: --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Workload Protection elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} ## Overview diff --git a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md index 5c5128c93a5f5..d74ae568fa51e 100644 --- a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md +++ b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md @@ -24,7 +24,7 @@ As another example, you can create a signal by combining these two rules: And use the `expired account ID` attribute to correlate the two rules. -You can correlate log detection rules, as well as log detection rules with Cloud Security Management Threats and Application Security Management rules. +You can correlate log detection rules, as well as log detection rules with Workload Protection Threats and App & API Protection rules. ## Create a Signal Correlation rule diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index a26825b5ce82c..a53536247cbd9 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Cloud Security Management (CSM) insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Workload Protection insights in the entity panel, [CSM must be configured][2]. ## Explore risk insights diff --git a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md index 5ba7eb580aac4..d10cc169f6b66 100644 --- a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md +++ b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md @@ -21,7 +21,7 @@ The following examples are covered in this guide: * [Configure the default security filter to exclude certain logs](#add-an-exclusion) * [Create custom security filters to specify which log sources to analyze](#create-a-custom-filter) -**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. +**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Workload Protection Threats (`source:runtime-security-agent`) and Workload Protection Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. ## Prerequisites diff --git a/content/en/security/code_security/iast/setup/compatibility/_index.md b/content/en/security/code_security/iast/setup/compatibility/_index.md index 2aa29e071f358..65afebb76ce91 100644 --- a/content/en/security/code_security/iast/setup/compatibility/_index.md +++ b/content/en/security/code_security/iast/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App & API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App & API Protection Works in Datadog" --- The following capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/default_rules/_index.md b/content/en/security/default_rules/_index.md index 522c2d6f25ed1..467d2f1992982 100644 --- a/content/en/security/default_rules/_index.md +++ b/content/en/security/default_rules/_index.md @@ -34,11 +34,11 @@ cascade: subcategory: Security Detection Rules --- -Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your App & API Protection library, and the Agent, depending on your configuration.
Datadog's Security Research team continuously adds new OOTB security detection rules. While the aim is to deliver high-quality detections with the release of integrations or other new features, the performance of these detections at scale often needs to be observed before making the rule generally available. These rules contain a Beta tag. This gives Datadog's Security Research team time to either refine or deprecate detection opportunities that do not meet Datadog's standards.
-Click the following buttons to filter the detection rules. Security detection rules are available for [Application Security Management][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. +Click the following buttons to filter the detection rules. Security detection rules are available for [App & API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. [1]: /security/detection_rules/ [2]: /security/cloud_siem/ diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 5bf81efdbc99b..7ad5e644ab627 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -22,10 +22,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- @@ -36,16 +36,16 @@ Detection rules define conditional logic that is applied to all ingested logs an ## Out-of-the-box detection rules -Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your App & API Protection library, and the Agent, depending on your configuration. Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. -- Cloud Security Management (CSM): +- Workload Protection: - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. -- [Application Security Management][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. +- [App & API Protection][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules @@ -59,7 +59,7 @@ To [create custom rules](#create-detection-rules), you can clone the default rul ## Search and filter detection rules -To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security Management, and Cloud SIEM). +To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Workload Protection, and Cloud SIEM). To search and filter the rules, use the search box and facets to query by value. For example, to only show rules for a given rule type, hover over the rule type and select `only`. You can also filter by facets such as `source` and `severity` when investigating and triaging incoming issues. @@ -120,7 +120,7 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - For ASM: Click **Application Security** and then click **Detection Rules**. - - For CSM: Click **Cloud Security Management** and then click **Threat Detection Rules**. + - For CSM: Click **Workload Protection** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. 1. In the rule editor, click **Version History** to see past changes. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 4340782998f52..1032b58a67f54 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -10,7 +10,7 @@ further_reading: text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" --- -This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Workload Protection][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. {{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} @@ -55,24 +55,24 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the
- + - + - +
AWS IAM roles and policies Log ManagementCloud Security ManagementWorkload Protection Cloud SIEM
AWS databases Log ManagementCloud Security ManagementWorkload Protection Cloud SIEM
AWS S3 buckets Log ManagementCloud Security ManagementWorkload Protection Cloud SIEM
-## Cloud Security Management +## Workload Protection ### Prerequisites @@ -80,7 +80,7 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the - Access to AWS Management Console - AWS Fargate ECS or EKS workloads -
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Workload Protection.
### Images @@ -362,7 +362,7 @@ In the task definition, replace the "workload" container with the following: - The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment - Datadog APM is configured for your application or service -
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with Application Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with App & API Protection.
### Installation diff --git a/content/en/security/notifications/_index.md b/content/en/security/notifications/_index.md index f455e717c6583..4b88d3c985b1f 100644 --- a/content/en/security/notifications/_index.md +++ b/content/en/security/notifications/_index.md @@ -16,10 +16,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index 837d1702b3e03..ccd20a4fe4efc 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -15,10 +15,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/variables.md b/content/en/security/notifications/variables.md index 2bc1b3f587a08..eeb1b21a04f77 100644 --- a/content/en/security/notifications/variables.md +++ b/content/en/security/notifications/variables.md @@ -13,10 +13,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- @@ -139,7 +139,7 @@ user@domain.com just logged in without MFA from 1.2.3.4. {{% /tab %}} -{{% tab "Application Security Management" %}} +{{% tab "App & API Protection" %}} ```json { diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 1ed00bc4a4720..dd1f383d644eb 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -3,10 +3,10 @@ title: Security Inbox further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Learn more about Application Security Management" + text: "Learn more about App & API Protection" - link: "/security/cloud_security_management" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Workload Protection" - link: "/security/default_rules/#all" tag: "Documentation" text: "Out-of-the-box Detection Rules" @@ -14,10 +14,10 @@ further_reading: tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" products: -- name: Cloud Security Management +- name: Workload Protection url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from App & API Protection (AAP) and Workload Protection. By default, these include the following types of findings: - A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. - A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. diff --git a/content/en/security/sensitive_data_scanner/_index.md b/content/en/security/sensitive_data_scanner/_index.md index 4b68161d3bba5..349f43784408b 100644 --- a/content/en/security/sensitive_data_scanner/_index.md +++ b/content/en/security/sensitive_data_scanner/_index.md @@ -93,7 +93,7 @@ Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners Sensitive Data Scanner leverages its [entire rules library][10] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. **Note**: Data stores and their files are only read in your environment—no sensitive data that was scanned is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Workload Protection][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Workload Protection. See [Set up Sensitive Data Scanner for Cloud Storage][12] for setup details. diff --git a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md index 2bf872751a920..2bef7bc5ccd4b 100644 --- a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md +++ b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md @@ -82,7 +82,7 @@ To investigate a datastore: - If it is not supposed to be in the bucket, delete the files or move them to an appropriate bucket. - If it is supposed to be in the bucket, complete the following steps to improve your security posture: 1. Click the **Security** tab in the side panel and review the **Misconfigurations** section. - 1. Click on a misconfiguration to see details in Cloud Security Management. + 1. Click on a misconfiguration to see details in Workload Protection. 1. In the **Next Steps** section: 1. Under **Triage**, click the dropdown to change the triage status of the signal. The default status is `OPEN`. 1. Click **Assign Signal** to assign a signal to yourself or another Datadog user. diff --git a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md index 4e94ac62a62d5..78d0edcf90677 100644 --- a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md +++ b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md @@ -85,7 +85,7 @@ You can add a scanner to a new AWS account or an existing AWS account. 1. Select the AWS region in the dropdown menu. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. **Note**: Only users with `api_keys_write` permissions can enable Remote Configuration for individual API keys. 1. If you want to send AWS logs to Datadog, leave **Yes** selected. -1. Select **Yes** if you want to use Datadog Cloud Security Management. +1. Select **Yes** if you want to use Datadog Workload Protection. 1. **Enable Sensitive Data Scanner** is automatically selected by default. This tells CloudFormation to add the AWS Managed SecurityAudit policy to your Datadog AWS Integration role and enable Agentless Scanning to start scanning your cloud data stores. 1. Click **Launch CloudFormation Template**. diff --git a/content/en/security/suppressions.md b/content/en/security/suppressions.md index 875a2a8fc7629..761823d6a7931 100644 --- a/content/en/security/suppressions.md +++ b/content/en/security/suppressions.md @@ -12,7 +12,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threat_intelligence.md b/content/en/security/threat_intelligence.md index 3b2df4261245e..e85bb1f5a031d 100644 --- a/content/en/security/threat_intelligence.md +++ b/content/en/security/threat_intelligence.md @@ -14,7 +14,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App & API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index bd81d4d3d1710..587637d597e25 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Threats +title: Workload Protection Threats aliases: - /security_platform/cloud_workload_security/ - /security/cloud_workload_security/ @@ -9,7 +9,7 @@ aliases: - /security/threats/runtime_anomaly_detection --- -Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. +Workload Protection Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. ## Detect threats to your production workloads in real-time @@ -22,7 +22,7 @@ CSM Threats uses the Datadog Agent to monitor your environment. If you don't alr 3. **DNS Activity Monitoring** to watch network traffic for malicious activity on hosts and containers in real-time. 4. **Kernel Activity Monitoring** to watch for kernel-layer attacks like process hijacking, container breakouts, and more in real-time. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues to remediate" width="100%">}} ## Proactively block threats with Active Protection @@ -62,7 +62,7 @@ Datadog is introducing a new feature called Active Protection to address the cry {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Threats{{< /nextlink >}} {{< nextlink href="/security/threats/workload_security_rules">}}Learn about CSM Threats detection rules{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Workload Protection{{< /nextlink >}} {{< /whatsnext >}} [1]: /security/threats/setup/?tab=kuberneteshelm#prerequisites diff --git a/content/en/security/threats/agent.md b/content/en/security/threats/agent.md index 4a990bbba0112..94e830ad2ebbd 100644 --- a/content/en/security/threats/agent.md +++ b/content/en/security/threats/agent.md @@ -17,7 +17,7 @@ The **Assisted rule creator** option helps you create the Agent and dependent de For details, see [Creating Custom Detection Rules][1]. ## Agent expression syntax -Cloud Security Management Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: +Workload Protection Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: {{< code-block lang="javascript" >}} . [ .] ... diff --git a/content/en/security/threats/investigate_agent_events.md b/content/en/security/threats/investigate_agent_events.md index 48032ff3512b2..bb54d6ec88b11 100644 --- a/content/en/security/threats/investigate_agent_events.md +++ b/content/en/security/threats/investigate_agent_events.md @@ -13,7 +13,7 @@ further_reading: text: "Learn more about security notifications" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" + text: "Secure your Windows workloads with Datadog Workload Protection" --- diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index f5c7e78af4b90..6a4ee0743cb21 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -13,12 +13,12 @@ further_reading: text: "Learn more about security notifications" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" + text: "Secure your Windows workloads with Datadog Workload Protection" --- -[Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. +[Workload Protection Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. -To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. +To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Workload Protection. {{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} diff --git a/content/en/security/threats/supported_linux_distributions.md b/content/en/security/threats/supported_linux_distributions.md index fed1bbb57f1b6..a631d9fcef517 100644 --- a/content/en/security/threats/supported_linux_distributions.md +++ b/content/en/security/threats/supported_linux_distributions.md @@ -2,7 +2,7 @@ title: CSM Threats Supported Linux Distributions --- -Cloud Security Management Threats supports the following Linux distributions: +Workload Protection Threats supports the following Linux distributions: | Linux Distributions | Supported Versions | |---------------------------------------------------------------|-------------------------| @@ -20,7 +20,7 @@ Cloud Security Management Threats supports the following Linux distributions: - Custom kernel builds are not supported. - The [CSM Threats eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. -- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Cloud Security Management Threats][1]. +- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Workload Protection Threats][1]. - Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported). [1]: /security/cloud_security_management/troubleshooting/threats diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index ac9d5b0163d6a..5369c2569ed81 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -18,7 +18,7 @@ further_reading: text: "Learn more about Security notification variables" --- -This topic explains how Cloud Security Management Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. +This topic explains how Workload Protection Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. ## Proactively block threats with Active Protection diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index c01af0b88437d..c5749602bf837 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -33,7 +33,7 @@ Here are some important [role and permissions][11] to use for custom rules RBAC: ## Policies -Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security Management > Agent Configuration][3]. +Rules are managed and applied using policies. To view policies, go to [Security > Workload Protection > Agent Configuration][3]. You can create and deploy different custom policies containing rules you want to apply to different sets of hosts in your infrastructure. @@ -48,7 +48,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Create a policy -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Workload Protection > Agent Configuration][3]. 2. Click **New Policy**. You can also open an existing policy, click **Actions**, and clone it. 3. Enter a name for the policy and click **Create**. The new policy is created and placed as the top priority, but it is not enabled or deployed. @@ -60,7 +60,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Prioritize policies -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Workload Protection > Agent Configuration][3]. 2. Click **Determine Priority**. 3. Drag the policies to set their priority. 4. Click **Confirm Reordering**. @@ -75,7 +75,7 @@ When a policy is overridden, the **Overridden** status is displayed. Hover over Tags identify two things: the Agents using the policy and the infrastructure where those Agents apply the policy. For example, if a policy has the tag `cluster_name:mycluster` the Agents in that cluster use the policy on the hosts in that cluster. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Workload Protection > Agent Configuration][3]. 2. Hover over a policy, or open a policy, and click **Apply Tags & Deploy Policy**. 3. Enter tags and click **Apply**. If the policy is enabled, the policy is applied to the tag targets. @@ -116,7 +116,7 @@ As you define the rules using this tool, the threat expressions generated for th To use the Assisted rule creator: -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Workload Protection > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Assisted rule creator**. 4. Define the detection. To monitor your resource effectively, you have the following detection type options: @@ -136,7 +136,7 @@ To use the Assisted rule creator: You can create a custom Agent rule and deploy it as part of a new Agent policy. Later, when defining a custom [detection rule][3], you reference the custom Agent rule and add expression parameters. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Workload Protection > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Manual rule creator**. 4. Add a name and description for the rule. diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index f2c77c63bc596..d158e565cde42 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -10,7 +10,7 @@ further_reading: text: "Notification Rules" --- -This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security Management (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. +This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Workload Protection][4], and more specifically cloud configuration and infrastructure configuration signals. Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). diff --git a/content/en/serverless/aws_lambda/_index.md b/content/en/serverless/aws_lambda/_index.md index 9ca209721de7a..e5fef65e00cfa 100644 --- a/content/en/serverless/aws_lambda/_index.md +++ b/content/en/serverless/aws_lambda/_index.md @@ -86,7 +86,7 @@ Easily correlate serverless code, configuration, and deployment changes with met {{< whatsnext desc=" ">}} {{< nextlink href="/serverless/aws_lambda/profiling" >}}Continuous Profiler: Enable Datadog's Continuous Profiler to find the exact line of code in your Lambda function that is causing bottlenecks.{{< /nextlink >}} - {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use Application Security Management (ASM) to manage threats to your functions.{{< /nextlink >}} + {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use App & API Protection (AAP) to manage threats to your functions.{{< /nextlink >}} {{< nextlink href="/serverless/deployment_tracking" >}}Deployment Tracking: Track deployments to see when a new version of code or a configuration change causes a regression.{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md index c32bb442c1a41..932787e158b7f 100644 --- a/content/en/serverless/aws_lambda/configuration.md +++ b/content/en/serverless/aws_lambda/configuration.md @@ -61,7 +61,7 @@ Redeploy the function and invoke it. After a few minutes, it appears in [ASM vie [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: +To see App & API Protection threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: ```sh curl -H 'My-ASM-Test-Header: acunetix-product' https:/// ``` diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/installation/dotnet.md index ce99e9c5c2b05..aaa97127c1de9 100644 --- a/content/en/serverless/aws_lambda/installation/dotnet.md +++ b/content/en/serverless/aws_lambda/installation/dotnet.md @@ -305,7 +305,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/installation/go.md index 6cf84b71e522d..32ae5bd7abf7a 100644 --- a/content/en/serverless/aws_lambda/installation/go.md +++ b/content/en/serverless/aws_lambda/installation/go.md @@ -166,7 +166,7 @@ func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, er ## Minimize cold start duration Version 67+ of [the Datadog Extension][5] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/installation/java.md index 2ed5cede85033..665811d05458b 100644 --- a/content/en/serverless/aws_lambda/installation/java.md +++ b/content/en/serverless/aws_lambda/installation/java.md @@ -372,7 +372,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][12] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/installation/nodejs.md index de0e54273478a..e6dc0a6bd1b23 100644 --- a/content/en/serverless/aws_lambda/installation/nodejs.md +++ b/content/en/serverless/aws_lambda/installation/nodejs.md @@ -389,7 +389,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/installation/python.md index ac1a09ae0c11a..f8e96bb2abc17 100644 --- a/content/en/serverless/aws_lambda/installation/python.md +++ b/content/en/serverless/aws_lambda/installation/python.md @@ -408,7 +408,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/installation/ruby.md index 0d872a443ebd7..5df623df6883c 100644 --- a/content/en/serverless/aws_lambda/installation/ruby.md +++ b/content/en/serverless/aws_lambda/installation/ruby.md @@ -333,7 +333,7 @@ To install and configure the Datadog Serverless Plugin, follow these steps: ## Minimize cold start duration Version 67+ of [the Datadog Extension][10] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/securing_functions.md b/content/en/serverless/aws_lambda/securing_functions.md index 8a7bae7a2cd73..43c3e8340445c 100644 --- a/content/en/serverless/aws_lambda/securing_functions.md +++ b/content/en/serverless/aws_lambda/securing_functions.md @@ -3,17 +3,17 @@ title: Securing Functions further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management" + text: "App & API Protection" - link: "/security/application_security/how-appsec-works" tag: "Documentation" text: "How Application Security Works" --- -[Datadog Application Security Management (ASM)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. +[Datadog App & API Protection (AAP)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. -ASM secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. +AAP secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. -ASM supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. +AAP supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. You can [get started managing threats to your functions with ASM][3] today. diff --git a/content/en/serverless/azure_app_services/azure_app_services_windows.md b/content/en/serverless/azure_app_services/azure_app_services_windows.md index 716db99f624d6..e5854a3474853 100644 --- a/content/en/serverless/azure_app_services/azure_app_services_windows.md +++ b/content/en/serverless/azure_app_services/azure_app_services_windows.md @@ -267,7 +267,7 @@ Datadog's Azure App Service Node.js extension supports Azure App Service Web App - `DD_ENV`: Your environment name - `DD_SERVICE`: Your service name (defaults to your Web App name) - `DD_RUNTIME_METRICS_ENABLED`: `true` to enable runtime metrics - - `DD_APPSEC_ENABLED`: `true` to enable [Application Security Management][11] + - `DD_APPSEC_ENABLED`: `true` to enable [App & API Protection][11] See the full list of [optional configuration settings][5]. 6. Select **Save**. This restarts your application. diff --git a/content/en/service_management/incident_management/declare.md b/content/en/service_management/incident_management/declare.md index e90f9f71a2efb..093824e76265d 100644 --- a/content/en/service_management/incident_management/declare.md +++ b/content/en/service_management/incident_management/declare.md @@ -29,10 +29,10 @@ Incidents created from a monitor will inherit [field values][10] from the monito ## From a Security Signal -Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. +Declare an incident directly from a Cloud SIEM or Workload Protection Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Workload Protection. -Declare an incident from an Application Security Management signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. -For more information, see [Investigate Security Signals][4] for Application Security Management. +Declare an incident from an App & API Protection signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. +For more information, see [Investigate Security Signals][4] for App & API Protection. {{< img src="/service_management/incidents/declare/declare_asm.png" alt="Your image description" style="width:90%;" >}} diff --git a/content/en/software_catalog/navigating.md b/content/en/software_catalog/navigating.md index 54ac70b299655..e7a76ec7db5ef 100644 --- a/content/en/software_catalog/navigating.md +++ b/content/en/software_catalog/navigating.md @@ -88,7 +88,7 @@ The **Security tab** provides several ways to assess and improve the security po - Are receiving the most attack attempts. - Are targeted by the most attackers. - Have the most severe threats, where the services are impacted by the attacks. -- Are monitored and protected by [Application Security Management][8] +- Are monitored and protected by [App & API Protection][8] To access additional details describing security vulnerabilities and signals, click on the service row to open a detailed side panel. Alternatively, click on the pop-over **View Service Details** button, which opens the service page, and in turn, its security tab. diff --git a/content/en/software_catalog/use_cases/_index.md b/content/en/software_catalog/use_cases/_index.md index 7e95dfb2e1ca8..ef9b394afeb85 100644 --- a/content/en/software_catalog/use_cases/_index.md +++ b/content/en/software_catalog/use_cases/_index.md @@ -12,7 +12,7 @@ Learn how teams use Datadog Software Catalog to centralize knowledge, streamline {{< whatsnext desc=" " >}} {{< nextlink href="/software_catalog/use_cases/api_management/" >}}API Management{{< /nextlink >}} {{< nextlink href="/software_catalog/use_cases/cloud_cost_management" >}}Cloud Cost Management{{< /nextlink >}} - {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}Application Security Management{{< /nextlink >}} + {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}App & API Protection{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dev_onboarding" >}}Developer Onboarding{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dependency_management" >}}Dependency Management{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/production_readiness" >}}Production Readiness{{< /nextlink >}} diff --git a/content/en/software_catalog/use_cases/appsec_management.md b/content/en/software_catalog/use_cases/appsec_management.md index 3adc8eb98c20f..056a05bd8c755 100644 --- a/content/en/software_catalog/use_cases/appsec_management.md +++ b/content/en/software_catalog/use_cases/appsec_management.md @@ -12,7 +12,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Datadog Application Security Management" + text: "Datadog App & API Protection" --- The Software Catalog enables organizations to seamlessly incorporate security into every development stage, ensuring a strong security posture across teams, applications, and systems. diff --git a/content/en/tracing/configure_data_security/_index.md b/content/en/tracing/configure_data_security/_index.md index 48f58d644eecb..e61bb57333aa1 100644 --- a/content/en/tracing/configure_data_security/_index.md +++ b/content/en/tracing/configure_data_security/_index.md @@ -226,7 +226,7 @@ The table below describes the default behavior of each language tracing library {{% /tabs %}} -If you use Datadog Application Security Management (ASM), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. +If you use Datadog App & API Protection (AAP), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. ## Agent diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md index aa7972ce7000d..80db74900c5aa 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md @@ -66,7 +66,7 @@ Refer to the instructions in the section corresponding to your preference below: - Comprehensive tracing coverage: - Instruments your code and all dependencies, including the Go standard library - Instruments your code during compilation, preventing gaps in tracing coverage due to overlooked manual instrumentation -- Exclusive [Application Security Management][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). +- Exclusive [App & API Protection][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). ### Requirements diff --git a/content/en/tracing/trace_collection/library_config/nodejs.md b/content/en/tracing/trace_collection/library_config/nodejs.md index 88a8fa111fa79..ede087f309f19 100644 --- a/content/en/tracing/trace_collection/library_config/nodejs.md +++ b/content/en/tracing/trace_collection/library_config/nodejs.md @@ -218,7 +218,7 @@ Remote configuration polling interval in seconds. `DD_APPSEC_ENABLED` : **Configuration**: `appsec.enabled`
**Default**: `false`
-Enable Application Security Management features. +Enable App & API Protection features. `DD_APPSEC_RULES` : **Configuration**: `appsec.rules`
diff --git a/content/en/tracing/trace_explorer/trace_view.md b/content/en/tracing/trace_explorer/trace_view.md index 5f24ae7dbbc87..3af1059d90822 100644 --- a/content/en/tracing/trace_explorer/trace_view.md +++ b/content/en/tracing/trace_explorer/trace_view.md @@ -228,7 +228,7 @@ Click on a service's span to see network dependencies of the service making the See attack attempts that target the services of the distributed trace. You can see the pattern used by the attacker, the rule that detects the attack, and whether the attacker found a vulnerability in your service. -Click **View in ASM** to investigate further using [Datadog Application Security Management][1]. +Click **View in ASM** to investigate further using [Datadog App & API Protection][1]. {{< img src="tracing/trace_view/security_tab.png" alt="Security tab" style="width:90%;">}} diff --git a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md index ab9b6dfc2ec24..c8ab552670d04 100644 --- a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md +++ b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md @@ -849,7 +849,7 @@ Some additional ingestion reasons are attributed to spans that are generated by | Product | Ingestion Reason | Ingestion Mechanism Description | |------------|-------------------------------------|---------------------------------| | Serverless | `lambda` and `xray` | Your traces received from the [Serverless applications][14] traced with Datadog Tracing Libraries or the AWS X-Ray integration. | -| Application Security Management | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | +| App & API Protection | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | | Data Jobs Monitoring | `data_jobs` | Traces ingested from the Datadog Java Tracer Spark integration or the Databricks integration. | ## Ingestion mechanisms in OpenTelemetry diff --git a/content/en/tracing/trace_pipeline/trace_retention.md b/content/en/tracing/trace_pipeline/trace_retention.md index 83065a91e4c3a..d0cd37d127f11 100644 --- a/content/en/tracing/trace_pipeline/trace_retention.md +++ b/content/en/tracing/trace_pipeline/trace_retention.md @@ -77,7 +77,7 @@ There are two types of retention filters: The following retention filters are enabled by default: - The `Error Default` retention filter indexes error spans with `status:error`. The retention rate and the query are configurable. For example, to capture production errors, set the query to `status:error, env:production`. Disable the retention filter if you do not want to capture the errors by default. -- The `Application Security Monitoring Default` retention filter is enabled if you are using [Application Security Management][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). +- The `Application Security Monitoring Default` retention filter is enabled if you are using [App & API Protection][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). - The `Synthetics Default` retention filter is enabled if you are using Synthetic Monitoring. It ensures that traces generated from synthetic API and browser tests remain available by default. See [Synthetic APM][15] for more information, including how to correlate traces with synthetic tests. - The `Dynamic Instrumentation Default` retention filter is enabled if you are using [Dynamic Instrumentation][17]. It ensures spans created dynamically with Dynamic instrumentation remain available in the long term by default. From 0ff238b8e5b0b9a8d59273192ea93df4c1f180a5 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Wed, 9 Apr 2025 13:55:16 -0600 Subject: [PATCH 02/28] Remove outdated blog post links --- .../security/cloud_security_management.md | 6 ------ .../en/security/cloud_security_management/_index.md | 12 ------------ .../misconfigurations/signals_explorer.md | 3 --- .../setup/agentless_scanning/_index.md | 3 --- .../vulnerabilities/_index.md | 3 --- .../en/security/threats/investigate_agent_events.md | 3 --- content/en/security/threats/security_signals.md | 3 --- 7 files changed, 33 deletions(-) diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 6a141f0d53b39..dd2267d8b4ded 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -18,12 +18,6 @@ further_reading: - link: "https://www.datadoghq.com/blog/detecting-leaked-credentials/" tag: "Blog" text: "How we detect and notify users about leaked Datadog credentials" -- link: "https://www.datadoghq.com/blog/security-posture-csm/" - tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" -- link: "https://www.datadoghq.com/blog/agentless-scanning/" - tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 17ee25acba982..fec15e1193069 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -24,30 +24,18 @@ further_reading: - link: "https://www.datadoghq.com/blog/workload-security-evaluator/" tag: "Blog" text: "Run Atomic Red Team detection tests in container environments with Datadog's Workload Security Evaluator" - - link: "https://www.datadoghq.com/blog/security-context-with-datadog-cloud-security-management/" - tag: "Blog" - text: "Add security context to observability data with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-labs-ruleset-launch/" tag: "Blog" text: "Fix common cloud security risks with the Datadog Security Labs Ruleset" - link: "https://www.datadoghq.com/blog/securing-cloud-native-applications/" tag: "Blog" text: "Best practices for application security in cloud-native environments" - - link: "https://www.datadoghq.com/blog/custom-detection-rules-with-datadog-cloud-security-management/" - tag: "Blog" - text: "Customize rules for detecting cloud misconfigurations with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/building-security-coverage-for-cloud-environments/" tag: "Blog" text: "Build sufficient security coverage for your cloud environment" - link: "https://www.datadoghq.com/blog/cloud-security-study-learnings-2024/" tag: "Blog" text: "Key learnings from the 2024 State of Cloud Security study" - - link: "https://www.datadoghq.com/blog/cloud-security-malware-detection/" - tag: "Blog" - text: "Detect malware in your containers with Datadog Cloud Security Management" - - link: "https://www.datadoghq.com/blog/security-posture-csm/" - tag: "Blog" - text: "Report on changes to your security posture with Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-inbox-prioritization/" tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index aa25657578a03..65b9bd5127366 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -11,9 +11,6 @@ further_reading: - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about supported frameworks and industry benchmarks" -- link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" ---
Due to changes in how notification rules are configured, cloud configuration and infrastructure configuration signals will be deprecated in early 2025.
diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index 930dce39c81d4..2ca491d5d1a0c 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -4,9 +4,6 @@ aliases: - /security/agentless_scanning - /security/cloud_security_management/agentless_scanning further_reading: - - link: "https://www.datadoghq.com/blog/agentless-scanning/" - tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "/security/vulnerabilities" tag: "Documentation" text: "Read more about CSM Vulnerabilities" diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index bd4fd37b965e9..e146c9695ee13 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -16,9 +16,6 @@ further_reading: - link: "/security/cloud_security_management/troubleshooting/vulnerabilities" tag: "Documentation" text: "Troubleshooting CSM Vulnerabilities" -- link: "https://www.datadoghq.com/blog/csm-vulnerability-management/" - tag: "Blog" - text: "Mitigate infrastructure vulnerabilities with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/datadog-container-image-view/" tag: "Blog" text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" diff --git a/content/en/security/threats/investigate_agent_events.md b/content/en/security/threats/investigate_agent_events.md index 48032ff3512b2..1102fa9937eb9 100644 --- a/content/en/security/threats/investigate_agent_events.md +++ b/content/en/security/threats/investigate_agent_events.md @@ -11,9 +11,6 @@ further_reading: - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" - - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" --- diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index f5c7e78af4b90..a9441324a1c03 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -11,9 +11,6 @@ further_reading: - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" - - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" - tag: "Blog" - text: "Secure your Windows workloads with Datadog Cloud Security Management" --- [Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. From 9627ed49514a0c6c29202b6ad1c1a122a6bdbd9e Mon Sep 17 00:00:00 2001 From: Michael Cretzman Date: Wed, 9 Apr 2025 15:35:00 -0700 Subject: [PATCH 03/28] CSM acronym to Workload Protection name update --- content/en/infrastructure/resource_catalog/schema.md | 2 +- content/en/security/_index.md | 2 +- content/en/security/cloud_security_management/_index.md | 2 +- .../guide/custom-rules-guidelines.md | 2 +- .../cloud_security_management/guide/eBPF-free-agent.md | 2 +- .../cloud_security_management/identity_risks/_index.md | 2 +- .../cloud_security_management/misconfigurations/_index.md | 4 ++-- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/frameworks_and_benchmarks/_index.md | 2 +- .../frameworks_and_benchmarks/supported_frameworks.md | 2 +- .../cloud_security_management/misconfigurations/kspm.md | 2 +- .../security/cloud_security_management/severity_scoring.md | 4 ++-- content/en/security/threats/_index.md | 4 ++-- .../en/security/threats/workload_security_rules/_index.md | 6 +++--- .../threats/workload_security_rules/custom_rules.md | 2 +- 15 files changed, 20 insertions(+), 20 deletions(-) diff --git a/content/en/infrastructure/resource_catalog/schema.md b/content/en/infrastructure/resource_catalog/schema.md index 1b2cc3d0b0bf9..46b47e14cf54a 100644 --- a/content/en/infrastructure/resource_catalog/schema.md +++ b/content/en/infrastructure/resource_catalog/schema.md @@ -14,7 +14,7 @@ list_section: {{< site-region region="gov" >}}
-CSM Misconfigurations is not available in the selected site. +Workload Protection Misconfigurations is not available in the selected site.
{{< /site-region >}} diff --git a/content/en/security/_index.md b/content/en/security/_index.md index bbdc98bf703a0..cee6cc1b098ab 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -110,7 +110,7 @@ In addition to threat detection, Datadog provides end-to-end code and library vu [Workload Protection][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. -CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. +Workload Protection includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues" width="100%">}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 4071fbfdaa3cd..534c57c18b2e6 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -67,7 +67,7 @@ Datadog Workload Protection delivers deep visibility, continuous configuration a Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. -CSM leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: +Workload Protection leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: - [**Threats**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. - [**Misconfigurations**][2]: Tracks the security hygiene and compliance posture of your production environment, automates audit evidence collection, and enables you to remediate misconfigurations that leave your organization vulnerable to attacks. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index 176becef4516b..59420ed7a72d0 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -31,7 +31,7 @@ Use wildcards (`*`) carefully. For example, never use `open.file.path =~ "*/myfi ## Approvers and discarders -CSM Threats uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. +Workload Protection Threats uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. Approvers act as an allow-list at the kernel level in the Datadog Agent. For example, the opening of a specific file could be an approver on the event `open`, whereas `open` events on files without approvers would be filtered out. Similarly, discarders act as a deny-list in the Agent. Discarders intentionally filter out events that can never match a rule. The Agent learns which events to filter out with discarders during runtime. diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index 6f3eff281a555..35f68bb04cf81 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -12,7 +12,7 @@ This guide also describes some advantages of the ptrace solution. ## Summary of Agent options -CSM Threats includes two Agent options for threat detection and response: +Workload Protection Threats includes two Agent options for threat detection and response: - eBPF solution - eBPF-less solution with ptrace: This version is only available where eBPF is not (Linux kernel versions 3.4 to 4.14). diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index c115ed95ad4d2..6911c979f3d3e 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -34,7 +34,7 @@ Workload Protection Identity Risks (CSM Identity Risks) is a Cloud Infrastructur Review your organization's active identity risks on the [Identity Risks Explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. -CSM Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. +Workload Protection Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. {{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="CSM Identity Risks Explorers page" width="100%">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 09fb7e8e158a3..e18865974a9a0 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -17,13 +17,13 @@ Strengthen your security posture and achieve continuous compliance by detecting, View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations Explorer][2]. -CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. +Workload Protection Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. +Workload Protection Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. [View compliance reports][3] to see how well you're doing against each control in a compliance framework. The reports include details such as resources with the most failed misconfigurations, a comprehensive breakdown of the number of resources with pass/fail misconfigurations, and the top three high-severity rule failures. diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index 299b4a5f9595b..c0be069ebd47c 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -22,7 +22,7 @@ Workload Protection Misconfigurations (CSM Misconfigurations) [out-of-the-box co The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. -CSM Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: +Workload Protection Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: - [**Cloud configuration**][1]: These compliance rules analyze the configuration of resources within your cloud environment. For example, the [CloudFront distribution should be encrypted][3] rule assesses whether an Amazon CloudFront distribution enforces HTTPS to secure communications. - [**Infrastructure configuration**][5]: These checks evaluate containers and Kubernetes clusters using rules from CIS compliance benchmarks for Docker and Kubernetes, as well as Linux workloads against CIS host benchmarks for Ubuntu, Red Hat, and Amazon Linux. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md index 03fd8b9e4c86f..ad967cb04e83b 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md @@ -16,7 +16,7 @@ further_reading: text: "Search and explore misconfigurations" --- -CSM Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. +Workload Protection Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. ## View your compliance posture diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 581b717c73d9e..6ee2162cc2fc4 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -18,7 +18,7 @@ further_reading: text: "Datadog Security extends compliance and threat protection capabilities for Google Cloud" --- -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: +Workload Protection Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|------------------------|-------------------------------------|--------------------------| diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index a89826bab7c43..49a81e28ca9dc 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -46,7 +46,7 @@ Each finding contains the context you need to identify the issue's impact, such ## Assess your Kubernetes security posture against industry-standard frameworks -CSM provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. +Workload Protection provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. For an in-depth explanation on how the security posture score works, see [Security posture score][3]. diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index dfdbee04fa726..64fe74a05042a 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -16,7 +16,7 @@ Accurate severity scores help security teams understand the risks that vulnerabi ## CSM severity scoring framework -CSM Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. +Workload Protection Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. ### Likelihood @@ -116,7 +116,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: ## CVSS 3.1 -CSM Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: +Workload Protection Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: - Whether the underlying infrastructure is running and how wide-spread the impact is. - The environment in which the underlying infrastructure is running. For example, if the environment is not production, the severity is downgraded. diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index 587637d597e25..246f5bfa3d890 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -15,7 +15,7 @@ Workload Protection Threats (CSM Threats) monitors file, network, and process ac Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine CSM Threats with [Cloud Network Monitoring][9] and detect suspicious activity at the network level before a workload is compromised. -CSM Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for CSM Threats: +Workload Protection Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for CSM Threats: 1. **Process Execution Monitoring** to watch process executions for malicious activity on hosts or containers in real-time. 2. **File Integrity Monitoring** to watch for changes to key files and directories on hosts or containers in real-time. @@ -32,7 +32,7 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and ## Manage out-of-the-box and custom detection rules -CSM Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior. +Workload Protection Threats comes with more than 50 out-of-the-box detection rules that are maintained by a team of security experts. The rules surface the most important risks so that you can immediately take steps to remediate. Agent expression rules define the workload activities to be collected for analysis while backend detection rules analyze the activities and identify attacker techniques and other risky patterns of behavior. Use [Remote Configuration][7] to automatically deploy new and updated rules to the Agent. [Customize the rules][5] by defining how each rule monitors process, network, and file activity, [create custom rules][6], and [set up real-time notifications](#set-up-real-time-notifications) for new signals. diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index 5369c2569ed81..57bb6fc4f73aa 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -28,7 +28,7 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and ## CSM Threats rules construction -CSM Threats rules consist of two different components: Agent rules and threat detection rules. +Workload Protection Threats rules consist of two different components: Agent rules and threat detection rules. - **Agent rules:** [Agent rules][9] are evaluated on the Agent host. CSM Threats first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

@@ -58,7 +58,7 @@ CSM Threats rules consist of two different components: Agent rules and threat de ### CSM Threats rules pipeline -CSM Threats uses the following pipeline when evaluating events: +Workload Protection Threats uses the following pipeline when evaluating events: 1. The Agent rules evaluate system activity on the Agent host. 2. When activity matches an Agent rule expression, the Agent generates a detection event and passes it to the Datadog backend. @@ -72,7 +72,7 @@ The following diagram illustrates this pipeline: ### Saving resources by design -CSM Threats detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. +Workload Protection Threats detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. Datadog solves this problem by keeping the Agent lightweight with only a few rules, and processes most rules using the threat detection rules on the Datadog backend. diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index c5749602bf837..f46e05ac1ca7f 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -103,7 +103,7 @@ You can create custom rules using these methods: ## Create the custom Agent and detection rules together -CSM custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. +Workload Protection custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. ## Create the custom Agent and detection rules together From 4cc824fc3c63b5c9f741e87afa3ad3ae9dff70d2 Mon Sep 17 00:00:00 2001 From: Michael Cretzman Date: Wed, 9 Apr 2025 17:40:02 -0700 Subject: [PATCH 04/28] Revert "names changed" This reverts commit 9f12f1540a090dc7955a87a08d279fdcaa76f750. --- config/_default/menus/main.en.yaml | 10 +-- .../account_management/audit_trail/events.md | 65 +++++++------------ .../billing/product_allotments.md | 4 +- .../en/agent/configuration/dual-shipping.md | 4 +- content/en/agent/remote_config/_index.md | 4 +- content/en/all_guides.md | 4 +- .../en/api/v1/usage-metering/examples.json | 6 +- .../en/containers/kubernetes/installation.md | 2 +- content/en/data_security/_index.md | 2 +- .../data-collection-resolution-retention.md | 4 +- content/en/getting_started/_index.md | 4 +- .../en/getting_started/devsecops/_index.md | 10 +-- .../en/getting_started/integrations/aws.md | 4 +- .../integrations/google_cloud.md | 6 +- content/en/getting_started/security/_index.md | 2 +- .../security/application_security.md | 6 +- .../security/cloud_security_management.md | 10 +-- content/en/glossary/terms/resource.md | 2 +- .../glossary/terms/security_posture_score.md | 2 +- .../containers/container_images.md | 8 +-- .../infrastructure/resource_catalog/_index.md | 8 +-- .../guide/aws-organizations-setup.md | 4 +- .../azure-architecture-and-configuration.md | 2 +- .../integrations/guide/azure-manual-setup.md | 2 +- content/en/integrations/guide/azure-portal.md | 4 +- .../network_analytics.md | 2 +- content/en/opentelemetry/compatibility.md | 2 +- .../instrument/api_support/_index.md | 2 +- .../setup/otlp_ingest_in_the_agent.md | 2 +- content/en/security/_index.md | 8 +-- content/en/security/access_control.md | 2 +- .../security/account_takeover_protection.md | 8 +-- .../security/application_security/_index.md | 18 ++--- .../application_security/guide/_index.md | 4 +- .../guide/manage_account_theft_appsec.md | 10 +-- .../application_security/how-appsec-works.md | 2 +- .../application_security/serverless/_index.md | 6 +- .../application_security/threats/_index.md | 6 +- .../threats/add-user-info.md | 2 +- .../threats/attacker-explorer.md | 2 +- .../threats/attacker_clustering.md | 2 +- .../threats/attacker_fingerprint.md | 2 +- .../threats/custom_rules.md | 8 +-- .../threats/exploit-prevention.md | 8 +-- .../threats/inapp_waf_rules.md | 6 +- .../threats/library_configuration.md | 8 +-- .../threats/protection.md | 6 +- .../threats/security_signals.md | 6 +- .../threats/setup/compatibility/_index.md | 4 +- .../compatibility/gcp-service-extensions.md | 2 +- .../threats/setup/threat_detection/_index.md | 8 +-- .../threats/setup/threat_detection/dotnet.md | 4 +- .../threats/setup/threat_detection/envoy.md | 4 +- .../gcp-service-extensions.md | 6 +- .../threats/setup/threat_detection/go.md | 4 +- .../threats/setup/threat_detection/java.md | 4 +- .../threats/setup/threat_detection/nginx.md | 4 +- .../threats/setup/threat_detection/nodejs.md | 6 +- .../threats/setup/threat_detection/php.md | 4 +- .../threats/setup/threat_detection/python.md | 4 +- .../threats/setup/threat_detection/ruby.md | 4 +- .../threats/threat-intelligence.md | 6 +- .../threats/trace_qualification.md | 8 +-- .../application_security/troubleshooting.md | 22 +++---- content/en/security/audit_trail.md | 6 +- .../cloud_security_management/_index.md | 22 ++++--- .../cloud_security_management/guide/_index.md | 8 +-- .../guide/agent_variables.md | 4 +- .../guide/custom-rules-guidelines.md | 2 +- .../guide/eBPF-free-agent.md | 2 +- .../guide/public-accessibility-logic.md | 2 +- .../guide/resource_evaluation_filters.md | 12 ++-- .../guide/tuning-rules.md | 2 +- .../cloud_security_management/iac_scanning.md | 2 +- .../identity_risks/_index.md | 10 +-- .../misconfigurations/_index.md | 8 +-- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/findings/_index.md | 2 +- .../custom_frameworks.md | 2 +- .../misconfigurations/kspm.md | 2 +- .../misconfigurations/signals_explorer.md | 2 +- .../review_remediate/_index.md | 4 +- .../review_remediate/jira.md | 6 +- .../review_remediate/mute_issues.md | 2 +- .../review_remediate/workflows.md | 4 +- .../cloud_security_management/setup/_index.md | 20 +++--- .../setup/agent/_index.md | 4 +- .../setup/agent/docker.md | 2 +- .../setup/agent/ecs_ec2.md | 2 +- .../setup/agent/kubernetes.md | 2 +- .../setup/agent/linux.md | 2 +- .../setup/agent/windows.md | 2 +- .../setup/agentless_scanning/_index.md | 12 ++-- .../agentless_scanning/deployment_methods.md | 2 +- .../setup/agentless_scanning/enable.md | 42 ++++++------ .../setup/cloud_integrations.md | 8 +-- .../setup/cloudtrail_logs.md | 2 +- .../setup/iac_remediation.md | 6 +- .../setup/iac_scanning/_index.md | 6 +- .../iac_scanning/iac_scanning_exclusions.md | 2 +- .../without_infrastructure_monitoring.md | 8 +-- .../severity_scoring.md | 2 +- .../troubleshooting/_index.md | 6 +- .../troubleshooting/threats.md | 6 +- .../troubleshooting/vulnerabilities.md | 4 +- .../vulnerabilities/_index.md | 8 +-- .../hosts_containers_compatibility.md | 4 +- content/en/security/cloud_siem/_index.md | 2 +- .../signal_correlation_rules.md | 2 +- .../cloud_siem/entities_and_risk_scoring.md | 2 +- ...p-security-filters-using-cloud-siem-api.md | 2 +- .../iast/setup/compatibility/_index.md | 4 +- content/en/security/default_rules/_index.md | 4 +- content/en/security/detection_rules/_index.md | 14 ++-- .../guide/aws_fargate_config_guide.md | 14 ++-- content/en/security/notifications/_index.md | 4 +- content/en/security/notifications/rules.md | 4 +- .../en/security/notifications/variables.md | 6 +- content/en/security/security_inbox.md | 10 +-- .../security/sensitive_data_scanner/_index.md | 2 +- .../investigate_sensitive_data_issues.md | 2 +- .../setup/cloud_storage.md | 2 +- content/en/security/suppressions.md | 2 +- content/en/security/threat_intelligence.md | 2 +- content/en/security/threats/_index.md | 8 +-- content/en/security/threats/agent.md | 2 +- .../threats/investigate_agent_events.md | 2 +- .../en/security/threats/security_signals.md | 6 +- .../threats/supported_linux_distributions.md | 4 +- .../threats/workload_security_rules/_index.md | 2 +- .../workload_security_rules/custom_rules.md | 12 ++-- .../upcoming_changes_notification_rules.md | 2 +- content/en/serverless/aws_lambda/_index.md | 2 +- .../en/serverless/aws_lambda/configuration.md | 2 +- .../aws_lambda/installation/dotnet.md | 2 +- .../serverless/aws_lambda/installation/go.md | 2 +- .../aws_lambda/installation/java.md | 2 +- .../aws_lambda/installation/nodejs.md | 2 +- .../aws_lambda/installation/python.md | 2 +- .../aws_lambda/installation/ruby.md | 2 +- .../aws_lambda/securing_functions.md | 8 +-- .../azure_app_services_windows.md | 2 +- .../incident_management/declare.md | 6 +- content/en/software_catalog/navigating.md | 2 +- .../en/software_catalog/use_cases/_index.md | 2 +- .../use_cases/appsec_management.md | 2 +- .../tracing/configure_data_security/_index.md | 2 +- .../dd_libraries/go.md | 2 +- .../trace_collection/library_config/nodejs.md | 2 +- .../en/tracing/trace_explorer/trace_view.md | 2 +- .../trace_pipeline/ingestion_mechanisms.md | 2 +- .../tracing/trace_pipeline/trace_retention.md | 2 +- 152 files changed, 402 insertions(+), 417 deletions(-) diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index 7bfd3a7c37fcf..636eee3c1c41c 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -155,12 +155,12 @@ menu: url: getting_started/security/ parent: getting_started weight: 17 - - name: App & API Protection + - name: Application Security Management identifier: getting_started_application_security url: getting_started/security/application_security parent: getting_started_security weight: 1701 - - name: Workload Protection + - name: Cloud Security Management identifier: getting_started_cloud_security_management url: getting_started/security/cloud_security_management/ parent: getting_started_security @@ -2034,7 +2034,7 @@ menu: parent: software_catalog_use_cases identifier: software_catalog_use_cases_cloud_cost_management weight: 402 - - name: App & API Protection + - name: Application Security Management url: software_catalog/use_cases/appsec_management parent: software_catalog_use_cases identifier: software_catalog_use_cases_appsec_management @@ -6132,7 +6132,7 @@ menu: parent: cloud_siem identifier: siem_guides weight: 10 - - name: Workload Protection + - name: Cloud Security Management url: security/cloud_security_management parent: security_platform_heading pre: cloud-security-management @@ -6358,7 +6358,7 @@ menu: parent: csm_troubleshooting identifier: csm_troubleshooting_vulnerabilities weight: 1202 - - name: App & API Protection + - name: Application Security Management url: security/application_security/ parent: security_platform_heading pre: app-sec diff --git a/content/en/account_management/audit_trail/events.md b/content/en/account_management/audit_trail/events.md index 53bb662c31d23..8bb61e86ce4bb 100644 --- a/content/en/account_management/audit_trail/events.md +++ b/content/en/account_management/audit_trail/events.md @@ -27,46 +27,29 @@ further_reading: - [Teams management](#teams-management-events) #### Product-Specific Events -- [Overview](#overview) - - [Platform Events](#platform-events) - - [Product-Specific Events](#product-specific-events) -- [Audit Events](#audit-events) - - [Access management events](#access-management-events) - - [Agent](#agent) - - [API request events](#api-request-events) - - [App Builder events](#app-builder-events) - - [Application Performance Monitoring (APM) events](#application-performance-monitoring-apm-events) - - [App & API Protection](#app-and-api-protection) - - [Audit Trail events](#audit-trail-events) - - [Authentication events](#authentication-events) - - [CI Visibility events](#ci-visibility-events) - - [Quality Gates events](#quality-gates-events) - - [Cloud Security Platform events](#cloud-security-platform-events) - - [Dashboard events](#dashboard-events) - - [Dynamic Instrumentation events](#dynamic-instrumentation-events) - - [Error Tracking events](#error-tracking-events) - - [Integration events](#integration-events) - - [Log Management events](#log-management-events) - - [Metrics events](#metrics-events) - - [Monitor events](#monitor-events) - - [Notebook events](#notebook-events) - - [OAuth events](#oauth-events) - - [Organization management events](#organization-management-events) - - [Real User Monitoring events](#real-user-monitoring-events) - - [Security Notification events](#security-notification-events) - - [Sensitive Data Scanner events](#sensitive-data-scanner-events) - - [Service Level Objectives (SLO) events](#service-level-objectives-slo-events) - - [Synthetic Monitoring events](#synthetic-monitoring-events) - - [Reference Table events](#reference-table-events) - - [Teams Management events](#teams-management-events) - - [Test Optimization events](#test-optimization-events) - - [Workflow events](#workflow-events) - - [App Datastore](#app-datastore) - - [Event Management](#event-management) - - [Private Action Runners](#private-action-runners) - - [Observability Pipelines](#observability-pipelines) - - [On-Call](#on-call) -- [Further Reading](#further-reading) +- [App Builder](#app-builder-events) +- [Application Performance Monitoring (APM)](#application-performance-monitoring-apm-events) +- [Application Security Management (ASM)](#application-security-management) +- [Audit Trail](#audit-trail-events) +- [CI Visibility](#ci-visibility-events) +- [Quality Gates](#quality-gates-events) +- [Cloud Security Platform](#cloud-security-platform-events) +- [Dynamic Instrumentation](#dynamic-instrumentation-events) +- [Error Tracking](#error-tracking-events) +- [Log Management](#log-management-events) +- [Metrics](#metrics-events) +- [Real User Monitoring](#real-user-monitoring-events) +- [Security Notification events](#security-notification-events) +- [Sensitive Data Scanner](#sensitive-data-scanner-events) +- [Service Level Objectives](#service-level-objectives-slo-events) +- [Synthetic Monitoring](#synthetic-monitoring-events) +- [Reference Tables](#reference-table-events) +- [Workflows](#workflow-events) +- [App Datastore](#app-datastore) +- [Event Management](#event-management) +- [Private Action Runners](#private-action-runners) +- [Observability Pipelines](#observability-pipelines) +- [On-Call](#on-call) See the [Audit Trail documentation][2] for more information on setting up and configuring Audit Trail. @@ -127,7 +110,7 @@ See the [Audit Trail documentation][2] for more information on setting up and co | [Sampling rates remotely configured][27] | A user remotely configured the APM sampling rates. | `@evt.name:APM @asset.type:samplerconfig` | | [Saved view][112] | A user created, modified, or deleted a saved view. | `@evt.name:APM @action:(created OR modified OR deleted) @asset.type:saved_view` | -### App & API Protection +### Application Security Management {{% audit-trail-asm %}} diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index aea72ece806f1..bdc0c748f2b62 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Workload Protection | N/A | Sum | +| CSM Enterprise Containers | Cloud Security Management (CSM) | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | @@ -150,7 +150,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | APM Ingested Spans | APM, APM Pro, APM Enterprise
Serverless APM, Legacy - Serverless Invocations
Legacy - Serverless Functions
Fargate Task (APM Pro), Fargate Task (APM Enterprise) | Sum | Sum | | DBM Normalized Queries | Database Monitoring (DBM) | Average | Average | | Data Streams Monitoring | APM Pro, APM Enterprise | HWMP | Sum | -| CSPM Workflow Executions | Workload Protection Pro, Workload Protection Enterprise | Sum | Sum | +| CSPM Workflow Executions | Cloud Security Management Pro, Cloud Security Management Enterprise | Sum | Sum | | Fargate Task (Continuous Profiler) | Fargate Task (APM Enterprise) | Average | N/A | [1]: https://www.datadoghq.com/pricing/list/ diff --git a/content/en/agent/configuration/dual-shipping.md b/content/en/agent/configuration/dual-shipping.md index f8abb621df45f..61655031be72a 100644 --- a/content/en/agent/configuration/dual-shipping.md +++ b/content/en/agent/configuration/dual-shipping.md @@ -361,7 +361,7 @@ DD_NETWORK_PATH_FORWARDER_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", \"Ho {{% agent-dual-shipping %}} -## Workload Protection Misconfigurations +## Cloud Security Management Misconfigurations ### YAML configuration @@ -386,7 +386,7 @@ DD_COMPLIANCE_CONFIG_ENDPOINTS_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", {{% agent-dual-shipping %}} -## Workload Protection Threats +## Cloud Security Management Threats ### YAML configuration In `datadog.yaml`: diff --git a/content/en/agent/remote_config/_index.md b/content/en/agent/remote_config/_index.md index 8b1b64178ab3c..323f456b7f2ac 100644 --- a/content/en/agent/remote_config/_index.md +++ b/content/en/agent/remote_config/_index.md @@ -30,7 +30,7 @@ algolia: ## Overview Remote Configuration is a Datadog capability that allows you to remotely configure and change the behavior of Datadog components (for example, Agents, tracing libraries, and Observability Pipelines Worker) deployed in your infrastructure, for select product features. Use Remote Configuration to apply configurations to Datadog components in your environment on demand, decreasing management costs, reducing friction between teams, and accelerating issue resolution times. -For Datadog security products, App & API Protection and Workload Protection Threats (CSM Threats), Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. +For Datadog security products, Application Security Management and Cloud Security Management Threats (CSM Threats), Remote Configuration-enabled Agents and compatible tracing libraries provide real-time security updates and responses, enhancing security posture for your applications and cloud infrastructure. ## How it works When Remote Configuration is enabled on the Datadog Agent, it periodically polls the configured [Datadog site][1], to determine whether there are configuration changes to apply to your Remote Configuration-enabled Agents or tracing libraries. @@ -68,7 +68,7 @@ The following products and features are supported with Remote Configuration: ### Fleet Automation **[Send flares][27] directly from the Datadog site**. Seamlessly troubleshoot the Datadog Agent without directly accessing the host. -### App & API Protection (AAP) +### Application Security Management (ASM) - **1-click ASM activation**: Enable ASM in 1-click from the Datadog UI. - **In-App attack patterns updates**: Receive the newest Web Application Firewall (WAF) attack patterns automatically as Datadog releases them, following newly disclosed vulnerabilities or attack vectors. diff --git a/content/en/all_guides.md b/content/en/all_guides.md index d61f4062098d0..dcc8093de201a 100644 --- a/content/en/all_guides.md +++ b/content/en/all_guides.md @@ -44,8 +44,8 @@ Guides in the Datadog documentation are pages that provide background knowledge, {{< whatsnext desc="Security:">}} {{< nextlink href="/security/cloud_siem/guide" >}}    Cloud SIEM{{< /nextlink >}} -{{< nextlink href="/security/cloud_security_management/guide" >}}    Workload Protection{{< /nextlink >}} -{{< nextlink href="/security/application_security/guide" >}}    App & API Protection{{< /nextlink >}} +{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security Management{{< /nextlink >}} +{{< nextlink href="/security/application_security/guide" >}}    Application Security Management{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Digital Experience:">}} diff --git a/content/en/api/v1/usage-metering/examples.json b/content/en/api/v1/usage-metering/examples.json index c63384ca6937d..8713cc548ef4c 100644 --- a/content/en/api/v1/usage-metering/examples.json +++ b/content/en/api/v1/usage-metering/examples.json @@ -1283,7 +1283,7 @@ } ] }, - "html": "
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get hourly usage for Workload Protection Pro.

\n
\n
\n
\n
\n
\n

aas_host_count

\n
\n

double

\n

The number of Workload Protection Pro Azure app services hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_count

\n
\n

double

\n

The number of Workload Protection Pro AWS hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_count

\n
\n

double

\n

The number of Workload Protection Pro Azure hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

compliance_host_count

\n
\n

double

\n

The number of Workload Protection Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

container_count

\n
\n

double

\n

The total number of Workload Protection Pro containers during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_count

\n
\n

double

\n

The number of Workload Protection Pro GCP hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

host_count

\n
\n

double

\n

The total number of Workload Protection Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

hour

\n
\n

date-time

\n

The hour for the usage.

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get hourly usage for Cloud Security Management Pro.

\n
\n
\n
\n
\n
\n

aas_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro Azure app services hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro AWS hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro Azure hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

compliance_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

container_count

\n
\n

double

\n

The total number of Cloud Security Management Pro containers during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_count

\n
\n

double

\n

The number of Cloud Security Management Pro GCP hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

host_count

\n
\n

double

\n

The total number of Cloud Security Management Pro hosts during a given hour.

\n
\n \n
\n
\n
\n
\n
\n

hour

\n
\n

date-time

\n

The hour for the usage.

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
" }, "400": { "json": { @@ -2076,7 +2076,7 @@ } ] }, - "html": "
\n
\n
\n
\n

metadata

\n
\n

object

\n

The object containing document metadata.

\n
\n
\n
\n
\n
\n

aggregates

\n
\n

[object]

\n

An array of available aggregates.

\n
\n
\n
\n
\n
\n

agg_type

\n
\n

string

\n

The aggregate type.

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field.

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

double

\n

The value for a given field.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

pagination

\n
\n

object

\n

The metadata for the current pagination.

\n
\n
\n
\n
\n
\n

next_record_id

\n
\n

string

\n

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the next_record_id.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get usage summary by tag(s).

\n
\n
\n
\n
\n
\n

month

\n
\n

date-time

\n

Datetime in ISO-8601 format, UTC, precise to month: [YYYY-MM].

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The name of the organization.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the Datadog instance that the organization belongs to.

\n
\n \n
\n
\n
\n
\n
\n

tag_config_source

\n
\n

string

\n

The source of the usage attribution tag configuration and the selected tags in the format <source_org_name>:::<selected tag 1>///<selected tag 2>///<selected tag 3>.

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

object

\n

Tag keys and values.

\n

A null value here means that the requested tag breakdown cannot be applied because it does not match the tags\nconfigured for usage attribution.\nIn this scenario the API returns the total usage, not broken down by tags.

\n
\n
\n
\n
\n
\n

<any-key>

\n
\n

[string]

\n

A list of values that are associated with each tag key.

\n
    \n
  • An empty list means the resource use wasn't tagged with the respective tag.
    • \n
  • Multiple values means the respective tag was applied multiple times on the resource.
    • \n
  • An <empty> value means the resource was tagged with the respective tag but did not have a value.
    • \n
\n
\n \n
\n
\n
\n
\n
\n
\n
\n

updated_at

\n
\n

date-time

\n

Datetime of the most recent update to the usage values.

\n
\n \n
\n
\n
\n
\n
\n

values

\n
\n

object

\n

Fields in Usage Summary by tag(s).

\n
\n
\n
\n
\n
\n

api_percentage

\n
\n

double

\n

The percentage of synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

api_usage

\n
\n

double

\n

The synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_percentage

\n
\n

double

\n

The percentage of APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_usage

\n
\n

double

\n

The APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_percentage

\n
\n

double

\n

The percentage of APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_usage

\n
\n

double

\n

The APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_percentage

\n
\n

double

\n

The percentage of APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_usage

\n
\n

double

\n

The APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_usage

\n
\n

double

\n

The Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_usage

\n
\n

double

\n

The Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_usage

\n
\n

double

\n

The Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_percentage

\n
\n

double

\n

The percentage of synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_usage

\n
\n

double

\n

The synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_usage

\n
\n

double

\n

The total CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_usage

\n
\n

double

\n

The total CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_percentage

\n
\n

double

\n

The percentage of Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_usage

\n
\n

double

\n

The Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_percentage

\n
\n

double

\n

The percentage of Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_usage

\n
\n

double

\n

The Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_percentage

\n
\n

double

\n

The percentage of Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_usage

\n
\n

double

\n

The Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_percentage

\n
\n

double

\n

The percentage of container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_usage

\n
\n

double

\n

The container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_percentage

\n
\n

double

\n

The percentage of container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_usage

\n
\n

double

\n

The container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_percentage

\n
\n

double

\n

The percentage of Workload Protection Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_usage

\n
\n

double

\n

The Workload Protection Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_percentage

\n
\n

double

\n

The percentage of Workload Protection Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_usage

\n
\n

double

\n

The Workload Protection Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_percentage

\n
\n

double

\n

The percentage of Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_usage

\n
\n

double

\n

The total Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_percentage

\n
\n

double

\n

The percentage of ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_usage

\n
\n

double

\n

The ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_percentage

\n
\n

double

\n

The percentage of indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_usage

\n
\n

double

\n

The indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_usage

\n
\n

double

\n

The Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_usage

\n
\n

double

\n

The Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_usage

\n
\n

double

\n

The Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_usage

\n
\n

double

\n

The Data Jobs Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_stream_monitoring_usage

\n
\n

double

\n

The Data Stream Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_percentage

\n
\n

double

\n

The percentage of Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_usage

\n
\n

double

\n

The Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_percentage

\n
\n

double

\n

The percentage of Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_usage

\n
\n

double

\n

The Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_percentage

\n
\n

double

\n

The percentage of error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_usage

\n
\n

double

\n

The error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_percentage

\n
\n

double

\n

The percentage of estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_usage

\n
\n

double

\n

The estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_percentage

\n
\n

double

\n

The percentage of estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_usage

\n
\n

double

\n

The estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

fargate_percentage

\n
\n

double

\n

The percentage of Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

fargate_usage

\n
\n

double

\n

The Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

functions_percentage

\n
\n

double

\n

The percentage of Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

functions_usage

\n
\n

double

\n

The Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_percentage

\n
\n

double

\n

The percentage of Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_usage

\n
\n

double

\n

The Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_percentage

\n
\n

double

\n

The percentage of APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_usage

\n
\n

double

\n

The total APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_percentage

\n
\n

double

\n

The percentage of infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_usage

\n
\n

double

\n

The infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_percentage

\n
\n

double

\n

The percentage of Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_usage

\n
\n

double

\n

The total Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_percentage

\n
\n

double

\n

The percentage of APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_usage

\n
\n

double

\n

The total APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_percentage

\n
\n

double

\n

The percentage of Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_usage

\n
\n

double

\n

The Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_percentage

\n
\n

double

\n

The percentage of Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_usage

\n
\n

double

\n

The Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_usage

\n
\n

double

\n

The total Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_usage

\n
\n

double

\n

The total Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_usage

\n
\n

double

\n

The total Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_usage

\n
\n

double

\n

The total Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_usage

\n
\n

double

\n

The total Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_usage

\n
\n

double

\n

The total Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_usage

\n
\n

double

\n

The total Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_usage

\n
\n

double

\n

The total Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_usage

\n
\n

double

\n

The total Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_usage

\n
\n

double

\n

The total Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_percentage

\n
\n

double

\n

The percentage of Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_usage

\n
\n

double

\n

The total Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_percentage

\n
\n

double

\n

The percentage of Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_usage

\n
\n

double

\n

The Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_percentage

\n
\n

double

\n

The percentage of Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_usage

\n
\n

double

\n

The Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_percentage

\n
\n

double

\n

The percentage of network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_usage

\n
\n

double

\n

The network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_percentage

\n
\n

double

\n

The percentage of observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_usage

\n
\n

double

\n

The observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_percentage

\n
\n

double

\n

The percentage of observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_usage

\n
\n

double

\n

The observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_percentage

\n
\n

double

\n

The percentage of online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_usage

\n
\n

double

\n

The online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_percentage

\n
\n

double

\n

The percentage of profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_usage

\n
\n

double

\n

The profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_percentage

\n
\n

double

\n

The percentage of profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_usage

\n
\n

double

\n

The profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_percentage

\n
\n

double

\n

The percentage of profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_usage

\n
\n

double

\n

The profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_percentage

\n
\n

double

\n

The percentage of RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_usage

\n
\n

double

\n

The total RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_percentage

\n
\n

double

\n

The percentage of RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_usage

\n
\n

double

\n

The total RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_percentage

\n
\n

double

\n

The percentage of Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_usage

\n
\n

double

\n

The total Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_percentage

\n
\n

double

\n

The percentage of Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_usage

\n
\n

double

\n

The total Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_percentage

\n
\n

double

\n

The percentage of Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_usage

\n
\n

double

\n

The total Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_percentage

\n
\n

double

\n

The percentage of log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_usage

\n
\n

double

\n

The log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_percentage

\n
\n

double

\n

The percentage of SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_usage

\n
\n

double

\n

The total SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_percentage

\n
\n

double

\n

The percentage of network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_usage

\n
\n

double

\n

The network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_percentage

\n
\n

double

\n

The percentage of universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_usage

\n
\n

double

\n

The universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_percentage

\n
\n

double

\n

The percentage of Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_usage

\n
\n

double

\n

The Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_percentage

\n
\n

double

\n

The percentage of workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage

\n
\n

double

\n

The total workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n
" + "html": "
\n
\n
\n
\n

metadata

\n
\n

object

\n

The object containing document metadata.

\n
\n
\n
\n
\n
\n

aggregates

\n
\n

[object]

\n

An array of available aggregates.

\n
\n
\n
\n
\n
\n

agg_type

\n
\n

string

\n

The aggregate type.

\n
\n \n
\n
\n
\n
\n
\n

field

\n
\n

string

\n

The field.

\n
\n \n
\n
\n
\n
\n
\n

value

\n
\n

double

\n

The value for a given field.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

pagination

\n
\n

object

\n

The metadata for the current pagination.

\n
\n
\n
\n
\n
\n

next_record_id

\n
\n

string

\n

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the next_record_id.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Get usage summary by tag(s).

\n
\n
\n
\n
\n
\n

month

\n
\n

date-time

\n

Datetime in ISO-8601 format, UTC, precise to month: [YYYY-MM].

\n
\n \n
\n
\n
\n
\n
\n

org_name

\n
\n

string

\n

The name of the organization.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public ID.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the Datadog instance that the organization belongs to.

\n
\n \n
\n
\n
\n
\n
\n

tag_config_source

\n
\n

string

\n

The source of the usage attribution tag configuration and the selected tags in the format <source_org_name>:::<selected tag 1>///<selected tag 2>///<selected tag 3>.

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

object

\n

Tag keys and values.

\n

A null value here means that the requested tag breakdown cannot be applied because it does not match the tags\nconfigured for usage attribution.\nIn this scenario the API returns the total usage, not broken down by tags.

\n
\n
\n
\n
\n
\n

<any-key>

\n
\n

[string]

\n

A list of values that are associated with each tag key.

\n
    \n
  • An empty list means the resource use wasn't tagged with the respective tag.
    • \n
  • Multiple values means the respective tag was applied multiple times on the resource.
    • \n
  • An <empty> value means the resource was tagged with the respective tag but did not have a value.
    • \n
\n
\n \n
\n
\n
\n
\n
\n
\n
\n

updated_at

\n
\n

date-time

\n

Datetime of the most recent update to the usage values.

\n
\n \n
\n
\n
\n
\n
\n

values

\n
\n

object

\n

Fields in Usage Summary by tag(s).

\n
\n
\n
\n
\n
\n

api_percentage

\n
\n

double

\n

The percentage of synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

api_usage

\n
\n

double

\n

The synthetic API test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_percentage

\n
\n

double

\n

The percentage of APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_usage

\n
\n

double

\n

The APM ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_percentage

\n
\n

double

\n

The percentage of APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_host_usage

\n
\n

double

\n

The APM host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_percentage

\n
\n

double

\n

The percentage of APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

apm_usm_usage

\n
\n

double

\n

The APM and Universal Service Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_usage

\n
\n

double

\n

The Application Security Monitoring ECS Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

appsec_usage

\n
\n

double

\n

The Application Security Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_percentage

\n
\n

double

\n

The percentage of Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_traced_invocations_usage

\n
\n

double

\n

The Application Security Monitoring Serverless traced invocations usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_percentage

\n
\n

double

\n

The percentage of synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

browser_usage

\n
\n

double

\n

The synthetic browser test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_usage

\n
\n

double

\n

The total CI Pipeline Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_percentage

\n
\n

double

\n

The percentage of CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_usage

\n
\n

double

\n

The total CI Test Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_percentage

\n
\n

double

\n

The percentage of Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_usage

\n
\n

double

\n

The Git committers for Intelligent Test Runner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_percentage

\n
\n

double

\n

The percentage of Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_usage

\n
\n

double

\n

The Cloud Security Information and Event Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_percentage

\n
\n

double

\n

The percentage of Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_usage

\n
\n

double

\n

The Code Security host usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_percentage

\n
\n

double

\n

The percentage of container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_usage

\n
\n

double

\n

The container usage without the Datadog Agent by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_percentage

\n
\n

double

\n

The percentage of container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

container_usage

\n
\n

double

\n

The container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_percentage

\n
\n

double

\n

The percentage of Cloud Security Management Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_containers_usage

\n
\n

double

\n

The Cloud Security Management Pro container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Security Management Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cspm_hosts_usage

\n
\n

double

\n

The Cloud Security Management Pro host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_percentage

\n
\n

double

\n

The percentage of Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_event_usage

\n
\n

double

\n

The total Custom Events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_percentage

\n
\n

double

\n

The percentage of ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_ingested_timeseries_usage

\n
\n

double

\n

The ingested custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_percentage

\n
\n

double

\n

The percentage of indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

custom_timeseries_usage

\n
\n

double

\n

The indexed custom metrics usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_containers_usage

\n
\n

double

\n

The Cloud Workload Security container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_usage

\n
\n

double

\n

The Cloud Workload Security Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_percentage

\n
\n

double

\n

The percentage of Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

cws_hosts_usage

\n
\n

double

\n

The Cloud Workload Security host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_usage

\n
\n

double

\n

The Data Jobs Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

data_stream_monitoring_usage

\n
\n

double

\n

The Data Stream Monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_percentage

\n
\n

double

\n

The percentage of Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_hosts_usage

\n
\n

double

\n

The Database Monitoring host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_percentage

\n
\n

double

\n

The percentage of Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_usage

\n
\n

double

\n

The Database Monitoring queries usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_percentage

\n
\n

double

\n

The percentage of error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_usage

\n
\n

double

\n

The error tracking events usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_percentage

\n
\n

double

\n

The percentage of estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_indexed_spans_usage

\n
\n

double

\n

The estimated indexed spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_percentage

\n
\n

double

\n

The percentage of estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

estimated_ingested_spans_usage

\n
\n

double

\n

The estimated ingested spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

fargate_percentage

\n
\n

double

\n

The percentage of Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

fargate_usage

\n
\n

double

\n

The Fargate usage by tags.

\n
\n \n
\n
\n
\n
\n
\n

functions_percentage

\n
\n

double

\n

The percentage of Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

functions_usage

\n
\n

double

\n

The Lambda function usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_percentage

\n
\n

double

\n

The percentage of Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_usage

\n
\n

double

\n

The Incident Management monthly active users usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_percentage

\n
\n

double

\n

The percentage of APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

indexed_spans_usage

\n
\n

double

\n

The total APM Indexed Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_percentage

\n
\n

double

\n

The percentage of infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_usage

\n
\n

double

\n

The infrastructure host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_percentage

\n
\n

double

\n

The percentage of Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_logs_bytes_usage

\n
\n

double

\n

The total Ingested Logs usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_percentage

\n
\n

double

\n

The percentage of APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ingested_spans_bytes_usage

\n
\n

double

\n

The total APM Ingested Spans usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_percentage

\n
\n

double

\n

The percentage of Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

invocations_usage

\n
\n

double

\n

The Lambda invocation usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_percentage

\n
\n

double

\n

The percentage of Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

lambda_traced_invocations_usage

\n
\n

double

\n

The Serverless APM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_15day_usage

\n
\n

double

\n

The total Indexed Logs (15-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_180day_usage

\n
\n

double

\n

The total Indexed Logs (180-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_1day_usage

\n
\n

double

\n

The total Indexed Logs (1-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_30day_usage

\n
\n

double

\n

The total Indexed Logs (30-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_360day_usage

\n
\n

double

\n

The total Indexed Logs (360-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_3day_usage

\n
\n

double

\n

The total Indexed Logs (3-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_45day_usage

\n
\n

double

\n

The total Indexed Logs (45-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_60day_usage

\n
\n

double

\n

The total Indexed Logs (60-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_7day_usage

\n
\n

double

\n

The total Indexed Logs (7-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_percentage

\n
\n

double

\n

The percentage of Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_90day_usage

\n
\n

double

\n

The total Indexed Logs (90-day Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_percentage

\n
\n

double

\n

The percentage of Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

logs_indexed_custom_retention_usage

\n
\n

double

\n

The total Indexed Logs (Custom Retention) usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_percentage

\n
\n

double

\n

The percentage of Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

mobile_app_testing_usage

\n
\n

double

\n

The Synthetic mobile application test usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_percentage

\n
\n

double

\n

The percentage of Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_usage

\n
\n

double

\n

The Network Device Monitoring NetFlow usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_percentage

\n
\n

double

\n

The percentage of network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_usage

\n
\n

double

\n

The network host usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_percentage

\n
\n

double

\n

The percentage of observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipeline_bytes_usage

\n
\n

double

\n

The observability pipeline bytes usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_percentage

\n
\n

double

\n

The percentage of observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

obs_pipelines_vcpu_usage

\n
\n

double

\n

The observability pipeline per core usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_percentage

\n
\n

double

\n

The percentage of online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

online_archive_usage

\n
\n

double

\n

The online archive usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_percentage

\n
\n

double

\n

The percentage of profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_container_usage

\n
\n

double

\n

The profiled container usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_percentage

\n
\n

double

\n

The percentage of profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_fargate_usage

\n
\n

double

\n

The profiled Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_percentage

\n
\n

double

\n

The percentage of profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

profiled_host_usage

\n
\n

double

\n

The profiled hosts usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_percentage

\n
\n

double

\n

The percentage of RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_mobile_sessions_usage

\n
\n

double

\n

The total RUM Browser and Mobile usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_percentage

\n
\n

double

\n

The percentage of RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_sessions_usage

\n
\n

double

\n

The total RUM Session Replay usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_percentage

\n
\n

double

\n

The percentage of Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_usage

\n
\n

double

\n

The total Software Composition Analysis Fargate task usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_percentage

\n
\n

double

\n

The percentage of Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

sds_scanned_bytes_usage

\n
\n

double

\n

The total Sensitive Data Scanner usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_percentage

\n
\n

double

\n

The percentage of Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_usage

\n
\n

double

\n

The total Serverless Apps usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_percentage

\n
\n

double

\n

The percentage of log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_usage

\n
\n

double

\n

The log events analyzed by Cloud SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_percentage

\n
\n

double

\n

The percentage of SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

siem_ingested_bytes_usage

\n
\n

double

\n

The total SIEM usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_percentage

\n
\n

double

\n

The percentage of network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

snmp_usage

\n
\n

double

\n

The network device usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_percentage

\n
\n

double

\n

The percentage of universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_usage

\n
\n

double

\n

The universal service monitoring usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_percentage

\n
\n

double

\n

The percentage of Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_hosts_usage

\n
\n

double

\n

The Application Vulnerability Management usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_percentage

\n
\n

double

\n

The percentage of workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage

\n
\n

double

\n

The total workflow executions usage by tag(s).

\n
\n \n
\n
\n
\n
\n
\n
" }, "403": { "json": { @@ -3032,7 +3032,7 @@ "vuln_management_host_count_top99p_sum": "integer", "workflow_executions_usage_agg_sum": "integer" }, - "html": "
\n
\n
\n
\n

agent_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current month all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_agg_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm_sum

\n
\n

int64

\n

Shows the total number of organizations that had Audit Trail enabled over a specific number of months.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks_sum

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for AWS.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for Azure.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for GCP.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for all cloud providers.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg_sum

\n
\n

int64

\n

Shows the average of the containers without the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg_sum

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of Workload Protection Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_sum

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_sum

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_sum

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_agg_sum

\n
\n

int64

\n

Shows the sum of Data Jobs Monitoring hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring Normalized Queries over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

end_date

\n
\n

date-time

\n

Shows the last date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg_sum

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg_sum

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all logs forwarding bytes over all hours in the current month for all organizations (data available as of April 1, 2023)

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm_sum

\n
\n

int64

\n

Shows sum of the high-water marks of incident management monthly active users in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current month of all organizations.

\n
\n \n
\n
\n
\n
\n
\n

last_updated

\n
\n

date-time

\n

Shows the most recent hour in the current month for all organizations for which all usages were calculated.

\n
\n \n
\n
\n
\n
\n
\n

live_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all live logs indexed over all hours in the current month for all organization (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

live_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all live logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

logs_by_retention

\n
\n

object

\n

Object containing logs usage data broken down by retention period.

\n
\n
\n
\n
\n
\n

orgs

\n
\n

object

\n

Indexed logs usage summary for each organization for each retention period with usage.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage summary for each organization.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the organization.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Aggregated index logs usage for each retention period with usage.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

usage_by_month

\n
\n

object

\n

Object containing a summary of indexed logs usage by retention period for a single month.

\n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The month for the usage.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the month.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_agg_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_agg_sum

\n
\n

int64

\n

Shows the sum of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_agg_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_container_agent_count_avg

\n
\n

int64

\n

Shows the average number of profiled containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all rehydrated logs indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all rehydrated logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure and Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_agg_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

start_date

\n
\n

date-time

\n

Shows the first date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_agg_sum

\n
\n

int64

\n

Shows the sum of Synthetic mobile application tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of used synthetics parallel testing slots over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

An array of objects regarding hourly usage.

\n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of audit logs lines indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows the number of organizations that had Audit Trail enabled in the current date.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Workload Protection Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The date for the usage.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_count_avg

\n
\n

int64

\n

Shows the average of all normalized Database Monitoring queries over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

Shows the high-watermark of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all log events indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

orgs

\n
\n

[object]

\n

Organizations associated with a user.

\n
\n
\n
\n
\n
\n

account_name

\n
\n

string

\n

The account name.

\n
\n \n
\n
\n
\n
\n
\n

account_public_id

\n
\n

string

\n

The account public id.

\n
\n \n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows whether Audit Trail is enabled for the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for the given organization.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Workload Protection Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Workload Protection Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Workload Protection Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Workload Protection Pro hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_avg

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_avg

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring normalized queries over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

The average task count for Fargate.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the high-water mark of all Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The organization id.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public id.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the organization.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy Sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all universal service management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

vsphere_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_agg_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current month for all organizations.

\n
\n \n
\n
" + "html": "
\n
\n
\n
\n

agent_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current month all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_agg_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm_sum

\n
\n

int64

\n

Shows the total number of organizations that had Audit Trail enabled over a specific number of months.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks_sum

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_agg_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for AWS.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for Azure.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for GCP.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg_sum

\n
\n

int64

\n

Sum of the host count average for Cloud Cost Management for all cloud providers.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm_sum

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg_sum

\n
\n

int64

\n

Shows the average of the containers without the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all distinct containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg_sum

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of Cloud Security Management Pro containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_sum

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_sum

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_sum

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_agg_sum

\n
\n

int64

\n

Shows the sum of Data Jobs Monitoring hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring Normalized Queries over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

end_date

\n
\n

date-time

\n

Shows the last date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_agg_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg_sum

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg_sum

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Fargate tasks over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg_sum

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg_sum

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all logs forwarding bytes over all hours in the current month for all organizations (data available as of April 1, 2023)

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm_sum

\n
\n

int64

\n

Shows sum of the high-water marks of incident management monthly active users in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current month of all organizations.

\n
\n \n
\n
\n
\n
\n
\n

last_updated

\n
\n

date-time

\n

Shows the most recent hour in the current month for all organizations for which all usages were calculated.

\n
\n \n
\n
\n
\n
\n
\n

live_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all live logs indexed over all hours in the current month for all organization (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

live_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all live logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

logs_by_retention

\n
\n

object

\n

Object containing logs usage data broken down by retention period.

\n
\n
\n
\n
\n
\n

orgs

\n
\n

object

\n

Indexed logs usage summary for each organization for each retention period with usage.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage summary for each organization.

\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the organization.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Aggregated index logs usage for each retention period with usage.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_agg_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

usage_by_month

\n
\n

object

\n

Object containing a summary of indexed logs usage by retention period for a single month.

\n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The month for the usage.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

Indexed logs usage for each active retention for the month.

\n
\n
\n
\n
\n
\n

logs_indexed_logs_usage_sum

\n
\n

int64

\n

Total indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_live_indexed_logs_usage_sum

\n
\n

int64

\n

Live indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

logs_rehydrated_indexed_logs_usage_sum

\n
\n

int64

\n

Rehydrated indexed logs for this retention period.

\n
\n \n
\n
\n
\n
\n
\n

retention

\n
\n

string

\n

The retention period in days or "custom" for all custom retention periods.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_agg_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_agg_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_agg_sum

\n
\n

int64

\n

Shows the sum of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of Oracle Cloud Infrastructure hosts over all hours in the current months for all organizations

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_agg_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_container_agent_count_avg

\n
\n

int64

\n

Shows the average number of profiled containers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_indexed_events_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all rehydrated logs indexed over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rehydrated_ingested_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all rehydrated logs bytes ingested over all hours in the current month for all organizations (data available as of December 1, 2020).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_agg_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current month for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_agg_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_agg_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg_sum

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current months for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg_sum

\n
\n

int64

\n

Sum of the average number of Serverless Apps for Azure and Google Cloud in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_agg_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

start_date

\n
\n

date-time

\n

Shows the first date of usage in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_agg_sum

\n
\n

int64

\n

Shows the sum of Synthetic mobile application tests over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm_sum

\n
\n

int64

\n

Shows the sum of the high-water marks of used synthetics parallel testing slots over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_agg_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_agg_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

usage

\n
\n

[object]

\n

An array of objects regarding hourly usage.

\n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of audit logs lines indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows the number of organizations that had Audit Trail enabled in the current date.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the average of the number of functions that executed 1 or more times each hour in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given organization.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Cloud Security Management Pro containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

date

\n
\n

date-time

\n

The date for the usage.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_count_avg

\n
\n

int64

\n

Shows the average of all normalized Database Monitoring queries over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

Shows the high-watermark of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the average of all Fargate tasks over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all log events indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date all organizations.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

orgs

\n
\n

[object]

\n

Organizations associated with a user.

\n
\n
\n
\n
\n
\n

account_name

\n
\n

string

\n

The account name.

\n
\n \n
\n
\n
\n
\n
\n

account_public_id

\n
\n

string

\n

The account public id.

\n
\n \n
\n
\n
\n
\n
\n

agent_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all agent hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_azure_app_service_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services using APM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_devsecops_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all APM DevSecOps hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_fargate_count_avg

\n
\n

int64

\n

Shows the average of all APM ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct APM hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

appsec_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Application Security Monitoring ECS Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

asm_serverless_sum

\n
\n

int64

\n

Shows the sum of all Application Security Monitoring Serverless invocations over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

audit_logs_lines_indexed_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all audit logs lines indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

audit_trail_enabled_hwm

\n
\n

int64

\n

Shows whether Audit Trail is enabled for the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

avg_profiled_fargate_tasks

\n
\n

int64

\n

The average total count for Fargate Container Profiler over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_func_count

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

aws_lambda_invocations_sum

\n
\n

int64

\n

Shows the sum of all AWS Lambda invocations over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

azure_app_service_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Azure app services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

billable_ingested_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser replay sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

browser_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

ci_pipeline_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI pipeline indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_test_indexed_spans_sum

\n
\n

int64

\n

Shows the sum of all CI test indexed spans over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_itr_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility intelligent test runner committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_pipeline_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility pipeline committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ci_visibility_test_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all CI visibility test committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_aws_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for AWS for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_azure_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_gcp_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for GCP for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_cost_management_host_count_avg

\n
\n

int64

\n

Host count average of Cloud Cost Management for all cloud providers for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

cloud_siem_events_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Information and Event Management events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sa_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all Static Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_analysis_sca_committers_hwm

\n
\n

int64

\n

Shows the high-water mark of all static Software Composition Analysis committers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

code_security_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Code Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_avg

\n
\n

int64

\n

Shows the average of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

container_excl_agent_avg

\n
\n

int64

\n

Shows the average of containers without the Datadog Agent over all hours in the current date for the given organization.

\n
\n \n
\n
\n
\n
\n
\n

container_hwm

\n
\n

int64

\n

Shows the high-water mark of all distinct containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_compliance_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise compliance containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_cws_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_container_enterprise_total_count_sum

\n
\n

int64

\n

Shows the sum of all Cloud Security Management Enterprise containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aas_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_aws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_azure_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_compliance_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise compliance hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_cws_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_gcp_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

csm_host_enterprise_total_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Enterprise hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aas_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure app services hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_aws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro AWS hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_azure_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro Azure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_avg

\n
\n

int64

\n

Shows the average number of Cloud Security Management Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_container_hwm

\n
\n

int64

\n

Shows the high-water mark of Cloud Security Management Pro containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cspm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Security Management Pro hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_historical_ts_avg

\n
\n

int64

\n

Shows the average number of distinct historical custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_live_ts_avg

\n
\n

int64

\n

Shows the average number of distinct live custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

custom_ts_avg

\n
\n

int64

\n

Shows the average number of distinct custom metrics over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_container_count_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security containers over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_fargate_task_avg

\n
\n

int64

\n

Shows the average of all distinct Cloud Workload Security Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

cws_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Cloud Workload Security hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

data_jobs_monitoring_host_hr_sum

\n
\n

int64

\n

Shows the sum of all Data Jobs Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Database Monitoring hosts over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

dbm_queries_avg_sum

\n
\n

int64

\n

Shows the average of all distinct Database Monitoring normalized queries over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_agent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with the Datadog Agent over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_alibaba_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Alibaba over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_aws_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on AWS over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_azure_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Azure over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_ent_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Enterprise over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_gcp_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on GCP over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_heroku_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts on Heroku over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_aas_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only Azure App Services over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_only_vsphere_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts with only vSphere over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_apm_sum

\n
\n

int64

\n

Shows the sum of all ephemeral APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_opentelemetry_sum

\n
\n

int64

\n

Shows the sum of all ephemeral hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_pro_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

eph_infra_host_proplus_sum

\n
\n

int64

\n

Shows the sum of all ephemeral infrastructure hosts for Pro Plus over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_apm_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking APM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

error_tracking_rum_error_events_sum

\n
\n

int64

\n

Shows the sum of all Error Tracking RUM error events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_avg

\n
\n

int64

\n

The average number of Profiling Fargate tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_container_profiler_profiling_fargate_eks_avg

\n
\n

int64

\n

The average number of Profiling Fargate Elastic Kubernetes Service tasks over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_avg

\n
\n

int64

\n

The average task count for Fargate.

\n
\n \n
\n
\n
\n
\n
\n

fargate_tasks_count_hwm

\n
\n

int64

\n

Shows the high-water mark of all Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_large_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Large Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_medium_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Medium Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_small_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_compute_xsmall_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Compute Extra Small Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_index_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Index Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_logs_starter_storage_retention_adjustment_avg

\n
\n

int64

\n

Shows the average number of Flex Logs Starter Storage Retention Adjustment Instances over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

flex_stored_logs_avg

\n
\n

int64

\n

Shows the average of all Flex Stored Logs over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

forwarding_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes forwarded over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

gcp_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all GCP hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

heroku_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Heroku dynos over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The organization id.

\n
\n \n
\n
\n
\n
\n
\n

incident_management_monthly_active_users_hwm

\n
\n

int64

\n

Shows the high-water mark of incident management monthly active users over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all log events indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

infra_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all log bytes ingested over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_agg_sum

\n
\n

int64

\n

Shows the sum of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

iot_device_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all IoT devices over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_lite_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_android_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Android over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_flutter_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Flutter over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_ios_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on iOS over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_reactnative_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on React Native over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_roku_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions on Roku over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

mobile_rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The organization name.

\n
\n \n
\n
\n
\n
\n
\n

ndm_netflow_events_sum

\n
\n

int64

\n

Shows the sum of all Network Device Monitoring NetFlow events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

netflow_indexed_events_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all Network flows indexed over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

npm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all distinct Cloud Network Monitoring hosts (formerly known as Network hosts) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

observability_pipelines_bytes_processed_sum

\n
\n

int64

\n

Sum of all observability pipelines bytes processed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_sum

\n
\n

int64

\n

Shows the sum of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

oci_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Oracle Cloud Infrastructure hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

online_archive_events_count_sum

\n
\n

int64

\n

Sum of all online archived events over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_apm_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of APM hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

opentelemetry_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all hosts reported by the Datadog exporter for the OpenTelemetry Collector over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

public_id

\n
\n

string

\n

The organization public id.

\n
\n \n
\n
\n
\n
\n
\n

region

\n
\n

string

\n

The region of the organization.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for the given org (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for the given org (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for the given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Universal Service Monitoring hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

profiling_aas_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled Azure app services over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

profiling_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all profiled hosts over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_and_mobile_session_count

\n
\n

int64

\n

Shows the sum of all mobile sessions and all browser lite and legacy sessions over all hours in the current month for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_legacy_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM legacy sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_browser_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all browser RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_lite_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM lite sessions (browser and mobile) over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy Sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_legacy_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM legacy sessions on Roku over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Android over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_flutter_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Flutter over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on iOS over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on React Native over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_roku_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Roku over all hours within the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_lite_session_count_unity_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM lite sessions on Unity over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_android_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Android over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_ios_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on iOS over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_kotlinmultiplatform_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on Kotlin Multiplatform over all hours within the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_mobile_replay_session_count_reactnative_sum

\n
\n

int64

\n

Shows the sum of all mobile RUM replay sessions on React Native over all hours within the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

rum_replay_session_count_sum

\n
\n

int64

\n

Shows the sum of all RUM Session Replay counts over all hours in the current date for all organizations (To be introduced on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_session_count_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser RUM lite sessions over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

rum_total_session_count_sum

\n
\n

int64

\n

Shows the sum of RUM sessions (browser and mobile) over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

rum_units_sum

\n
\n

int64

\n

DEPRECATED: Shows the sum of all browser and mobile RUM units over all hours in the current date for all organizations (To be deprecated on October 1st, 2024).

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_avg

\n
\n

int64

\n

Shows the average of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sca_fargate_count_hwm

\n
\n

int64

\n

Shows the sum of the high-water marks of all Software Composition Analysis Fargate tasks over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

sds_apm_scanned_bytes_sum

\n
\n

int64

\n

Sum of all APM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_events_scanned_bytes_sum

\n
\n

int64

\n

Sum of all event stream events bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_logs_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned of logs usage by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_rum_scanned_bytes_sum

\n
\n

int64

\n

Sum of all RUM bytes scanned with sensitive data scanner over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

sds_total_scanned_bytes_sum

\n
\n

int64

\n

Shows the sum of all bytes scanned across all usage types by the Sensitive Data Scanner over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_azure_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_google_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

serverless_apps_total_count_avg

\n
\n

int64

\n

Shows the average of the number of Serverless Apps for Azure and Google Cloud for the given date and given org.

\n
\n \n
\n
\n
\n
\n
\n

siem_analyzed_logs_add_on_count_sum

\n
\n

int64

\n

Shows the sum of all log events analyzed by Cloud SIEM over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_browser_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic browser tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_check_calls_count_sum

\n
\n

int64

\n

Shows the sum of all Synthetic API tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_mobile_test_runs_sum

\n
\n

int64

\n

Shows the sum of all Synthetic mobile application tests over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

synthetics_parallel_testing_max_slots_hwm

\n
\n

int64

\n

Shows the high-water mark of used synthetics parallel testing slots over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

trace_search_indexed_events_count_sum

\n
\n

int64

\n

Shows the sum of all Indexed Spans indexed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

twol_ingested_events_bytes_sum

\n
\n

int64

\n

Shows the sum of all ingested APM span bytes over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

universal_service_monitoring_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all universal service management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

vsphere_host_top99p

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current date for the given org.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current date for all organizations.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

vsphere_host_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all vSphere hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

vuln_management_host_count_top99p_sum

\n
\n

int64

\n

Shows the 99th percentile of all Application Vulnerability Management hosts over all hours in the current month for all organizations.

\n
\n \n
\n
\n
\n
\n
\n

workflow_executions_usage_agg_sum

\n
\n

int64

\n

Sum of all workflows executed over all hours in the current month for all organizations.

\n
\n \n
\n
" }, "400": { "json": { diff --git a/content/en/containers/kubernetes/installation.md b/content/en/containers/kubernetes/installation.md index fee0fcd488abf..3faaf564f6c99 100644 --- a/content/en/containers/kubernetes/installation.md +++ b/content/en/containers/kubernetes/installation.md @@ -293,7 +293,7 @@ helm uninstall datadog-agent ### Monitor your infrastructure in Datadog Use the [Containers][13] page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see [Containers View][14]. -Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Workload Protection][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. +Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security Management][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. The [Kubernetes][21] section features an overview of all your Kubernetes resources. [Orchestrator Explorer][22] allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The [Resource Utilization][23] page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see [Orchestrator Explorer][24] and [Kubernetes Resource Utilization][25]. diff --git a/content/en/data_security/_index.md b/content/en/data_security/_index.md index 02af251eedc97..bb276d720c66f 100644 --- a/content/en/data_security/_index.md +++ b/content/en/data_security/_index.md @@ -86,7 +86,7 @@ The Datadog tracing libraries are used to instrument your applications, services - Application Performance Monitoring (APM) - Continuous Profiler - CI Visibility -- App & API Protection +- Application Security Management For detailed information about how tracing-library sourced data is managed, default basic security settings, and custom obfuscating, scrubbing, excluding, and modifying of trace-related elements, read [Configuring Agent and Tracer for trace data security][18]. diff --git a/content/en/developers/guide/data-collection-resolution-retention.md b/content/en/developers/guide/data-collection-resolution-retention.md index 889b1c1754162..a340ed0b8feef 100644 --- a/content/en/developers/guide/data-collection-resolution-retention.md +++ b/content/en/developers/guide/data-collection-resolution-retention.md @@ -30,8 +30,8 @@ Find below a summary of Datadog data [collection][1], [resolution][2], and reten | Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | 15 months | | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | 15 months | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | 15 months | -| Workload Protection | Findings | Datadog Workload Protection Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | -| CSM Threats | Signals | Datadog Workload Protection Threats | Real time | 1 ms | 15 months | +| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | +| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 ms | 15 months | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | 15 months | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | 15 days | | DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | 15 months | diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index e175fce555f8c..2fca7185e5b99 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -120,8 +120,8 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/synthetics" >}}Synthetic Monitoring: Start testing and monitoring your API endpoints and key business journeys with Synthetic tests.{{< /nextlink >}} {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} -{{< nextlink href="/getting_started/application_security" >}}App & API Protection: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} -{{< nextlink href="/getting_started/cloud_security_management" >}}Workload Protection: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} +{{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} +{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security Management: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} {{< nextlink href="/getting_started/ci_visibility" >}}CI Visibility: Collect CI pipeline data by setting up integrations with your CI providers.{{< /nextlink >}} diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index 391f8474ee0a9..d6b5339508aab 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -6,7 +6,7 @@ This guide introduces the Infrastructure Monitoring DevSecOps bundles, with link ## Infrastructure DevSecOps -The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Workload Protection][3]. +The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security Management (CSM)][3]. {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} @@ -23,7 +23,7 @@ To get started with Infrastructure DevSecOps Pro, [install and configure the Dat After you install the Agent, configure CSM Pro for your environment. -- [Workload Protection Pro][6] +- [Cloud Security Management Pro][6] ### Next steps @@ -34,7 +34,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: - [Host and Container Maps][9]: Visualize your hosts and containers - [Live Containers][10]: Gain real-time visibility into all containers across your environment - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless applications -- [Workload Protection][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security Management][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ @@ -64,7 +64,7 @@ To get started with Infrastructure DevSecOps Enterprise, [install and configure After you install the Agent, configure CSM Enterprise for your environment. -- [Workload Protection Enterprise][8] +- [Cloud Security Management Enterprise][8] ### Next steps @@ -78,7 +78,7 @@ Learn more about the features included with Infrastructure DevSecOps Enterprise: - [Live Processes][14]: Gain real-time visibility into the process running on your infrastructure - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless - [Watchdog][15]: Automatically detect potential application and infrastructure issues -- [Workload Protection][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security Management][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ diff --git a/content/en/getting_started/integrations/aws.md b/content/en/getting_started/integrations/aws.md index 252ac34242ec7..9dfdb5f22c452 100644 --- a/content/en/getting_started/integrations/aws.md +++ b/content/en/getting_started/integrations/aws.md @@ -114,7 +114,7 @@ Before getting started, ensure you have the following prerequisites: a. Select the AWS regions to integrate with. b. Add your Datadog [API key][9]. c. Optionally, send logs and other data to Datadog with the [Datadog Forwarder Lambda][1]. - d. Optionally, enable [Workload Protection Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + d. Optionally, enable [Cloud Security Management Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. 5. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack. All the parameters are filled in based on your selections in the prior Datadog form, so you do not need to edit those unless desired. **Note:** The `DatadogAppKey` parameter enables the CloudFormation stack to make API calls to Datadog to add and edit the Datadog configuration for this AWS account. The key is automatically generated and tied to your Datadog account. @@ -208,7 +208,7 @@ Additionally, you can use [Watchdog][49], an algorithmic feature for APM perform Review [Getting Started with Cloud SIEM][50] to evaluate your logs against the out-of-the-box [Log Detection Rules][51]. These rules are customizable, and when threats are detected, they generate security signals which can be accessed on the [Security Signals Explorer][52]. To ensure that the correct team is notified, use [Notification Rules][53] to configure notification preferences across multiple rules. -#### Workload Protection Misconfigurations +#### Cloud Security Management Misconfigurations Use the [Setting Up CSM Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index 8a642b0c60166..967240d379d7e 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -272,10 +272,10 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo {{< img src="integrations/google_cloud_platform/security_findings.png" alt="The security findings tab in the Google Cloud integration tile" style="width:90%;" >}} -### Workload Protection +### Cloud Security Management -Datadog Workload Protection delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. -Check out the [Setting up Workload Protection guide][49] to get started. +Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. +Check out the [Setting up Cloud Security Management guide][49] to get started. After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. diff --git a/content/en/getting_started/security/_index.md b/content/en/getting_started/security/_index.md index e87ee3cec4aa7..72ea4a0d562e4 100644 --- a/content/en/getting_started/security/_index.md +++ b/content/en/getting_started/security/_index.md @@ -4,7 +4,7 @@ title: Getting Started with Security {{< whatsnext desc=" " >}} {{< nextlink href="getting_started/security/application_security" tag="documentation" >}}Getting Started with Application Security{{< /nextlink >}} - {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Workload Protection{{< /nextlink >}} + {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security Management{{< /nextlink >}} {{< nextlink href="getting_started/security/cloud_siem" tag="documentation" >}}Getting Started with Cloud SIEM{{< /nextlink >}} {{< nextlink href="getting_started/code_security" tag="documentation" >}}Getting Started with Code Security{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/getting_started/security/application_security.md b/content/en/getting_started/security/application_security.md index 668e4b404b99d..4930ded86c752 100644 --- a/content/en/getting_started/security/application_security.md +++ b/content/en/getting_started/security/application_security.md @@ -1,5 +1,5 @@ --- -title: Getting Started with App & API Protection +title: Getting Started with Application Security Management aliases: - /security/security_monitoring/getting_started/ - /getting_started/application_security @@ -9,7 +9,7 @@ further_reading: text: "Application Security terms and concepts" - link: "/security/application_security/how-appsec-works" tag: "Documentation" - text: "How App & API Protection works" + text: "How Application Security Management works" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -20,7 +20,7 @@ further_reading: ## Overview -Datadog App & API Protection (AAP) helps secure your web applications and APIs in production. +Datadog Application Security Management (ASM) helps secure your web applications and APIs in production. - With threat detection, Datadog provides real-time protection against attacks and attackers targeting code-level vulnerabilities. - With [Code Security][28], Datadog detects code and library vulnerabilities in your repositories and your running services, providing end-to-end visibility from development to production. diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 52a78f767aaad..6a141f0d53b39 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -1,11 +1,11 @@ --- -title: Getting Started with Workload Protection +title: Getting Started with Cloud Security Management aliases: - /getting_started/cloud_security_management further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Workload Protection" + text: "Cloud Security Management" - link: "/infrastructure/resource_catalog/schema/" tag: "Documentation" text: "Cloud Resources Schema Reference" @@ -20,10 +20,10 @@ further_reading: text: "How we detect and notify users about leaked Datadog credentials" - link: "https://www.datadoghq.com/blog/security-posture-csm/" tag: "Blog" - text: "Report on changes to your security posture with Workload Protection" + text: "Report on changes to your security posture with Cloud Security Management" - link: "https://www.datadoghq.com/blog/agentless-scanning/" tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Workload Protection" + text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -34,7 +34,7 @@ further_reading: ## Overview -[Datadog Workload Protection][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +[Datadog Cloud Security Management][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. diff --git a/content/en/glossary/terms/resource.md b/content/en/glossary/terms/resource.md index 606c0a1016821..e18414965a8c0 100644 --- a/content/en/glossary/terms/resource.md +++ b/content/en/glossary/terms/resource.md @@ -6,4 +6,4 @@ core_product: --- 1. In APM, a resource is a particular domain of an application, typically an instrumented web endpoint, database query, or background job. 2. In RUM, a resource is a type of event. A resource event is generated for images, XHR, Fetch, CSS, or JS libraries loaded on a page. -3. In Workload Protection Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file +3. In Cloud Security Management Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file diff --git a/content/en/glossary/terms/security_posture_score.md b/content/en/glossary/terms/security_posture_score.md index 114a845e37ec2..0ea060ace1d06 100644 --- a/content/en/glossary/terms/security_posture_score.md +++ b/content/en/glossary/terms/security_posture_score.md @@ -10,7 +10,7 @@ core_product: {{< jqmath-vanilla >}} -Available for [Workload Protection Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. +Available for [Cloud Security Management Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. **Formula**: diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index 3af7c01f164fd..334b251b2f817 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -6,18 +6,18 @@ further_reading: text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" - link: "/security/cloud_security_management/vulnerabilities" tag: "Documentation" - text: "Workload Protection Vulnerabilities" + text: "Cloud Security Management Vulnerabilities" - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" text: "Enable SBOM collection in CSM Vulnerabilities" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities/" tag: "Documentation" - text: "Troubleshooting Workload Protection Vulnerabilities" + text: "Troubleshooting Cloud Security Management Vulnerabilities" --- ## Overview -The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Workload Protection][2] (CSM) to help you streamline your security efforts. +The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security Management][2] (CSM) to help you streamline your security efforts. {{< img src="security/vulnerabilities/container_images.png" alt="The container images view highlighting vulnerabilities and container column sort feature" width="100%">}} @@ -35,7 +35,7 @@ To enable live container collection, see the [containers][3] documentation. It p ### Image collection -Datadog collects container image metadata to provide enhanced debugging context for related containers and [Workload Protection][8] (CSM) vulnerabilities. +Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security Management][8] (CSM) vulnerabilities. #### Enable container image collection diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 842b749b4f07a..0d59b14b7922d 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -8,10 +8,10 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Workload Protection Misconfigurations" + text: "Cloud Security Management Misconfigurations" - link: "/security/threats/" tag: "Documentation" - text: "Workload Protection Threats" + text: "Cloud Security Management Threats" - link: "https://www.datadoghq.com/blog/datadog-resource-catalog/" tag: "Blog" text: "Govern your infrastructure resources with the Datadog Resource Catalog" @@ -54,13 +54,13 @@ Resource Catalog leverages Datadog cloud integrations and the Datadog Agent to g ## Setup -By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Workload Protection][1] for each cloud account. +By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security Management][1] for each cloud account. {{< img src="/infrastructure/resource_catalog/resource-catalog-doc-img-2.png" alt="The Resource Catalog configuration page for extending resource collection" width="100%">}} **Note**: - Extending resource collection does _not_ incur additional costs. The Resource Catalog is a free product for Infrastructure Monitoring customers. -- Enabling Workload Protection automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. +- Enabling Cloud Security Management automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. ## Browse the Resource Catalog diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index f0130a8cea2be..27fc1425d96fd 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -32,7 +32,7 @@ The Datadog CloudFormation StackSet performs the following steps: 1. Deploys the Datadog AWS CloudFormation Stack in every account under an AWS Organization or Organizational Unit. 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. -4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Workload Protection Misconfigurations (CSM Misconfigurations) specific use cases. +4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Management Misconfigurations (CSM Misconfigurations) specific use cases. 5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -60,7 +60,7 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - Select your Datadog APP key on Datadog AWS integration configuration page and use it in the `DatadogAppKey` parameter in the StackSet. - *Optionally:* - a. Enable [Workload Protection Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + a. Enable [Cloud Security Management Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. 3. **Configure StackSet options** diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index e11bd3ebaac4b..463c1fb4dceb7 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -117,7 +117,7 @@ The implications of restricting access below the Monitoring Reader role are: - Partial or total loss of monitoring data - Partial or total loss of metadata in the form of tags on your resource metrics - - Partial or total loss of data for [Workload Protection Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] + - Partial or total loss of data for [Cloud Security Management Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] - Partial or total loss of Datadog-generated metrics The implications of restricting or omitting the Azure AD roles are: diff --git a/content/en/integrations/guide/azure-manual-setup.md b/content/en/integrations/guide/azure-manual-setup.md index 7d62943373936..968ea1f3cafb5 100644 --- a/content/en/integrations/guide/azure-manual-setup.md +++ b/content/en/integrations/guide/azure-manual-setup.md @@ -172,7 +172,7 @@ A form to create a new app registration is displayed: **Note**: If you've selected to monitor individual subscriptions rather than a management group, select the subscriptions to monitor from the **Subscriptions to monitor** dropdown. -13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Workload Protection][17]. +13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security Management][17]. 14. Click **Review + create**, then click **Create**. diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index 2d9a093f2fb26..f3161c2c7d145 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -298,9 +298,9 @@ The Azure portal provides a read-only view of the API keys. To manage the keys, The Azure Datadog integration allows you to install the Datadog Agent on a VM or app service. If there is no default key selected, a Datadog Agent installation fails. -### Workload Protection Misconfigurations +### Cloud Security Management Misconfigurations -Select `Cloud Security Posture Management` in the left sidebar to configure [Workload Protection Misconfigurations (CSM Misconfigurations)][8]. +Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Management Misconfigurations (CSM Misconfigurations)][8]. By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. diff --git a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md index 033e77c6a78c5..e6c3f69b790b5 100644 --- a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md +++ b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md @@ -380,7 +380,7 @@ The top of the sidepanel displays common client and server tags shared by the in ### Security -The **Security** tab highlights potential network threats and findings detected by [Workload Protection Threats][6] and [Workload Protection Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. +The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. ## Further Reading diff --git a/content/en/opentelemetry/compatibility.md b/content/en/opentelemetry/compatibility.md index a5a17c8629883..679b8a0b9b771 100644 --- a/content/en/opentelemetry/compatibility.md +++ b/content/en/opentelemetry/compatibility.md @@ -46,7 +46,7 @@ The following table shows Datadog feature compatibility across different setups: | [Live Container Monitoring/Kubernetes Explorer][20] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Live Processes][16] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Universal Service Monitoring][17] (USM) | |{{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | -| [App & API Protection][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | +| [Application Security Management][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Continuous Profiler][12] | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Jobs Monitoring][13] (DJM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Streams Monitoring][15] (DSM) | {{< tooltip text="N/A" tooltip="OTel does not offer DSM functionality" >}}| | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | diff --git a/content/en/opentelemetry/instrument/api_support/_index.md b/content/en/opentelemetry/instrument/api_support/_index.md index e9e41f46bddd1..d29280e2e9bc7 100644 --- a/content/en/opentelemetry/instrument/api_support/_index.md +++ b/content/en/opentelemetry/instrument/api_support/_index.md @@ -31,7 +31,7 @@ By [instrumenting your code with OpenTelemetry APIs][2], your code: - Remains free of vendor-specific API calls. - Does not depend on Datadog tracing libraries at compile time (only runtime). -Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [App & API Protection][5], and [Live Processes][6]. +Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [Application Security Management][5], and [Live Processes][6]. To learn more, follow the link for your language: diff --git a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md index 139ca240f9550..da98290ea1920 100644 --- a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md +++ b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md @@ -21,7 +21,7 @@ further_reading: OTLP Ingest in the Agent is a way to send telemetry data directly from applications instrumented with [OpenTelemetry SDKs][1] to Datadog Agent. Since versions 6.32.0 and 7.32.0, the Datadog Agent can ingest OTLP traces and [OTLP metrics][2] through gRPC or HTTP. Since versions 6.48.0 and 7.48.0, the Datadog Agent can ingest OTLP logs through gRPC or HTTP. -OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as App & API Protection, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. +OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as Application Security Management, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. {{< img src="/opentelemetry/setup/dd-agent-otlp-ingest.png" alt="Diagram: OpenTelemetry SDK sends data through OTLP protocol to a Collector with Datadog Exporter, which forwards to Datadog's platform." style="width:100%;" >}} diff --git a/content/en/security/_index.md b/content/en/security/_index.md index cee6cc1b098ab..f29e6a7f2bf25 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -87,7 +87,7 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Workload Protection](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security Management](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. ## Application Security @@ -106,13 +106,13 @@ In addition to threat detection, Datadog provides end-to-end code and library vu {{< img src="security/security_monitoring/cloud_siem_overview_2.png" alt="The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends" width="100%">}} -## Workload Protection +## Cloud Security Management -[Workload Protection][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. +[Cloud Security Management (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. Workload Protection includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues" width="100%">}} To get started with Datadog Security, navigate to the [**Security** > **Setup**][9] page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform. diff --git a/content/en/security/access_control.md b/content/en/security/access_control.md index 483418850b3a0..0bc804e995a3f 100644 --- a/content/en/security/access_control.md +++ b/content/en/security/access_control.md @@ -8,7 +8,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec further_reading: diff --git a/content/en/security/account_takeover_protection.md b/content/en/security/account_takeover_protection.md index 13121dab4fab8..d8e072482231c 100644 --- a/content/en/security/account_takeover_protection.md +++ b/content/en/security/account_takeover_protection.md @@ -10,10 +10,10 @@ further_reading: text: "User Monitoring and Protection" - link: "security/application_security/guide/" tag: "Documentation" - text: "App & API Protection Guides" + text: "Application Security Management Guides" --- -AAP provides account takeover (ATO) protection to detect and mitigate account takeover attacks. +ASM provides account takeover (ATO) protection to detect and mitigate account takeover attacks. ATO protection has the following benefits: @@ -54,7 +54,7 @@ Brute force ## Setting up ATO detection and prevention -AAP provides managed detections of ATO attacks. +ASM provides managed detections of ATO attacks. Effective ATO detection and prevention requires the following: @@ -95,7 +95,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Review your first detection -AAP highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. +ASM highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. {{An Account Takeover signal showing different highlighted areas of interest}} diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md index 68318575cdd46..4811cff838d5e 100644 --- a/content/en/security/application_security/_index.md +++ b/content/en/security/application_security/_index.md @@ -1,5 +1,5 @@ --- -title: App & API Protection +title: Application Security Management description: Monitor threats targeting production system, leveraging the execution context provided by distributed traces. aliases: - /security_platform/application_security @@ -10,7 +10,7 @@ aliases: further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How App & API Protection Works" + text: "How Application Security Management Works" - link: "/security/application_security/threats/" tag: "Documentation" text: "Threat Management" @@ -19,7 +19,7 @@ further_reading: text: "Software Composition Analysis" - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/" tag: "Product Page" - text: "Datadog App & API Protection" + text: "Datadog Application Security Management" - link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" tag: "Blog" text: "Secure serverless applications with Datadog ASM" @@ -28,10 +28,10 @@ further_reading: text: "Gain visibility into risks, vulnerabilities, and attacks with APM Security View" - link: "https://www.datadoghq.com/blog/block-attackers-application-security-management-datadog/" tag: "Blog" - text: "Block attackers in your apps and APIs with Datadog App & API Protection" + text: "Block attackers in your apps and APIs with Datadog Application Security Management" - link: "https://www.datadoghq.com/blog/threat-modeling-datadog-application-security-management/" tag: "Blog" - text: "Threat modeling with Datadog App & API Protection" + text: "Threat modeling with Datadog Application Security Management" - link: "https://www.datadoghq.com/blog/aws-waf-datadog/" tag: "Blog" text: "Monitor AWS WAF activity with Datadog" @@ -46,14 +46,14 @@ algolia: --- {{< site-region region="gov" >}} -
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}} -Datadog App & API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. +Datadog Application Security Management (ASM) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. -AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. +ASM leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats. @@ -65,7 +65,7 @@ Until you fully remediate the potential vulnerabilities in your application code ## Understanding how application security is implemented in Datadog -If you're curious how App & API Protection is structured and how it uses tracing data to identify security problems, read [How App & API Protection Works][3]. +If you're curious how Application Security Management is structured and how it uses tracing data to identify security problems, read [How Application Security Management Works][3]. ## Configure your environment diff --git a/content/en/security/application_security/guide/_index.md b/content/en/security/application_security/guide/_index.md index 0a7b31e2922ff..797fde0fafce7 100644 --- a/content/en/security/application_security/guide/_index.md +++ b/content/en/security/application_security/guide/_index.md @@ -1,11 +1,11 @@ --- -title: App & API Protection Guides +title: Application Security Management Guides private: true disable_toc: true --- {{< whatsnext desc="Getting Started" >}} - {{< nextlink href="/getting_started/application_security/" >}}First steps with App & API Protection{{< /nextlink >}} + {{< nextlink href="/getting_started/application_security/" >}}First steps with Application Security Management{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Advanced Topics" >}} diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md index b6984c51e5810..d51550b47138e 100644 --- a/content/en/security/application_security/guide/manage_account_theft_appsec.md +++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md @@ -5,7 +5,7 @@ disable_toc: false Users are trusted entities in your systems with access to sensitive information and the ability to perform sensitive actions. Malicious actors have identified users as an opportunity to target websites and steal valuable data and resources. -Datadog App & API Protection (AAP) provides [built-in][1] detection and protection capabilities to help you manage this threat. +Datadog Application Security Management (ASM) provides [built-in][1] detection and protection capabilities to help you manage this threat. This guide describes how to use ASM to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: @@ -108,7 +108,7 @@ In the event of a **false** user (`usr.exists:false`), look for the following is ### Step 1.5: Manually instrumenting your services -AAP collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained. +ASM collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained.
For an alternative to modifying the service's code, go to Step 1.6: Remote instrumentation of your services.
@@ -124,7 +124,7 @@ To manually instrument your services, do the following: ### Step 1.6: Remote instrumentation of your services -AAP can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. +ASM can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. This approach requires that [Remote Configuration][11] is enabled and working. Verify Remote Configuration is running for this service in [Remote Configuration][12]. @@ -152,7 +152,7 @@ After setting up instrumentation for your services, ASM monitors for attack camp -AAP detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. +ASM detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. The severity of the signal is set based on the urgency of the threat: from **Low** in case of unsuccessful attacks to **Critical** in case of successful account compromises. @@ -192,7 +192,7 @@ In microservice environments, services are generally reached by internal hosts r
Before you begin: Verify that the IP addresses are properly configured, as described in Step 2.2: Validate proper data propagation.
-AAP automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. +ASM automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. You can configure automatic blocking to block IPs identified as part of an attack. This is only a partial remediation because attackers can change IPs; however, it can give you more time to implement comprehensive remediation. diff --git a/content/en/security/application_security/how-appsec-works.md b/content/en/security/application_security/how-appsec-works.md index ee9e486106f0f..fa548f15c8b42 100644 --- a/content/en/security/application_security/how-appsec-works.md +++ b/content/en/security/application_security/how-appsec-works.md @@ -11,7 +11,7 @@ further_reading: --- {{< site-region region="gov" >}} -
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index 9eed2f25d9e74..c22ccd1e541bb 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -9,10 +9,10 @@ further_reading: text: "How Application Security Works" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" - link: "/security/application_security/threats/" tag: "Documentation" text: "Application Threat Management" @@ -1002,7 +1002,7 @@ Download the [`datadog_wrapper`][8] file from the releases and upload it to your ## Testing threat detection -To see App & API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: +To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: ```sh curl -A 'dd-test-scanner-log' https://your-function-url/existing-route ``` diff --git a/content/en/security/application_security/threats/_index.md b/content/en/security/application_security/threats/_index.md index 5b1fd4d13e99f..bd583c3e74349 100644 --- a/content/en/security/application_security/threats/_index.md +++ b/content/en/security/application_security/threats/_index.md @@ -16,10 +16,10 @@ further_reading: --- {{< site-region region="gov" >}} -
App & API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} -Datadog's App & API Protection (AAP) Threat Management protects web applications and APIs from a wide range of security threats, including: +Datadog's Application Security Management (ASM) Threat Management protects web applications and APIs from a wide range of security threats, including: - Exploit attempts - Application abuse and fraud @@ -27,7 +27,7 @@ Datadog's App & API Protection (AAP) Threat Management protects web applications Integrated into the Datadog platform, ASM Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. -AAP Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. +ASM Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. ## Use cases diff --git a/content/en/security/application_security/threats/add-user-info.md b/content/en/security/application_security/threats/add-user-info.md index a4ffa2ca7a556..2f06fc6ee9720 100644 --- a/content/en/security/application_security/threats/add-user-info.md +++ b/content/en/security/application_security/threats/add-user-info.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" diff --git a/content/en/security/application_security/threats/attacker-explorer.md b/content/en/security/application_security/threats/attacker-explorer.md index 830da261b7db0..2d929dc0370af 100644 --- a/content/en/security/application_security/threats/attacker-explorer.md +++ b/content/en/security/application_security/threats/attacker-explorer.md @@ -11,7 +11,7 @@ This topic describes how to use **Attacker Explorer** to investigate and block F ## Overview -Datadog App & API Protection (AAP) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. +Datadog Application Security Management (ASM) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. ### Definitions diff --git a/content/en/security/application_security/threats/attacker_clustering.md b/content/en/security/application_security/threats/attacker_clustering.md index 45408fd6b7a17..b95d6a86728db 100644 --- a/content/en/security/application_security/threats/attacker_clustering.md +++ b/content/en/security/application_security/threats/attacker_clustering.md @@ -22,7 +22,7 @@ further_reading: ## Overview -Attacker Clustering improves distributed attack blocking. Datadog App & API Protection (AAP) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. +Attacker Clustering improves distributed attack blocking. Datadog Application Security Management (ASM) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. Attacker clustering highlights a set of common attributes shared by a significant portion of traffic and suggests blocking based on those attributes. diff --git a/content/en/security/application_security/threats/attacker_fingerprint.md b/content/en/security/application_security/threats/attacker_fingerprint.md index b32f7acc41acd..7b699545cdf7b 100644 --- a/content/en/security/application_security/threats/attacker_fingerprint.md +++ b/content/en/security/application_security/threats/attacker_fingerprint.md @@ -11,7 +11,7 @@ This topic describes a feature called **Datadog Attacker Fingerprint** to identi ## Overview -Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when App & API Protection (AAP) is enabled on your service. +Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when Application Security Management (ASM) is enabled on your service. Datadog Attacker fingerprints are composed of several fragments: * Endpoint Identifier diff --git a/content/en/security/application_security/threats/custom_rules.md b/content/en/security/application_security/threats/custom_rules.md index bec718bd7b8a7..cd4848d0f2b8f 100644 --- a/content/en/security/application_security/threats/custom_rules.md +++ b/content/en/security/application_security/threats/custom_rules.md @@ -6,13 +6,13 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" - link: "/security/application_security/event_rules/" tag: "Documentation" text: "Creating event rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog App & API Protection issues" + text: "Troubleshoot common Datadog Application Security Management issues" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" @@ -23,7 +23,7 @@ further_reading: ## Overview -App & API Protection (AAP) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. +Application Security Management (ASM) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. However, there are situations where you may want to customize a rule based on your environment or workload. For example, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. @@ -33,7 +33,7 @@ In these situations, a custom detection rule can be created to exclude such even ## Business logic abuse detection rule -AAP offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. +ASM offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. Recent Datadog Tracing Libraries attempt to detect and send user login and signup events automatically without needing to modify the code. If needed, you can [opt out of the automatic user activity event tracking][8]. diff --git a/content/en/security/application_security/threats/exploit-prevention.md b/content/en/security/application_security/threats/exploit-prevention.md index 887c15edfaea6..46eefc69c6338 100644 --- a/content/en/security/application_security/threats/exploit-prevention.md +++ b/content/en/security/application_security/threats/exploit-prevention.md @@ -4,7 +4,7 @@ disable_toc: false further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -38,19 +38,19 @@ Combine telemetry from the Datadog tracer with predefined heuristics to detect a An attacker tricks the server into making unauthorized requests to internal systems or external servers, potentially leaking information or a further exploitation. -AAP Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. +ASM Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. ### Example 2: Local file inclusion An attacker exploits a vulnerable parameter to include local files from the server, potentially exposing sensitive data like configuration files or possibly enabling remote code execution. -AAP Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. +ASM Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. ### Example 3: SQL injection An attacker injects malicious SQL code into a query, potentially gaining unauthorized access to the database, manipulating data, or executing administrative operations. -AAP Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. +ASM Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. ## Prerequisites diff --git a/content/en/security/application_security/threats/inapp_waf_rules.md b/content/en/security/application_security/threats/inapp_waf_rules.md index 8e3ca17eff4d5..c7e2613748967 100644 --- a/content/en/security/application_security/threats/inapp_waf_rules.md +++ b/content/en/security/application_security/threats/inapp_waf_rules.md @@ -7,18 +7,18 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" - link: "/security/application_security/custom_rules/" tag: "Documentation" text: "Writing custom detection rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog App & API Protection issues" + text: "Troubleshoot common Datadog Application Security Management issues" --- ## Overview -With App & API Protection (AAP) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. +With Application Security Management (ASM) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box ASM In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. diff --git a/content/en/security/application_security/threats/library_configuration.md b/content/en/security/application_security/threats/library_configuration.md index 04f983ba4e52f..c5901cda19814 100644 --- a/content/en/security/application_security/threats/library_configuration.md +++ b/content/en/security/application_security/threats/library_configuration.md @@ -7,10 +7,10 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog App & API Protection" + text: "Protect against Threats with Datadog Application Security Management" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "Out-of-the-Box App & API Protection Rules" + text: "Out-of-the-Box Application Security Management Rules" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Adding user information to traces" @@ -19,13 +19,13 @@ further_reading: text: "Troubleshooting ASM" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How App & API Protection Works in Datadog" + text: "How Application Security Management Works in Datadog" --- ## Configuring a client IP header -AAP automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. +ASM automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. ## Track authenticated bad actors diff --git a/content/en/security/application_security/threats/protection.md b/content/en/security/application_security/threats/protection.md index 6e07e9baaa0d2..401128536f8d0 100644 --- a/content/en/security/application_security/threats/protection.md +++ b/content/en/security/application_security/threats/protection.md @@ -4,14 +4,14 @@ is_beta: true further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "App & API Protection with Datadog" + text: "Application Security Management with Datadog" --- ## Overview If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][2], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -App & API Protection (AAP) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. +Application Security Management (ASM) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. ## Prerequisites @@ -52,7 +52,7 @@ You can use the _Passlist_ to permanently allow specific IP addresses access to ## Blocking attack attempts with In-App WAF -AAP In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. +ASM In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. Because ASM is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. ASM can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. diff --git a/content/en/security/application_security/threats/security_signals.md b/content/en/security/application_security/threats/security_signals.md index 062eb0a1f0e52..86445e7a1b662 100644 --- a/content/en/security/application_security/threats/security_signals.md +++ b/content/en/security/application_security/threats/security_signals.md @@ -14,7 +14,7 @@ further_reading: ## Overview -AAP security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. +ASM security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. {{< img src="security/application_security/threats/security_signals/appsec-threat-signals.png" alt="Overview of investigating threats in signals explorer with details side panel">}} @@ -55,7 +55,7 @@ You can triage a signal by assigning it to a user for further investigation. The - **Under Review**: The signal is actively being investigated. From the **Under Review** state, you can move the signal to **Archived** or **Open** as needed. - **Archived**: The detection that caused the signal has been resolved. From the **Archived** state, you can move the signal back to **Open** if it's within 30 days of when the signal was originally detected. -**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for App & API Protection. +**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for Application Security Management. ## Declare an incident @@ -92,7 +92,7 @@ Use [Workflow Automation][5] to manually trigger a workflow for a security signa 2. In the signal details, view each of the sections, such as **What Happened**, **Activity Summary**, and **Detection Rule**. 3. Review the **Next Steps** and take action: - Click **Block all Attacking IPs** (by specific duration or permanently). - - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the App & API Protection **Protect Write** permission. + - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the Application Security Management **Protect Write** permission. - Click **[Block with Edge WAF][11]**. ## Bulk actions diff --git a/content/en/security/application_security/threats/setup/compatibility/_index.md b/content/en/security/application_security/threats/setup/compatibility/_index.md index ca7dcfc28ded3..b115c88a059d2 100644 --- a/content/en/security/application_security/threats/setup/compatibility/_index.md +++ b/content/en/security/application_security/threats/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How App & API Protection Works in Datadog" + text: "How Application Security Management Works in Datadog" --- The following ASM capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md index 38b6d19ed3a44..220ad98376657 100644 --- a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md @@ -21,7 +21,7 @@ Please review ASM GCP Service Extensions integration version 1.71.0 [limitations ## ASM GCP Service Extensions support -AAP GCP Service Extensions is in Preview. +ASM GCP Service Extensions is in Preview.
If you would like to see support added for any of the unsupported capabilities, let us know! Fill out }} diff --git a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md index 7853968666f0a..9222a73876c0e 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md @@ -12,17 +12,17 @@ further_reading: text: "Google Cloud Service Extensions overview" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- {{< callout url="#" btn_hidden="true" header="ASM Service Extensions is in Preview" >}} To try the preview of ASM Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (AAP) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog Application Security Management (ASM) Service Extensions integration has support for threat detection and blocking. ## Prerequisites diff --git a/content/en/security/application_security/threats/setup/threat_detection/go.md b/content/en/security/application_security/threats/setup/threat_detection/go.md index 2704103120b5c..58f6db417a13a 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/go.md +++ b/content/en/security/application_security/threats/setup/threat_detection/go.md @@ -16,10 +16,10 @@ further_reading: text: 'Go Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- You can monitor application security for Go apps running in Docker, Kubernetes, and Amazon ECS. diff --git a/content/en/security/application_security/threats/setup/threat_detection/java.md b/content/en/security/application_security/threats/setup/threat_detection/java.md index 2e50b726dbfc0..84e130f20ed3c 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/java.md +++ b/content/en/security/application_security/threats/setup/threat_detection/java.md @@ -15,10 +15,10 @@ further_reading: text: 'Java Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- diff --git a/content/en/security/application_security/threats/setup/threat_detection/nginx.md b/content/en/security/application_security/threats/setup/threat_detection/nginx.md index 9d23131abc620..95d528fb98d08 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nginx.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nginx.md @@ -13,10 +13,10 @@ further_reading: text: "nginx integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- The Datadog nginx tracing module has experimental support for threat detection and blocking. diff --git a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md index 474c3f77aa4b6..58ce761e80057 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md @@ -16,10 +16,10 @@ further_reading: text: 'Node.js Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- You can monitor application security for Node.js apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -37,7 +37,7 @@ You can monitor application security for Node.js apps running in Docker, Kuberne ``` Use this [migration guide][1] to assess any breaking changes if you upgraded your library. - App & API Protection is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. + Application Security Management is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. 2. **Where you import and initialize the Node.js library for APM, also enable ASM.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: {{< tabs >}} diff --git a/content/en/security/application_security/threats/setup/threat_detection/php.md b/content/en/security/application_security/threats/setup/threat_detection/php.md index 65f4afaf2f412..f206a039d4f11 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/php.md +++ b/content/en/security/application_security/threats/setup/threat_detection/php.md @@ -16,10 +16,10 @@ further_reading: text: 'PHP Datadog Tracer Library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- You can monitor application security for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS. diff --git a/content/en/security/application_security/threats/setup/threat_detection/python.md b/content/en/security/application_security/threats/setup/threat_detection/python.md index 65eb51c0072fe..d7c6f911379ce 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/python.md +++ b/content/en/security/application_security/threats/setup/threat_detection/python.md @@ -16,10 +16,10 @@ further_reading: text: 'Python Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- You can monitor the security of your Python apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. diff --git a/content/en/security/application_security/threats/setup/threat_detection/ruby.md b/content/en/security/application_security/threats/setup/threat_detection/ruby.md index e99bc0361bf26..b19219b3089ac 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/ruby.md +++ b/content/en/security/application_security/threats/setup/threat_detection/ruby.md @@ -16,10 +16,10 @@ further_reading: text: 'Ruby Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB App & API Protection Rules" + text: "OOTB Application Security Management Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" --- You can monitor application security for Ruby apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. diff --git a/content/en/security/application_security/threats/threat-intelligence.md b/content/en/security/application_security/threats/threat-intelligence.md index d791c9d9b1c29..b5138fc4942a6 100644 --- a/content/en/security/application_security/threats/threat-intelligence.md +++ b/content/en/security/application_security/threats/threat-intelligence.md @@ -6,12 +6,12 @@ further_reading: text: "Threat Intelligence at Datadog" - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" --- ## Overview -This topic describes [threat intelligence][1] for App & API Protection (AAP). +This topic describes [threat intelligence][1] for Application Security Management (ASM). Datadog provides built-in threat intelligence [datasets][1] for ASM. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. @@ -42,7 +42,7 @@ To query for all traces containing threat intelligence from any source, use the ## Bring your own threat intelligence -AAP supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. +ASM supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. ### Storing indicators of compromise in reference tables diff --git a/content/en/security/application_security/threats/trace_qualification.md b/content/en/security/application_security/threats/trace_qualification.md index a07e41710b3d1..0665e01a8c895 100644 --- a/content/en/security/application_security/threats/trace_qualification.md +++ b/content/en/security/application_security/threats/trace_qualification.md @@ -4,15 +4,15 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog App & API Protection" + text: "Protect against threats with Datadog Application Security Management" - link: "/security/application_security/how-appsec-works//" tag: "Documentation" - text: "How App & API Protection Works" + text: "How Application Security Management Works" --- ## Overview -App & API Protection (AAP) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. +Application Security Management (ASM) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view the possible qualification results: @@ -20,7 +20,7 @@ Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view th ## Qualification outcomes -AAP runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: +ASM runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: | Qualification result | Description | |------|-------------| diff --git a/content/en/security/application_security/troubleshooting.md b/content/en/security/application_security/troubleshooting.md index 81f7ca2b9d982..a5e5e1c8c1be9 100644 --- a/content/en/security/application_security/troubleshooting.md +++ b/content/en/security/application_security/troubleshooting.md @@ -1,24 +1,24 @@ --- -title: Troubleshooting App & API Protection +title: Troubleshooting Application Security Management aliases: - /security_platform/application_security/troubleshooting further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Monitoring Threats with Datadog App & API Protection" + text: "Monitoring Threats with Datadog Application Security Management" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How App & API Protection Works in Datadog" + text: "How Application Security Management Works in Datadog" --- ## Overview -If you experience unexpected behavior with Datadog App & API Protection (AAP), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. +If you experience unexpected behavior with Datadog Application Security Management (ASM), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. ## ASM rate limits -AAP traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. +ASM traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. ## No security traces detected by ASM @@ -34,7 +34,7 @@ You can use the metric `datadog.apm.appsec_host` to check if ASM is running. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Send a test attack to your application @@ -147,7 +147,7 @@ A few minutes after you enable your application and exercise it, and if it's suc ### Check if required tracer integrations are deactivated -AAP relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. +ASM relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. The required integrations vary by language. @@ -250,7 +250,7 @@ framework you're using, such as the Django or Flask integration. ### Check if spans are successfully transmitted to Datadog -AAP data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: +ASM data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: ``` 2021-11-29 21:19:58 CET | TRACE | INFO | (pkg/trace/info/stats.go:111 in LogStats) | [lang:.NET lang_version:5.0.10 interpreter:.NET tracer_version:1.30.1.0 endpoint_version:v0.4] -> traces received: 2, traces filtered: 0, traces amount: 1230 bytes, events extracted: 0, events sampled: 0 @@ -447,7 +447,7 @@ Debug logs are verbose but useful. If you open up a ticket with [Datadog support #### Is ASM correctly enabled? -AAP has been correctly enabled if you see logs such as: +ASM has been correctly enabled if you see logs such as: ``` D, [2021-12-14T11:03:32.167125 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib/datadog/appsec/waf.rb:296:in `block in logger=') {:level=>:ddwaf_log_info, :func=> "ddwaf_set_log_cb", :file=>"PowerWAFInterface.cpp", :message=>"Sending log messages to binding, min level trace"} @@ -498,7 +498,7 @@ D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib If you don't see those logs, check that another upstream security system is not filtering out the requests or altering them based on the test header value. #### Is the tracer sending traces with security data? -AAP data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: +ASM data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: ``` Tags: [ @@ -549,7 +549,7 @@ You can use the metric `datadog.apm.appsec_host` to check if ASM is running. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Confirm tracer versions are updated diff --git a/content/en/security/audit_trail.md b/content/en/security/audit_trail.md index c7bb5f4608f0a..8b859045548ad 100644 --- a/content/en/security/audit_trail.md +++ b/content/en/security/audit_trail.md @@ -12,10 +12,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ To view audit logs generated by actions taken in Datadog Security, navigate to t {{% audit-trail-security-platform %}} -## App & API Protection +## Application Security Management {{% audit-trail-asm %}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 534c57c18b2e6..9e7bdc7971d7a 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -1,5 +1,5 @@ --- -title: Workload Protection +title: Cloud Security Management aliases: - /security_platform/cloud_security_management/ further_reading: @@ -26,7 +26,7 @@ further_reading: text: "Run Atomic Red Team detection tests in container environments with Datadog's Workload Security Evaluator" - link: "https://www.datadoghq.com/blog/security-context-with-datadog-cloud-security-management/" tag: "Blog" - text: "Add security context to observability data with Datadog Workload Protection" + text: "Add security context to observability data with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-labs-ruleset-launch/" tag: "Blog" text: "Fix common cloud security risks with the Datadog Security Labs Ruleset" @@ -35,7 +35,7 @@ further_reading: text: "Best practices for application security in cloud-native environments" - link: "https://www.datadoghq.com/blog/custom-detection-rules-with-datadog-cloud-security-management/" tag: "Blog" - text: "Customize rules for detecting cloud misconfigurations with Datadog Workload Protection" + text: "Customize rules for detecting cloud misconfigurations with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/building-security-coverage-for-cloud-environments/" tag: "Blog" text: "Build sufficient security coverage for your cloud environment" @@ -43,9 +43,11 @@ further_reading: tag: "Blog" text: "Key learnings from the 2024 State of Cloud Security study" - link: "https://www.datadoghq.com/blog/cloud-security-malware-detection/" + tag: "Blog" + text: "Detect malware in your containers with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-posture-csm/" tag: "Blog" - text: "Report on changes to your security posture with Workload Protection" + text: "Report on changes to your security posture with Cloud Security Management" - link: "https://www.datadoghq.com/blog/security-inbox-prioritization/" tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" @@ -56,14 +58,14 @@ algolia: tags: ['csm', 'cloud security management', 'inbox'] cascade: algolia: - subcategory: Workload Protection + subcategory: Cloud Security Management --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Workload Protection elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} -Datadog Workload Protection delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +Datadog Cloud Security Management (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. @@ -74,7 +76,7 @@ Workload Protection leverages both the Datadog Agent and Agentless. It includes - [**Identity Risks**][8]: Provides in-depth visibility into your organization's AWS IAM, Azure, and GCP risks, and enables you to detect and resolve identity risks on an ongoing basis. - [**Vulnerabilities**][9]: Continuously detect, prioritize, and remediate exploitable vulnerabilities in your container images, host images, and hosts running in your infrastructure. -{{< img src="security/csm/csm_overview_2.png" alt="Workload Protection in Datadog" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security Management in Datadog" width="100%">}} {{< partial name="security-platform/CSW-billing-note.html" >}} @@ -106,7 +108,7 @@ Use the [Resource Catalog][12] to view specific misconfigurations and threats th ## Subscribe to weekly digest reports -Receive a weekly summary of Workload Protection activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. +Receive a weekly summary of Cloud Security Management activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. ## Learn about emerging threats and vulnerabilities @@ -114,7 +116,7 @@ Use the [Security Research Feed][15] to stay current with the latest security de ## Next steps -To get started with CSM, navigate to the [**Workload Protection Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Workload Protection][10]. +To get started with CSM, navigate to the [**Cloud Security Management Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security Management][10]. ## Further reading diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 749b501e8da72..7ce4a811022a6 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -1,5 +1,5 @@ --- -title: Workload Protection Guides +title: Cloud Security Management Guides disable_toc: true aliases: - /security_platform/cloud_workload_security/guide/ @@ -7,9 +7,9 @@ aliases: --- -{{< whatsnext desc="Workload Protection Guides" >}} - {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Workload Protection{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Workload Protection Agent Variables{{< /nextlink >}} +{{< whatsnext desc="Cloud Security Management (CSM) Guides" >}} + {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Management Agent Variables{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="CSM Threats Guides" >}} diff --git a/content/en/security/cloud_security_management/guide/agent_variables.md b/content/en/security/cloud_security_management/guide/agent_variables.md index 0820929d15cb3..530e90e24de6d 100644 --- a/content/en/security/cloud_security_management/guide/agent_variables.md +++ b/content/en/security/cloud_security_management/guide/agent_variables.md @@ -1,10 +1,10 @@ --- -title: Workload Protection Agent Variables +title: Cloud Security Management Agent Variables aliases: - /security/cloud_security_management/setup/agent_variables --- -The Datadog Agent has several environment variables that can be enabled for Workload Protection. This article describes the purpose of each environment variable. +The Datadog Agent has several environment variables that can be enabled for Cloud Security Management. This article describes the purpose of each environment variable. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index 59420ed7a72d0..3e31b72a43a8a 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -9,7 +9,7 @@ further_reading: text: "Agent Expression Syntax" --- -At some point, you may want to write your own [custom Workload Protection Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. +At some point, you may want to write your own [custom Cloud Security Management Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. ## Attributes diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index 35f68bb04cf81..01c3168d475c1 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -152,7 +152,7 @@ runtime_security_config: Ensure you perform the following configuration requirements before deploying the Agent: 1. Customize the [Agent Installation Instructions][5] before proceeding with the installation. -2. Install/update the Agent with CSM enabled. For steps, see [Setting up Workload Protection on the Agent][4]. +2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security Management on the Agent][4]. 3. Specify additional configurations from the previous **eBPF-less agent setup** sections to install the custom version and enable eBPF-less mode. diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 6c6cf933e76bc..3bbc335342f22 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -13,7 +13,7 @@ Datadog uses a graph processing framework to map relationships between cloud res ## Resource dependency graph -The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Workload Protection Misconfigurations resource relationships graph. +The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Management Misconfigurations resource relationships graph. **Note**: Not all resources with the Publicly Accessible attribute are shown in these diagrams. diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index d3b0519bde039..e74ff2f65f802 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -3,13 +3,13 @@ title: Use Filters to Exclude Resources from Evaluation further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Workload Protection Guides + text: Cloud Security Management Guides - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: Setting Up Workload Protection + text: Setting Up Cloud Security Management --- -You can use resource tags to create filters that include or exclude resources from being evaluated by Workload Protection. The filters must be specified as a comma-separated list of `key:value` pairs. +You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security Management (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. **Notes**: @@ -37,7 +37,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. 2. Expand the **AWS** section. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon for the account you want to add the filter to. 4. Enter a comma-separated list of `key:value` pairs for the tags you want to allowlist or blocklist. @@ -48,7 +48,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. 2. Expand the **Azure** section. 3. Expand a subscription. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. @@ -60,7 +60,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Workload Protection Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. 2. Expand the **GCP** section. 3. Expand a project. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. diff --git a/content/en/security/cloud_security_management/guide/tuning-rules.md b/content/en/security/cloud_security_management/guide/tuning-rules.md index bb28a47863278..46126c39cc0c0 100644 --- a/content/en/security/cloud_security_management/guide/tuning-rules.md +++ b/content/en/security/cloud_security_management/guide/tuning-rules.md @@ -7,7 +7,7 @@ aliases: ## Overview -Workload Protection Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. +Cloud Security Management Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. This guide provides considerations for best practices and steps for fine-tuning signal suppression. diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index e9e700e173dba..7b4712f38006d 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -10,7 +10,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Workload Protection. +Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security Management.
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 6911c979f3d3e..b436079b260a1 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -1,14 +1,14 @@ --- -title: Workload Protection Identity Risks +title: Cloud Security Management Identity Risks aliases: - /security/identity_risks/ further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Learn more about Workload Protection" + text: "Learn more about Cloud Security Management" - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting Up Workload Protection" + text: "Setting Up Cloud Security Management" - link: "https://www.datadoghq.com/blog/datadog-ciem/" tag: "Blog" text: "Find and remediate identity risks with Datadog CIEM" @@ -26,7 +26,7 @@ further_reading: text: "Detect cross-account access risks in AWS with Datadog" --- -Workload Protection Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. +Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles.
CSM Identity Risks is available for AWS, Azure, and GCP.
@@ -48,7 +48,7 @@ Click **View Suggested Policy** to view a suggested downsized policy based on th {{< img src="security/identity_risks/downsized_policy.png" alt="Review suggestions for downsizing a policy on the Suggested downsized policy dialog" width="100%">}} -To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Workload Protection Issues][2] for more information. +To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Management Issues][2] for more information. {{< img src="security/identity_risks/side_panel_action_buttons_2.png" alt="Remediate identity risks using the action buttons on the side panel" width="100%">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index e18865974a9a0..32e6cdb09c77d 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -1,5 +1,5 @@ --- -title: Workload Protection Misconfigurations +title: Cloud Security Management Misconfigurations aliases: - /security_platform/cspm/ - /security/cspm/#glossary @@ -9,7 +9,7 @@ algolia: tags: ['cspm'] --- -Workload Protection Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. +Cloud Security Management Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. ## Detect misconfigurations across your cloud resources @@ -19,7 +19,7 @@ View a high-level overview of your security posture on the [Overview page][1]. E Workload Protection Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks @@ -57,7 +57,7 @@ You can also [create a Jira issue][15] and assign it to a team, use Terraform re {{< whatsnext >}} {{< nextlink href="/security/cloud_security_management/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Workload Protection{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for CSM Misconfigurations{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index c0be069ebd47c..d29babf4c0a3a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -18,7 +18,7 @@ further_reading: text: Misconfigurations Reports --- -Workload Protection Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. +Cloud Security Management Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 4db94b5ed8fbf..3b2db536a18b9 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -14,7 +14,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -The Workload Protection Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: +The Cloud Security Management Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: - Review the detailed configuration of a resource. - Review the compliance rules applied to your resources by CSM Misconfigurations. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index 0a5900ee7ffe6..ab241bff2f753 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -17,7 +17,7 @@ further_reading: text: "Securing Datadog's cloud infrastructure: Our playbook and methodology" --- -With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Workload Protection [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. +With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security Management (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. 1. On the [CSM Compliance page][6], click **Create Framework**. 1. Enter the following details: diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index 49a81e28ca9dc..1dfcda198475c 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -11,7 +11,7 @@ further_reading: text: "Create Custom Rules" --- -Kubernetes Security Posture Management (KSPM) for Workload Protection helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). +Kubernetes Security Posture Management (KSPM) for Cloud Security Management (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). ## Setting up KSPM diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index 89271fbef1f36..aa25657578a03 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -13,7 +13,7 @@ further_reading: text: "Learn about supported frameworks and industry benchmarks" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Workload Protection" + text: "Secure your Windows workloads with Datadog Cloud Security Management" ---
Due to changes in how notification rules are configured, cloud configuration and infrastructure configuration signals will be deprecated in early 2025.
diff --git a/content/en/security/cloud_security_management/review_remediate/_index.md b/content/en/security/cloud_security_management/review_remediate/_index.md index 853488a8bacdb..38ebd3a1c4628 100644 --- a/content/en/security/cloud_security_management/review_remediate/_index.md +++ b/content/en/security/cloud_security_management/review_remediate/_index.md @@ -4,7 +4,7 @@ disable_toc: true --- {{< whatsnext desc="" >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Workload Protection{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security Management{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/review_remediate/workflows" >}}Automate Security Workflows with Workflow Automation{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Workload Protection Issues{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Management Issues{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index bc5517dd195e1..ec68565f557f1 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -1,9 +1,9 @@ --- -title: Create Jira Issues for Workload Protection Issues +title: Create Jira Issues for Cloud Security Management Issues further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Workload Protection Guides + text: Cloud Security Management Guides - link: "/integrations/jira/" tag: "Documentation" text: Datadog Jira Integration @@ -20,7 +20,7 @@ products: {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Workload Protection security issue. Jira for Workload Protection is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security Management (CSM) security issue. Jira for Cloud Security Management is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. **Notes**: - To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. diff --git a/content/en/security/cloud_security_management/review_remediate/mute_issues.md b/content/en/security/cloud_security_management/review_remediate/mute_issues.md index a90230b125c8d..71053fbafcba8 100644 --- a/content/en/security/cloud_security_management/review_remediate/mute_issues.md +++ b/content/en/security/cloud_security_management/review_remediate/mute_issues.md @@ -1,5 +1,5 @@ --- -title: Mute Issues in Workload Protection +title: Mute Issues in Cloud Security Management further_reading: - link: "security/default_rules" tag: "Documentation" diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 6eb74e1686531..701d2e6197b39 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -3,7 +3,7 @@ title: Automate Security Workflows with Workflow Automation further_reading: - link: "/security/cloud_security_management" tag: "Documentation" - text: Workload Protection + text: Cloud Security Management - link: "/service_management/workflows/" tag: "Documentation" text: Workflow Automation @@ -29,7 +29,7 @@ products: [Datadog Workflow Automation][1] allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools. -Use Workflow Automation with [Workload Protection][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). +Use Workflow Automation with [Cloud Security Management (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). ## Understanding how triggers and sources work diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 15b40ff0d2e9e..007a3731effc9 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection +title: Setting up Cloud Security Management aliases: - /security_platform/cloud_workload_security/getting_started - /security/cloud_workload_security/getting_started @@ -23,12 +23,12 @@ further_reading: text: "AWS Fargate Configuration Guide for Datadog Security" - link: "/security/cloud_security_management/guide/agent_variables/" tag: "Guide" - text: "Workload Protection Agent Variables" + text: "Cloud Security Management Agent Variables" --- ## Overview -To get started with Workload Protection, review the following: +To get started with Cloud Security Management (CSM), review the following: - [Overview](#overview) - [Enable Agentless Scanning](#enable-agentless-scanning) @@ -43,13 +43,13 @@ To get started with Workload Protection, review the following: ## Enable Agentless Scanning -The simplest way to get started with Workload Protection is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. +The simplest way to get started with Cloud Security Management is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. -To learn more about Agentless Scanning, see [Workload Protection Agentless Scanning][2]. +To learn more about Agentless Scanning, see [Cloud Security Management Agentless Scanning][2]. ## Deploy the Agent for additional coverage -For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Workload Protection on the Agent][3]. +For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security Management on the Agent][3].
@@ -120,19 +120,19 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to ### AWS CloudTrail Logs -Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Workload Protection][4]. +Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security Management][4]. ### IaC scanning -Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Workload Protection][10]. +Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security Management][10]. ### IaC remediation -Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Workload Protection][5]. +Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security Management][5]. ### Deploy via cloud integrations -Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Workload Protection via Cloud Integrations][7]. +Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security Management via Cloud Integrations][7]. ## Disable CSM diff --git a/content/en/security/cloud_security_management/setup/agent/_index.md b/content/en/security/cloud_security_management/setup/agent/_index.md index f06b63e3637b9..7841b87598b99 100644 --- a/content/en/security/cloud_security_management/setup/agent/_index.md +++ b/content/en/security/cloud_security_management/setup/agent/_index.md @@ -1,5 +1,5 @@ --- -title: Deploying Workload Protection on the Agent +title: Deploying Cloud Security Management on the Agent type: multi-code-lang aliases: - /security/cloud_security_management/setup/csm_cloud_workload_security/agent @@ -7,7 +7,7 @@ aliases: - /security/cloud_security_management/setup/csm_enterprise/agent --- -Use the following instructions to enable Workload Protection features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. +Use the following instructions to enable Cloud Security Management features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. {{< partial name="security-platform/CSW-billing-note.html" >}} diff --git a/content/en/security/cloud_security_management/setup/agent/docker.md b/content/en/security/cloud_security_management/setup/agent/docker.md index 5c15e01f2975f..c7e358398cded 100644 --- a/content/en/security/cloud_security_management/setup/agent/docker.md +++ b/content/en/security/cloud_security_management/setup/agent/docker.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection on Docker +title: Setting up Cloud Security Management on Docker code_lang: docker type: multi-code-lang code_lang_weight: 65 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md index 23601c6260d8c..c6ee9a3727f65 100644 --- a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md +++ b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection on ECS EC2 +title: Setting up Cloud Security Management on ECS EC2 code_lang: ecs_ec2 type: multi-code-lang code_lang_weight: 70 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/kubernetes.md b/content/en/security/cloud_security_management/setup/agent/kubernetes.md index 36c64b532aaeb..65438f39dd801 100644 --- a/content/en/security/cloud_security_management/setup/agent/kubernetes.md +++ b/content/en/security/cloud_security_management/setup/agent/kubernetes.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection on Kubernetes +title: Setting up Cloud Security Management on Kubernetes code_lang: kubernetes type: multi-code-lang code_lang_weight: 60 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/linux.md b/content/en/security/cloud_security_management/setup/agent/linux.md index 81d020624edb8..0bf00bec067e2 100644 --- a/content/en/security/cloud_security_management/setup/agent/linux.md +++ b/content/en/security/cloud_security_management/setup/agent/linux.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection on Linux +title: Setting up Cloud Security Management on Linux code_lang: linux type: multi-code-lang code_lang_weight: 80 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/windows.md b/content/en/security/cloud_security_management/setup/agent/windows.md index 23f06c6cdf245..727b62b1826ac 100644 --- a/content/en/security/cloud_security_management/setup/agent/windows.md +++ b/content/en/security/cloud_security_management/setup/agent/windows.md @@ -1,5 +1,5 @@ --- -title: Setting up Workload Protection on Windows +title: Setting up Cloud Security Management on Windows code_lang: windows type: multi-code-lang code_lang_weight: 75 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index 8503e101ab1d1..930dce39c81d4 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -1,19 +1,19 @@ --- -title: Workload Protection Agentless Scanning +title: Cloud Security Management Agentless Scanning aliases: - /security/agentless_scanning - /security/cloud_security_management/agentless_scanning further_reading: - link: "https://www.datadoghq.com/blog/agentless-scanning/" tag: "Blog" - text: "Detect vulnerabilities in minutes with Agentless Scanning for Workload Protection" + text: "Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management" - link: "/security/vulnerabilities" tag: "Documentation" text: "Read more about CSM Vulnerabilities" --- {{< site-region region="gov" >}} -
Agentless Scanning for Workload Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview @@ -30,7 +30,7 @@ The following diagram illustrates how Agentless Scanning works: 1. Datadog schedules a scan and sends which resources to scan through Remote Configuration. - **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Workload Protection enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. + **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security Management enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. 2. For Lambda functions, the scanners fetch the function's code. 3. The scanner creates snapshots of volumes used in running VM instances. These snapshots serve as the basis for conducting scans. Using the snapshots, or the code, the scanner generates a list of packages. @@ -70,7 +70,7 @@ To further mitigate this risk, Datadog implements the following security measure When installed, the Datadog Agent offers real-time, deep visibility into risks and vulnerabilities that exist in your cloud workloads. It is recommended to fully install the Datadog Agent. -As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Workload Protection offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. +As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security Management offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. The following diagram illustrates how Agentless scanning works with existing Agent installations: @@ -86,7 +86,7 @@ If you have [Sensitive Data Scanner][8] enabled, you can catalog and classify se Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners][1] in your cloud environments. These scanning instances retrieve a list of all S3 buckets and RDS instances through [Remote Configuration][10], and have set instructions to scan text files—such as CSVs and JSONs—and tables in every datastore over time. Sensitive Data Scanner leverages its [entire rules library][11] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. Data stores and their files are only read in your environment—no sensitive data is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Workload Protection][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Workload Protection. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security Management. ## Cloud service provider cost diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md index e8005ea6ff4f6..d46c77e3de13f 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Workload Protection Agentless Scanning" + text: "Cloud Security Management Agentless Scanning" --- There are two recommended ways to deploy Agentless scanners in your environment, either using cross-account scanning, or same account scanning. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md index 1470b59430878..09c537836d5c1 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md @@ -10,14 +10,14 @@ aliases: further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Workload Protection" + text: "Setting up Cloud Security Management" - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Workload Protection Agentless Scanning" + text: "Cloud Security Management Agentless Scanning" --- {{< site-region region="gov" >}} -
Agentless Scanning for Workload Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} Agentless Scanning provides visibility into vulnerabilities that exist within your cloud infrastructure, without requiring you to install the Datadog Agent. To learn more about Agentless Scanning's capabilities and how it works, see the [Agentless Scanning][12] docs. @@ -71,10 +71,10 @@ To enable Agentless Scanning, use one of the following workflows: ### Quick start -Designed for new users, the quick start workflow offers an efficient setup process for Workload Protection, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. {{% collapse-content title="Quick start setup guide" level="h4" id="quick-start-setup" %}} -Designed for new users, the quick start workflow offers an efficient setup process for Workload Protection, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Workload Protection features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security Management features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management.
This article provides instructions for the new user quick start workflow that uses AWS CloudFormation to set up Agentless Scanning. For existing users who want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, see the instructions for @@ -84,9 +84,9 @@ For existing users who want to add a new AWS account or enable Agentless Scannin ##### Installation -1. On the [Intro to Workload Protection][4] page, click **Get Started with Workload Protection**. +1. On the [Intro to Cloud Security Management][4] page, click **Get Started with Cloud Security Management**. 1. Click **Quick Start**. The **Features** page is displayed, showing the features included with Agentless Scanning Quick Start. -1. Click **Start Using Workload Protection** to continue. +1. Click **Start Using Cloud Security Management** to continue. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. 1. **Send AWS Logs to Datadog** and **Detect security issues** are automatically selected by default. Leave the selections as-is. @@ -108,7 +108,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -125,14 +125,14 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud The [Terraform Datadog Agentless Scanner module][6] provides a simple and reusable configuration for installing the Datadog Agentless scanner. {{% collapse-content title="Terraform setup guide" level="h4" id="terraform-setup" %}} -If you've already [set up Workload Protection][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. +If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. -
If you're setting up Workload Protection for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
{{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Under **Choose a method for adding your AWS account**, select **Manually**. 1. Follow the instructions for installing the [Datadog Agentless Scanner module][2]. @@ -147,7 +147,7 @@ If you've already [set up Workload Protection][10] and want to add a new cloud a {{% tab "Existing AWS account" %}} -1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. 1. Click the **Edit scanning** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. **Enable Resource Scanning** should already be toggled on. If it isn't, toggle **Enable Resource Scanning** to the on position. 1. In the **How would you like to set up Agentless Scanning?** section, select **Terraform**. @@ -162,7 +162,7 @@ If you've already [set up Workload Protection][10] and want to add a new cloud a {{% tab "Existing Azure subscription" %}} -1. On the [Workload Protection Setup][1] page, click **Cloud Integrations > Azure**. +1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > Azure**. 1. Expand the Tenant containing the subscription where you want to deploy the Agentless scanner. 1. Click the **Enable** button for the Azure subscription where you want to deploy the Agentless scanner. 1. Toggle **Vulnerability Scanning** to the on position. @@ -182,7 +182,7 @@ If you've already [set up Workload Protection][10] and want to add a new cloud a ##### Disable Agentless Scanning -1. On the [Workload Protection Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. +1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. @@ -209,9 +209,9 @@ For usage examples, refer to our [Github repository](https://github.com/DataDog/ Use the AWS CloudFormation template to create a CloudFormation stack. The template includes the IAM permissions required to deploy and manage Agentless scanners. {{% collapse-content title="AWS CloudFormation setup guide" level="h4" id="aws-cloudformation-setup" %}} -If you've already [set up Workload Protection][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. +If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. -
If you're setting up Workload Protection for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -220,7 +220,7 @@ If you've already [set up Workload Protection][10] and want to add a new cloud a {{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Workload Protection Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. @@ -234,7 +234,7 @@ If you've already [set up Workload Protection][10] and want to add a new cloud a {{% tab "Existing AWS account" %}} -1. On the [Workload Protection Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. Verify that **Enable Resource Scanning** is toggled on. If it isn't, switch the **Enable Resource Scanning** toggle to the on position and complete Steps 3-7 in [New AWS Account][2]. 1. In the **Agentless Scanning** section, toggle **Host Vulnerability Scanning**, **Container Vulnerability Scanning**, **Lambda Vulnerability Scanning**, and **Data Security Scanning** to the on position. @@ -261,7 +261,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -277,7 +277,7 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud Use the Azure Resource Manager template to deploy the Agentless Scanner. The template includes the role definitions required to deploy and manage Agentless scanners. {{% collapse-content title="Azure Resource Manager setup guide" level="h4" id="azure-resource-manager-setup" %}} -If you've already [set up Workload Protection][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach. +If you've already [set up Cloud Security Management][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -306,7 +306,7 @@ Follow the instructions for setting up the [Datadog Azure integration][1]. ##### Disable Agentless Scanning -1. On the [Workload Protection Setup][10] page, click **Cloud Integrations** > **Azure**. +1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **Azure**. 1. Locate your subscription's tenant, expand the list of subscriptions, and identify the subscription for which you want to disable Agentless Scanning. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloud_integrations.md b/content/en/security/cloud_security_management/setup/cloud_integrations.md index f88cb76eec48d..589cf66da25a0 100644 --- a/content/en/security/cloud_security_management/setup/cloud_integrations.md +++ b/content/en/security/cloud_security_management/setup/cloud_integrations.md @@ -1,5 +1,5 @@ --- -title: Deploying Workload Protection via Cloud Integrations +title: Deploying Cloud Security Management via Cloud Integrations aliases: - /security/cloud_security_management/setup/csm_enterprise/cloud_accounts - /security/cloud_security_management/setup/csm_pro/cloud_accounts @@ -42,7 +42,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To stop resource collection for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and switch the **Enable Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -53,7 +53,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. 1. Expand the **Azure** section. 1. To stop resource collection for a subscription, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -64,7 +64,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Workload Protection Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. 1. Expand the **GCP** section. 1. To stop resource collection for a project, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md index b213db3c3bb1e..de44db7a5602a 100644 --- a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md +++ b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md @@ -1,5 +1,5 @@ --- -title: Setting up AWS CloudTrail Logs for Workload Protection +title: Setting up AWS CloudTrail Logs for Cloud Security Management --- Set up AWS CloudTrail Logs to get the most out of [CSM Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index 849be49a7b1bd..91b3836dac768 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -1,11 +1,11 @@ --- -title: Setting up IaC Remediation for Workload Protection +title: Setting up IaC Remediation for Cloud Security Management aliases: - /security/cloud_security_management/setup/source_code_integrations further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Workload Protection" + text: "Setting up Cloud Security Management" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -14,7 +14,7 @@ further_reading: text: "CSM Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Workload Protection. IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security Management (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 17cff972cfd90..07cdc54ec0a08 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -1,9 +1,9 @@ --- -title: Setting up IaC Scanning for Workload Protection +title: Setting up IaC Scanning for Cloud Security Management further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Workload Protection" + text: "Setting up Cloud Security Management" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -16,7 +16,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Workload Protection. IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security Management (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md index 4cad083b52299..c8b32f26ba22d 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md @@ -6,7 +6,7 @@ further_reading: text: "IaC Scanning" - link: "/security/cloud_security_management/setup/iac_scanning" tag: "Documentation" - text: "Setting up IaC Scanning for Workload Protection" + text: "Setting up IaC Scanning for Cloud Security Management" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index a197635acd526..90f05937f82c9 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -2,7 +2,7 @@ title: Setting Up CSM without Infrastructure Monitoring --- -In addition to setting up Workload Protection with or without an Agent, you can also set it up without Infrastructure Monitoring. +In addition to setting up Cloud Security Management (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. ## Set up CSM on your AWS account @@ -11,7 +11,7 @@ In addition to setting up Workload Protection with or without an Agent, you can If you don't see the required account, add it by clicking **Add AWS Account(s)** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account number, navigate to the **Metric Collection** tab, then click the **disable metric collection** link. Then, click **Disable Metric Collection** to confirm. -1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, and a setup dialog automatically opens for the selected account. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, and a setup dialog automatically opens for the selected account. 1. On the setup dialog, switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -24,7 +24,7 @@ In addition to setting up Workload Protection with or without an Agent, you can If you don't see the required client ID, add it by clicking **Add New App Registration** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the **Metric Collection** tab, then turn off the **Enable Metric Collection** toggle. -1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -37,7 +37,7 @@ In addition to setting up Workload Protection with or without an Agent, you can If you don't see the required account, add it by clicking **Add GCP Account** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account name, navigate to the **Metric Collection** tab. Then, above the Metric Collection table, click **Disable All**. -1. On the **Resource Collection** tab, click **Enable** next to Workload Protection. You are redirected to the Workload Protection Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 64fe74a05042a..6d3e778859731 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -12,7 +12,7 @@ further_reading: text: "Learn more about CSM Vulnerabilities" --- -Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Workload Protection uses different measures of severity to calculate the scores. +Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security Management (CSM) uses different measures of severity to calculate the scores. ## CSM severity scoring framework diff --git a/content/en/security/cloud_security_management/troubleshooting/_index.md b/content/en/security/cloud_security_management/troubleshooting/_index.md index 53fe01435131f..67e997f465fcc 100644 --- a/content/en/security/cloud_security_management/troubleshooting/_index.md +++ b/content/en/security/cloud_security_management/troubleshooting/_index.md @@ -1,11 +1,11 @@ --- -title: Workload Protection Troubleshooting +title: Cloud Security Management Troubleshooting disable_toc: true --- {{< whatsnext desc="Troubleshooting Guides" >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Workload Protection Threats{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Cloud Security Management Threats{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Workload Protection Vulnerabilities{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Management Vulnerabilities{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 64a8ac9d0f701..5a12c0d3f8a42 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Workload Protection Threats +title: Troubleshooting Cloud Security Management Threats aliases: - /security_platform/cloud_workload_security/troubleshooting/ - /security_platform/cloud_security_management/troubleshooting/ @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" --- -If you experience issues with Workload Protection Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare @@ -29,7 +29,7 @@ If you don't have a case ID, just enter your email address used to login in Data ## Agent Self tests -In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Workload Protection Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: +In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Cloud Security Management Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: | Platform | Command | | -------- | ------- | diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index c3750f170dbbd..9300532c3e6b6 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Workload Protection Vulnerabilities +title: Troubleshooting Cloud Security Management Vulnerabilities aliases: - /security/vulnerabilities/troubleshooting/ further_reading: @@ -16,7 +16,7 @@ further_reading: ## Overview -If you experience issues with Workload Protection Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Management (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Error messages diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index 0924133c84a5b..bd4fd37b965e9 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -1,5 +1,5 @@ --- -title: Workload Protection Vulnerabilities +title: Cloud Security Management Vulnerabilities aliases: - /security/infrastructure_vulnerabilities/ - /security/vulnerabilities/ @@ -18,21 +18,21 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" - link: "https://www.datadoghq.com/blog/csm-vulnerability-management/" tag: "Blog" - text: "Mitigate infrastructure vulnerabilities with Datadog Workload Protection" + text: "Mitigate infrastructure vulnerabilities with Datadog Cloud Security Management" - link: "https://www.datadoghq.com/blog/datadog-container-image-view/" tag: "Blog" text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" --- {{< site-region region="gov" >}} -
Workload Protection Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). +
Cloud Security Management Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). Request access by filling this form.
{{< /site-region >}} ## Overview -Workload Protection Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. +Cloud Security Management Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. With CSM Vulnerabilities, you can manage your cloud security management strategy, all in one place: diff --git a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md index 099d13a5fb1a2..d789fe45152f2 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md +++ b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md @@ -4,7 +4,7 @@ title: CSM Vulnerabilities Hosts and Containers Compatibility ## Operating systems -Workload Protection Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: +Cloud Security Management Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: | Operating System | Supported Versions | Package Managers / Source | Agentless support | Agent support | |--------------------------|-----------------------------------------------------|---------------------------|-------------------|-------------------| @@ -33,7 +33,7 @@ Workload Protection Vulnerabilities supports vulnerability scanning for hosts an ## Application libraries -Workload Protection Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: +Cloud Security Management Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: | Language | Supported Package Manager | Supported Files | Agentless support | Agent support | |----------|---------------------------|----------------------------------------------------------------------|-------------------|-------------------| diff --git a/content/en/security/cloud_siem/_index.md b/content/en/security/cloud_siem/_index.md index f1a175bf16853..1c1b7893455de 100644 --- a/content/en/security/cloud_siem/_index.md +++ b/content/en/security/cloud_siem/_index.md @@ -39,7 +39,7 @@ further_reading: --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Workload Protection elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} ## Overview diff --git a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md index d74ae568fa51e..5c5128c93a5f5 100644 --- a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md +++ b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md @@ -24,7 +24,7 @@ As another example, you can create a signal by combining these two rules: And use the `expired account ID` attribute to correlate the two rules. -You can correlate log detection rules, as well as log detection rules with Workload Protection Threats and App & API Protection rules. +You can correlate log detection rules, as well as log detection rules with Cloud Security Management Threats and Application Security Management rules. ## Create a Signal Correlation rule diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index a53536247cbd9..a26825b5ce82c 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Workload Protection insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Cloud Security Management (CSM) insights in the entity panel, [CSM must be configured][2]. ## Explore risk insights diff --git a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md index d10cc169f6b66..5ba7eb580aac4 100644 --- a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md +++ b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md @@ -21,7 +21,7 @@ The following examples are covered in this guide: * [Configure the default security filter to exclude certain logs](#add-an-exclusion) * [Create custom security filters to specify which log sources to analyze](#create-a-custom-filter) -**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Workload Protection Threats (`source:runtime-security-agent`) and Workload Protection Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. +**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. ## Prerequisites diff --git a/content/en/security/code_security/iast/setup/compatibility/_index.md b/content/en/security/code_security/iast/setup/compatibility/_index.md index 65afebb76ce91..2aa29e071f358 100644 --- a/content/en/security/code_security/iast/setup/compatibility/_index.md +++ b/content/en/security/code_security/iast/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting App & API Protection" + text: "Troubleshooting Application Security Management" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How App & API Protection Works in Datadog" + text: "How Application Security Management Works in Datadog" --- The following capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/default_rules/_index.md b/content/en/security/default_rules/_index.md index 467d2f1992982..522c2d6f25ed1 100644 --- a/content/en/security/default_rules/_index.md +++ b/content/en/security/default_rules/_index.md @@ -34,11 +34,11 @@ cascade: subcategory: Security Detection Rules --- -Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your App & API Protection library, and the Agent, depending on your configuration. +Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration.
Datadog's Security Research team continuously adds new OOTB security detection rules. While the aim is to deliver high-quality detections with the release of integrations or other new features, the performance of these detections at scale often needs to be observed before making the rule generally available. These rules contain a Beta tag. This gives Datadog's Security Research team time to either refine or deprecate detection opportunities that do not meet Datadog's standards.
-Click the following buttons to filter the detection rules. Security detection rules are available for [App & API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. +Click the following buttons to filter the detection rules. Security detection rules are available for [Application Security Management][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. [1]: /security/detection_rules/ [2]: /security/cloud_siem/ diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 7ad5e644ab627..5bf81efdbc99b 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -22,10 +22,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- @@ -36,16 +36,16 @@ Detection rules define conditional logic that is applied to all ingested logs an ## Out-of-the-box detection rules -Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your App & API Protection library, and the Agent, depending on your configuration. +Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. -- Workload Protection: +- Cloud Security Management (CSM): - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. -- [App & API Protection][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. +- [Application Security Management][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules @@ -59,7 +59,7 @@ To [create custom rules](#create-detection-rules), you can clone the default rul ## Search and filter detection rules -To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Workload Protection, and Cloud SIEM). +To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security Management, and Cloud SIEM). To search and filter the rules, use the search box and facets to query by value. For example, to only show rules for a given rule type, hover over the rule type and select `only`. You can also filter by facets such as `source` and `severity` when investigating and triaging incoming issues. @@ -120,7 +120,7 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - For ASM: Click **Application Security** and then click **Detection Rules**. - - For CSM: Click **Workload Protection** and then click **Threat Detection Rules**. + - For CSM: Click **Cloud Security Management** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. 1. In the rule editor, click **Version History** to see past changes. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 1032b58a67f54..4340782998f52 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -10,7 +10,7 @@ further_reading: text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" --- -This guide walks you through configuring [Workload Protection][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. {{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} @@ -55,24 +55,24 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the
- + - + - +
AWS IAM roles and policies Log ManagementWorkload ProtectionCloud Security Management Cloud SIEM
AWS databases Log ManagementWorkload ProtectionCloud Security Management Cloud SIEM
AWS S3 buckets Log ManagementWorkload ProtectionCloud Security Management Cloud SIEM
-## Workload Protection +## Cloud Security Management ### Prerequisites @@ -80,7 +80,7 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the - Access to AWS Management Console - AWS Fargate ECS or EKS workloads -
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Workload Protection.
+
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security Management.
### Images @@ -362,7 +362,7 @@ In the task definition, replace the "workload" container with the following: - The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment - Datadog APM is configured for your application or service -
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with App & API Protection.
+
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with Application Security Management.
### Installation diff --git a/content/en/security/notifications/_index.md b/content/en/security/notifications/_index.md index 4b88d3c985b1f..f455e717c6583 100644 --- a/content/en/security/notifications/_index.md +++ b/content/en/security/notifications/_index.md @@ -16,10 +16,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index ccd20a4fe4efc..837d1702b3e03 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -15,10 +15,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/variables.md b/content/en/security/notifications/variables.md index eeb1b21a04f77..2bc1b3f587a08 100644 --- a/content/en/security/notifications/variables.md +++ b/content/en/security/notifications/variables.md @@ -13,10 +13,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- @@ -139,7 +139,7 @@ user@domain.com just logged in without MFA from 1.2.3.4. {{% /tab %}} -{{% tab "App & API Protection" %}} +{{% tab "Application Security Management" %}} ```json { diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index dd1f383d644eb..1ed00bc4a4720 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -3,10 +3,10 @@ title: Security Inbox further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Learn more about App & API Protection" + text: "Learn more about Application Security Management" - link: "/security/cloud_security_management" tag: "Documentation" - text: "Learn more about Workload Protection" + text: "Learn more about Cloud Security Management" - link: "/security/default_rules/#all" tag: "Documentation" text: "Out-of-the-box Detection Rules" @@ -14,10 +14,10 @@ further_reading: tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" products: -- name: Workload Protection +- name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from App & API Protection (AAP) and Workload Protection. By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings: - A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. - A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. diff --git a/content/en/security/sensitive_data_scanner/_index.md b/content/en/security/sensitive_data_scanner/_index.md index 349f43784408b..4b68161d3bba5 100644 --- a/content/en/security/sensitive_data_scanner/_index.md +++ b/content/en/security/sensitive_data_scanner/_index.md @@ -93,7 +93,7 @@ Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners Sensitive Data Scanner leverages its [entire rules library][10] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. **Note**: Data stores and their files are only read in your environment—no sensitive data that was scanned is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Workload Protection][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Workload Protection. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security Management. See [Set up Sensitive Data Scanner for Cloud Storage][12] for setup details. diff --git a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md index 2bef7bc5ccd4b..2bf872751a920 100644 --- a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md +++ b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md @@ -82,7 +82,7 @@ To investigate a datastore: - If it is not supposed to be in the bucket, delete the files or move them to an appropriate bucket. - If it is supposed to be in the bucket, complete the following steps to improve your security posture: 1. Click the **Security** tab in the side panel and review the **Misconfigurations** section. - 1. Click on a misconfiguration to see details in Workload Protection. + 1. Click on a misconfiguration to see details in Cloud Security Management. 1. In the **Next Steps** section: 1. Under **Triage**, click the dropdown to change the triage status of the signal. The default status is `OPEN`. 1. Click **Assign Signal** to assign a signal to yourself or another Datadog user. diff --git a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md index 78d0edcf90677..4e94ac62a62d5 100644 --- a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md +++ b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md @@ -85,7 +85,7 @@ You can add a scanner to a new AWS account or an existing AWS account. 1. Select the AWS region in the dropdown menu. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. **Note**: Only users with `api_keys_write` permissions can enable Remote Configuration for individual API keys. 1. If you want to send AWS logs to Datadog, leave **Yes** selected. -1. Select **Yes** if you want to use Datadog Workload Protection. +1. Select **Yes** if you want to use Datadog Cloud Security Management. 1. **Enable Sensitive Data Scanner** is automatically selected by default. This tells CloudFormation to add the AWS Managed SecurityAudit policy to your Datadog AWS Integration role and enable Agentless Scanning to start scanning your cloud data stores. 1. Click **Launch CloudFormation Template**. diff --git a/content/en/security/suppressions.md b/content/en/security/suppressions.md index 761823d6a7931..875a2a8fc7629 100644 --- a/content/en/security/suppressions.md +++ b/content/en/security/suppressions.md @@ -12,7 +12,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threat_intelligence.md b/content/en/security/threat_intelligence.md index e85bb1f5a031d..3b2df4261245e 100644 --- a/content/en/security/threat_intelligence.md +++ b/content/en/security/threat_intelligence.md @@ -14,7 +14,7 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management -- name: App & API Protection +- name: Application Security Management url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index 246f5bfa3d890..4b685d06747e4 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -1,5 +1,5 @@ --- -title: Workload Protection Threats +title: Cloud Security Management Threats aliases: - /security_platform/cloud_workload_security/ - /security/cloud_workload_security/ @@ -9,7 +9,7 @@ aliases: - /security/threats/runtime_anomaly_detection --- -Workload Protection Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. +Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. ## Detect threats to your production workloads in real-time @@ -22,7 +22,7 @@ Workload Protection Threats uses the Datadog Agent to monitor your environment. 3. **DNS Activity Monitoring** to watch network traffic for malicious activity on hosts and containers in real-time. 4. **Kernel Activity Monitoring** to watch for kernel-layer attacks like process hijacking, container breakouts, and more in real-time. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Workload Protection overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} ## Proactively block threats with Active Protection @@ -62,7 +62,7 @@ Datadog is introducing a new feature called Active Protection to address the cry {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Threats{{< /nextlink >}} {{< nextlink href="/security/threats/workload_security_rules">}}Learn about CSM Threats detection rules{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Workload Protection{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} {{< /whatsnext >}} [1]: /security/threats/setup/?tab=kuberneteshelm#prerequisites diff --git a/content/en/security/threats/agent.md b/content/en/security/threats/agent.md index 94e830ad2ebbd..4a990bbba0112 100644 --- a/content/en/security/threats/agent.md +++ b/content/en/security/threats/agent.md @@ -17,7 +17,7 @@ The **Assisted rule creator** option helps you create the Agent and dependent de For details, see [Creating Custom Detection Rules][1]. ## Agent expression syntax -Workload Protection Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: +Cloud Security Management Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: {{< code-block lang="javascript" >}} . [ .] ... diff --git a/content/en/security/threats/investigate_agent_events.md b/content/en/security/threats/investigate_agent_events.md index bb54d6ec88b11..48032ff3512b2 100644 --- a/content/en/security/threats/investigate_agent_events.md +++ b/content/en/security/threats/investigate_agent_events.md @@ -13,7 +13,7 @@ further_reading: text: "Learn more about security notifications" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Workload Protection" + text: "Secure your Windows workloads with Datadog Cloud Security Management" --- diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index 6a4ee0743cb21..f5c7e78af4b90 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -13,12 +13,12 @@ further_reading: text: "Learn more about security notifications" - link: "https://www.datadoghq.com/blog/datadog-csm-windows/" tag: "Blog" - text: "Secure your Windows workloads with Datadog Workload Protection" + text: "Secure your Windows workloads with Datadog Cloud Security Management" --- -[Workload Protection Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. +[Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. -To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Workload Protection. +To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. {{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} diff --git a/content/en/security/threats/supported_linux_distributions.md b/content/en/security/threats/supported_linux_distributions.md index a631d9fcef517..fed1bbb57f1b6 100644 --- a/content/en/security/threats/supported_linux_distributions.md +++ b/content/en/security/threats/supported_linux_distributions.md @@ -2,7 +2,7 @@ title: CSM Threats Supported Linux Distributions --- -Workload Protection Threats supports the following Linux distributions: +Cloud Security Management Threats supports the following Linux distributions: | Linux Distributions | Supported Versions | |---------------------------------------------------------------|-------------------------| @@ -20,7 +20,7 @@ Workload Protection Threats supports the following Linux distributions: - Custom kernel builds are not supported. - The [CSM Threats eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. -- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Workload Protection Threats][1]. +- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Cloud Security Management Threats][1]. - Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported). [1]: /security/cloud_security_management/troubleshooting/threats diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index 57bb6fc4f73aa..beb8b04988006 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -18,7 +18,7 @@ further_reading: text: "Learn more about Security notification variables" --- -This topic explains how Workload Protection Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. +This topic explains how Cloud Security Management Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. ## Proactively block threats with Active Protection diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index f46e05ac1ca7f..9bb40fbd246b6 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -33,7 +33,7 @@ Here are some important [role and permissions][11] to use for custom rules RBAC: ## Policies -Rules are managed and applied using policies. To view policies, go to [Security > Workload Protection > Agent Configuration][3]. +Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security Management > Agent Configuration][3]. You can create and deploy different custom policies containing rules you want to apply to different sets of hosts in your infrastructure. @@ -48,7 +48,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Create a policy -1. Go to [Security > Workload Protection > Agent Configuration][3]. +1. Go to [Security > Cloud Security Management > Agent Configuration][3]. 2. Click **New Policy**. You can also open an existing policy, click **Actions**, and clone it. 3. Enter a name for the policy and click **Create**. The new policy is created and placed as the top priority, but it is not enabled or deployed. @@ -60,7 +60,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Prioritize policies -1. Go to [Security > Workload Protection > Agent Configuration][3]. +1. Go to [Security > Cloud Security Management > Agent Configuration][3]. 2. Click **Determine Priority**. 3. Drag the policies to set their priority. 4. Click **Confirm Reordering**. @@ -75,7 +75,7 @@ When a policy is overridden, the **Overridden** status is displayed. Hover over Tags identify two things: the Agents using the policy and the infrastructure where those Agents apply the policy. For example, if a policy has the tag `cluster_name:mycluster` the Agents in that cluster use the policy on the hosts in that cluster. -1. Go to [Security > Workload Protection > Agent Configuration][3]. +1. Go to [Security > Cloud Security Management > Agent Configuration][3]. 2. Hover over a policy, or open a policy, and click **Apply Tags & Deploy Policy**. 3. Enter tags and click **Apply**. If the policy is enabled, the policy is applied to the tag targets. @@ -116,7 +116,7 @@ As you define the rules using this tool, the threat expressions generated for th To use the Assisted rule creator: -1. Go to [Security > Workload Protection > Agent Configuration][3]. +1. Go to [Security > Cloud Security Management > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Assisted rule creator**. 4. Define the detection. To monitor your resource effectively, you have the following detection type options: @@ -136,7 +136,7 @@ To use the Assisted rule creator: You can create a custom Agent rule and deploy it as part of a new Agent policy. Later, when defining a custom [detection rule][3], you reference the custom Agent rule and add expression parameters. -1. Go to [Security > Workload Protection > Agent Configuration][3]. +1. Go to [Security > Cloud Security Management > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Manual rule creator**. 4. Add a name and description for the rule. diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index d158e565cde42..f2c77c63bc596 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -10,7 +10,7 @@ further_reading: text: "Notification Rules" --- -This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Workload Protection][4], and more specifically cloud configuration and infrastructure configuration signals. +This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security Management (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). diff --git a/content/en/serverless/aws_lambda/_index.md b/content/en/serverless/aws_lambda/_index.md index e5fef65e00cfa..9ca209721de7a 100644 --- a/content/en/serverless/aws_lambda/_index.md +++ b/content/en/serverless/aws_lambda/_index.md @@ -86,7 +86,7 @@ Easily correlate serverless code, configuration, and deployment changes with met {{< whatsnext desc=" ">}} {{< nextlink href="/serverless/aws_lambda/profiling" >}}Continuous Profiler: Enable Datadog's Continuous Profiler to find the exact line of code in your Lambda function that is causing bottlenecks.{{< /nextlink >}} - {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use App & API Protection (AAP) to manage threats to your functions.{{< /nextlink >}} + {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use Application Security Management (ASM) to manage threats to your functions.{{< /nextlink >}} {{< nextlink href="/serverless/deployment_tracking" >}}Deployment Tracking: Track deployments to see when a new version of code or a configuration change causes a regression.{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md index 932787e158b7f..c32bb442c1a41 100644 --- a/content/en/serverless/aws_lambda/configuration.md +++ b/content/en/serverless/aws_lambda/configuration.md @@ -61,7 +61,7 @@ Redeploy the function and invoke it. After a few minutes, it appears in [ASM vie [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc -To see App & API Protection threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: +To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: ```sh curl -H 'My-ASM-Test-Header: acunetix-product' https:/// ``` diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/installation/dotnet.md index aaa97127c1de9..ce99e9c5c2b05 100644 --- a/content/en/serverless/aws_lambda/installation/dotnet.md +++ b/content/en/serverless/aws_lambda/installation/dotnet.md @@ -305,7 +305,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/installation/go.md index 32ae5bd7abf7a..6cf84b71e522d 100644 --- a/content/en/serverless/aws_lambda/installation/go.md +++ b/content/en/serverless/aws_lambda/installation/go.md @@ -166,7 +166,7 @@ func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, er ## Minimize cold start duration Version 67+ of [the Datadog Extension][5] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/installation/java.md index 665811d05458b..2ed5cede85033 100644 --- a/content/en/serverless/aws_lambda/installation/java.md +++ b/content/en/serverless/aws_lambda/installation/java.md @@ -372,7 +372,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][12] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/installation/nodejs.md index e6dc0a6bd1b23..de0e54273478a 100644 --- a/content/en/serverless/aws_lambda/installation/nodejs.md +++ b/content/en/serverless/aws_lambda/installation/nodejs.md @@ -389,7 +389,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/installation/python.md index f8e96bb2abc17..ac1a09ae0c11a 100644 --- a/content/en/serverless/aws_lambda/installation/python.md +++ b/content/en/serverless/aws_lambda/installation/python.md @@ -408,7 +408,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/installation/ruby.md index 5df623df6883c..0d872a443ebd7 100644 --- a/content/en/serverless/aws_lambda/installation/ruby.md +++ b/content/en/serverless/aws_lambda/installation/ruby.md @@ -333,7 +333,7 @@ To install and configure the Datadog Serverless Plugin, follow these steps: ## Minimize cold start duration Version 67+ of [the Datadog Extension][10] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable App & API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/securing_functions.md b/content/en/serverless/aws_lambda/securing_functions.md index 43c3e8340445c..8a7bae7a2cd73 100644 --- a/content/en/serverless/aws_lambda/securing_functions.md +++ b/content/en/serverless/aws_lambda/securing_functions.md @@ -3,17 +3,17 @@ title: Securing Functions further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "App & API Protection" + text: "Application Security Management" - link: "/security/application_security/how-appsec-works" tag: "Documentation" text: "How Application Security Works" --- -[Datadog App & API Protection (AAP)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. +[Datadog Application Security Management (ASM)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. -AAP secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. +ASM secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. -AAP supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. +ASM supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. You can [get started managing threats to your functions with ASM][3] today. diff --git a/content/en/serverless/azure_app_services/azure_app_services_windows.md b/content/en/serverless/azure_app_services/azure_app_services_windows.md index e5854a3474853..716db99f624d6 100644 --- a/content/en/serverless/azure_app_services/azure_app_services_windows.md +++ b/content/en/serverless/azure_app_services/azure_app_services_windows.md @@ -267,7 +267,7 @@ Datadog's Azure App Service Node.js extension supports Azure App Service Web App - `DD_ENV`: Your environment name - `DD_SERVICE`: Your service name (defaults to your Web App name) - `DD_RUNTIME_METRICS_ENABLED`: `true` to enable runtime metrics - - `DD_APPSEC_ENABLED`: `true` to enable [App & API Protection][11] + - `DD_APPSEC_ENABLED`: `true` to enable [Application Security Management][11] See the full list of [optional configuration settings][5]. 6. Select **Save**. This restarts your application. diff --git a/content/en/service_management/incident_management/declare.md b/content/en/service_management/incident_management/declare.md index 093824e76265d..e90f9f71a2efb 100644 --- a/content/en/service_management/incident_management/declare.md +++ b/content/en/service_management/incident_management/declare.md @@ -29,10 +29,10 @@ Incidents created from a monitor will inherit [field values][10] from the monito ## From a Security Signal -Declare an incident directly from a Cloud SIEM or Workload Protection Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Workload Protection. +Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. -Declare an incident from an App & API Protection signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. -For more information, see [Investigate Security Signals][4] for App & API Protection. +Declare an incident from an Application Security Management signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. +For more information, see [Investigate Security Signals][4] for Application Security Management. {{< img src="/service_management/incidents/declare/declare_asm.png" alt="Your image description" style="width:90%;" >}} diff --git a/content/en/software_catalog/navigating.md b/content/en/software_catalog/navigating.md index e7a76ec7db5ef..54ac70b299655 100644 --- a/content/en/software_catalog/navigating.md +++ b/content/en/software_catalog/navigating.md @@ -88,7 +88,7 @@ The **Security tab** provides several ways to assess and improve the security po - Are receiving the most attack attempts. - Are targeted by the most attackers. - Have the most severe threats, where the services are impacted by the attacks. -- Are monitored and protected by [App & API Protection][8] +- Are monitored and protected by [Application Security Management][8] To access additional details describing security vulnerabilities and signals, click on the service row to open a detailed side panel. Alternatively, click on the pop-over **View Service Details** button, which opens the service page, and in turn, its security tab. diff --git a/content/en/software_catalog/use_cases/_index.md b/content/en/software_catalog/use_cases/_index.md index ef9b394afeb85..7e95dfb2e1ca8 100644 --- a/content/en/software_catalog/use_cases/_index.md +++ b/content/en/software_catalog/use_cases/_index.md @@ -12,7 +12,7 @@ Learn how teams use Datadog Software Catalog to centralize knowledge, streamline {{< whatsnext desc=" " >}} {{< nextlink href="/software_catalog/use_cases/api_management/" >}}API Management{{< /nextlink >}} {{< nextlink href="/software_catalog/use_cases/cloud_cost_management" >}}Cloud Cost Management{{< /nextlink >}} - {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}App & API Protection{{< /nextlink >}} + {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}Application Security Management{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dev_onboarding" >}}Developer Onboarding{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dependency_management" >}}Dependency Management{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/production_readiness" >}}Production Readiness{{< /nextlink >}} diff --git a/content/en/software_catalog/use_cases/appsec_management.md b/content/en/software_catalog/use_cases/appsec_management.md index 056a05bd8c755..3adc8eb98c20f 100644 --- a/content/en/software_catalog/use_cases/appsec_management.md +++ b/content/en/software_catalog/use_cases/appsec_management.md @@ -12,7 +12,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Datadog App & API Protection" + text: "Datadog Application Security Management" --- The Software Catalog enables organizations to seamlessly incorporate security into every development stage, ensuring a strong security posture across teams, applications, and systems. diff --git a/content/en/tracing/configure_data_security/_index.md b/content/en/tracing/configure_data_security/_index.md index e61bb57333aa1..48f58d644eecb 100644 --- a/content/en/tracing/configure_data_security/_index.md +++ b/content/en/tracing/configure_data_security/_index.md @@ -226,7 +226,7 @@ The table below describes the default behavior of each language tracing library {{% /tabs %}} -If you use Datadog App & API Protection (AAP), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. +If you use Datadog Application Security Management (ASM), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. ## Agent diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md index 80db74900c5aa..aa7972ce7000d 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md @@ -66,7 +66,7 @@ Refer to the instructions in the section corresponding to your preference below: - Comprehensive tracing coverage: - Instruments your code and all dependencies, including the Go standard library - Instruments your code during compilation, preventing gaps in tracing coverage due to overlooked manual instrumentation -- Exclusive [App & API Protection][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). +- Exclusive [Application Security Management][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). ### Requirements diff --git a/content/en/tracing/trace_collection/library_config/nodejs.md b/content/en/tracing/trace_collection/library_config/nodejs.md index ede087f309f19..88a8fa111fa79 100644 --- a/content/en/tracing/trace_collection/library_config/nodejs.md +++ b/content/en/tracing/trace_collection/library_config/nodejs.md @@ -218,7 +218,7 @@ Remote configuration polling interval in seconds. `DD_APPSEC_ENABLED` : **Configuration**: `appsec.enabled`
**Default**: `false`
-Enable App & API Protection features. +Enable Application Security Management features. `DD_APPSEC_RULES` : **Configuration**: `appsec.rules`
diff --git a/content/en/tracing/trace_explorer/trace_view.md b/content/en/tracing/trace_explorer/trace_view.md index 3af1059d90822..5f24ae7dbbc87 100644 --- a/content/en/tracing/trace_explorer/trace_view.md +++ b/content/en/tracing/trace_explorer/trace_view.md @@ -228,7 +228,7 @@ Click on a service's span to see network dependencies of the service making the See attack attempts that target the services of the distributed trace. You can see the pattern used by the attacker, the rule that detects the attack, and whether the attacker found a vulnerability in your service. -Click **View in ASM** to investigate further using [Datadog App & API Protection][1]. +Click **View in ASM** to investigate further using [Datadog Application Security Management][1]. {{< img src="tracing/trace_view/security_tab.png" alt="Security tab" style="width:90%;">}} diff --git a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md index c8ab552670d04..ab9b6dfc2ec24 100644 --- a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md +++ b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md @@ -849,7 +849,7 @@ Some additional ingestion reasons are attributed to spans that are generated by | Product | Ingestion Reason | Ingestion Mechanism Description | |------------|-------------------------------------|---------------------------------| | Serverless | `lambda` and `xray` | Your traces received from the [Serverless applications][14] traced with Datadog Tracing Libraries or the AWS X-Ray integration. | -| App & API Protection | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | +| Application Security Management | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | | Data Jobs Monitoring | `data_jobs` | Traces ingested from the Datadog Java Tracer Spark integration or the Databricks integration. | ## Ingestion mechanisms in OpenTelemetry diff --git a/content/en/tracing/trace_pipeline/trace_retention.md b/content/en/tracing/trace_pipeline/trace_retention.md index d0cd37d127f11..83065a91e4c3a 100644 --- a/content/en/tracing/trace_pipeline/trace_retention.md +++ b/content/en/tracing/trace_pipeline/trace_retention.md @@ -77,7 +77,7 @@ There are two types of retention filters: The following retention filters are enabled by default: - The `Error Default` retention filter indexes error spans with `status:error`. The retention rate and the query are configurable. For example, to capture production errors, set the query to `status:error, env:production`. Disable the retention filter if you do not want to capture the errors by default. -- The `Application Security Monitoring Default` retention filter is enabled if you are using [App & API Protection][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). +- The `Application Security Monitoring Default` retention filter is enabled if you are using [Application Security Management][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). - The `Synthetics Default` retention filter is enabled if you are using Synthetic Monitoring. It ensures that traces generated from synthetic API and browser tests remain available by default. See [Synthetic APM][15] for more information, including how to correlate traces with synthetic tests. - The `Dynamic Instrumentation Default` retention filter is enabled if you are using [Dynamic Instrumentation][17]. It ensures spans created dynamically with Dynamic instrumentation remain available in the long term by default. From 5ae3957f165538de4d8c7ce84f86caeadebd70b9 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 10:54:13 -0600 Subject: [PATCH 05/28] Cloud Security product rename --- config/_default/menus/main.en.yaml | 4 +- .../billing/product_allotments.md | 4 +- .../en/agent/configuration/dual-shipping.md | 2 +- content/en/all_guides.md | 2 +- .../en/containers/kubernetes/installation.md | 2 +- .../data-collection-resolution-retention.md | 2 +- content/en/getting_started/_index.md | 2 +- .../en/getting_started/devsecops/_index.md | 10 ++--- .../en/getting_started/integrations/aws.md | 4 +- .../integrations/google_cloud.md | 6 +-- content/en/getting_started/security/_index.md | 2 +- .../security/cloud_security_management.md | 6 +-- content/en/glossary/terms/resource.md | 2 +- .../glossary/terms/security_posture_score.md | 2 +- .../containers/container_images.md | 8 ++-- .../infrastructure/resource_catalog/_index.md | 6 +-- .../guide/aws-organizations-setup.md | 4 +- .../azure-architecture-and-configuration.md | 2 +- .../integrations/guide/azure-manual-setup.md | 2 +- content/en/integrations/guide/azure-portal.md | 4 +- .../network_analytics.md | 2 +- content/en/security/_index.md | 8 ++-- content/en/security/audit_trail.md | 2 +- .../cloud_security_management/_index.md | 14 +++---- .../cloud_security_management/guide/_index.md | 8 ++-- .../guide/agent_variables.md | 4 +- .../guide/eBPF-free-agent.md | 2 +- .../guide/public-accessibility-logic.md | 2 +- .../guide/resource_evaluation_filters.md | 12 +++--- .../cloud_security_management/iac_scanning.md | 2 +- .../identity_risks/_index.md | 10 ++--- .../misconfigurations/_index.md | 8 ++-- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/findings/_index.md | 2 +- .../custom_frameworks.md | 2 +- .../misconfigurations/kspm.md | 2 +- .../review_remediate/_index.md | 4 +- .../review_remediate/jira.md | 6 +-- .../review_remediate/mute_issues.md | 2 +- .../review_remediate/workflows.md | 4 +- .../cloud_security_management/setup/_index.md | 20 ++++----- .../setup/agent/_index.md | 4 +- .../setup/agent/docker.md | 2 +- .../setup/agent/ecs_ec2.md | 2 +- .../setup/agent/kubernetes.md | 2 +- .../setup/agent/linux.md | 2 +- .../setup/agent/windows.md | 2 +- .../setup/agentless_scanning/_index.md | 10 ++--- .../agentless_scanning/deployment_methods.md | 2 +- .../setup/agentless_scanning/enable.md | 42 +++++++++---------- .../setup/cloud_integrations.md | 8 ++-- .../setup/cloudtrail_logs.md | 2 +- .../setup/iac_remediation.md | 6 +-- .../setup/iac_scanning/_index.md | 6 +-- .../iac_scanning/iac_scanning_exclusions.md | 2 +- .../without_infrastructure_monitoring.md | 8 ++-- .../severity_scoring.md | 2 +- .../troubleshooting/_index.md | 4 +- .../troubleshooting/threats.md | 2 +- .../troubleshooting/vulnerabilities.md | 4 +- .../vulnerabilities/_index.md | 6 +-- .../hosts_containers_compatibility.md | 4 +- content/en/security/cloud_siem/_index.md | 2 +- .../cloud_siem/entities_and_risk_scoring.md | 2 +- ...p-security-filters-using-cloud-siem-api.md | 2 +- content/en/security/detection_rules/_index.md | 8 ++-- .../guide/aws_fargate_config_guide.md | 12 +++--- content/en/security/notifications/_index.md | 2 +- content/en/security/notifications/rules.md | 2 +- .../en/security/notifications/variables.md | 2 +- content/en/security/security_inbox.md | 6 +-- .../security/sensitive_data_scanner/_index.md | 2 +- .../investigate_sensitive_data_issues.md | 2 +- .../setup/cloud_storage.md | 2 +- content/en/security/threats/_index.md | 4 +- .../en/security/threats/security_signals.md | 2 +- .../workload_security_rules/custom_rules.md | 12 +++--- .../upcoming_changes_notification_rules.md | 2 +- .../incident_management/declare.md | 2 +- .../cloud-siem-aws-setup-cloudformation.en.md | 2 +- .../csm-agentless-azure-resource-manager.md | 4 +- .../shortcodes/csm-agentless-prereqs.en.md | 2 +- layouts/shortcodes/csm-setup-aws.en.md | 2 +- layouts/shortcodes/csm-setup-azure.en.md | 2 +- .../shortcodes/csm-setup-google-cloud.en.md | 2 +- layouts/shortcodes/csm-windows-setup.en.md | 2 +- layouts/shortcodes/semantic-color.en.md | 4 +- 87 files changed, 201 insertions(+), 201 deletions(-) diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index 95991632116ce..2818d11e62745 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -160,7 +160,7 @@ menu: url: getting_started/security/application_security parent: getting_started_security weight: 1701 - - name: Cloud Security Management + - name: Cloud Security identifier: getting_started_cloud_security_management url: getting_started/security/cloud_security_management/ parent: getting_started_security @@ -6132,7 +6132,7 @@ menu: parent: cloud_siem identifier: siem_guides weight: 10 - - name: Cloud Security Management + - name: Cloud Security url: security/cloud_security_management parent: security_platform_heading pre: cloud-security-management diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index bdc0c748f2b62..7504ab67ca6f9 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Cloud Security Management (CSM) | N/A | Sum | +| CSM Enterprise Containers | Cloud Security (CSM) | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | @@ -150,7 +150,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | APM Ingested Spans | APM, APM Pro, APM Enterprise
Serverless APM, Legacy - Serverless Invocations
Legacy - Serverless Functions
Fargate Task (APM Pro), Fargate Task (APM Enterprise) | Sum | Sum | | DBM Normalized Queries | Database Monitoring (DBM) | Average | Average | | Data Streams Monitoring | APM Pro, APM Enterprise | HWMP | Sum | -| CSPM Workflow Executions | Cloud Security Management Pro, Cloud Security Management Enterprise | Sum | Sum | +| CSPM Workflow Executions | Cloud Security Pro, Cloud Security Enterprise | Sum | Sum | | Fargate Task (Continuous Profiler) | Fargate Task (APM Enterprise) | Average | N/A | [1]: https://www.datadoghq.com/pricing/list/ diff --git a/content/en/agent/configuration/dual-shipping.md b/content/en/agent/configuration/dual-shipping.md index 61655031be72a..7fc8d201f60c0 100644 --- a/content/en/agent/configuration/dual-shipping.md +++ b/content/en/agent/configuration/dual-shipping.md @@ -361,7 +361,7 @@ DD_NETWORK_PATH_FORWARDER_ADDITIONAL_ENDPOINTS="[{\"api_key\": \"apiKey2\", \"Ho {{% agent-dual-shipping %}} -## Cloud Security Management Misconfigurations +## Cloud Security Misconfigurations ### YAML configuration diff --git a/content/en/all_guides.md b/content/en/all_guides.md index dcc8093de201a..ff9bd401630ad 100644 --- a/content/en/all_guides.md +++ b/content/en/all_guides.md @@ -44,7 +44,7 @@ Guides in the Datadog documentation are pages that provide background knowledge, {{< whatsnext desc="Security:">}} {{< nextlink href="/security/cloud_siem/guide" >}}    Cloud SIEM{{< /nextlink >}} -{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security Management{{< /nextlink >}} +{{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security{{< /nextlink >}} {{< nextlink href="/security/application_security/guide" >}}    Application Security Management{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/containers/kubernetes/installation.md b/content/en/containers/kubernetes/installation.md index 3faaf564f6c99..bff550ce89566 100644 --- a/content/en/containers/kubernetes/installation.md +++ b/content/en/containers/kubernetes/installation.md @@ -293,7 +293,7 @@ helm uninstall datadog-agent ### Monitor your infrastructure in Datadog Use the [Containers][13] page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see [Containers View][14]. -Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security Management][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. +Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. The [Kubernetes][21] section features an overview of all your Kubernetes resources. [Orchestrator Explorer][22] allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The [Resource Utilization][23] page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see [Orchestrator Explorer][24] and [Kubernetes Resource Utilization][25]. diff --git a/content/en/developers/guide/data-collection-resolution-retention.md b/content/en/developers/guide/data-collection-resolution-retention.md index a340ed0b8feef..eb73ad5bb9217 100644 --- a/content/en/developers/guide/data-collection-resolution-retention.md +++ b/content/en/developers/guide/data-collection-resolution-retention.md @@ -30,7 +30,7 @@ Find below a summary of Datadog data [collection][1], [resolution][2], and reten | Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | 15 months | | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | 15 months | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | 15 months | -| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | +| Cloud Security | Findings | Datadog Cloud Security Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | | CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 ms | 15 months | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | 15 months | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | 15 days | diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index 2fca7185e5b99..c1402f79d23f3 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -121,7 +121,7 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} {{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} -{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security Management: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} +{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} {{< nextlink href="/getting_started/ci_visibility" >}}CI Visibility: Collect CI pipeline data by setting up integrations with your CI providers.{{< /nextlink >}} diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index d6b5339508aab..3b8916381c86c 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -6,7 +6,7 @@ This guide introduces the Infrastructure Monitoring DevSecOps bundles, with link ## Infrastructure DevSecOps -The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security Management (CSM)][3]. +The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security (CSM)][3]. {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} @@ -23,7 +23,7 @@ To get started with Infrastructure DevSecOps Pro, [install and configure the Dat After you install the Agent, configure CSM Pro for your environment. -- [Cloud Security Management Pro][6] +- [Cloud Security Pro][6] ### Next steps @@ -34,7 +34,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: - [Host and Container Maps][9]: Visualize your hosts and containers - [Live Containers][10]: Gain real-time visibility into all containers across your environment - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless applications -- [Cloud Security Management][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security][11]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ @@ -64,7 +64,7 @@ To get started with Infrastructure DevSecOps Enterprise, [install and configure After you install the Agent, configure CSM Enterprise for your environment. -- [Cloud Security Management Enterprise][8] +- [Cloud Security Enterprise][8] ### Next steps @@ -78,7 +78,7 @@ Learn more about the features included with Infrastructure DevSecOps Enterprise: - [Live Processes][14]: Gain real-time visibility into the process running on your infrastructure - [Serverless][2]: Gain full visibility into all of the managed services that power your serverless - [Watchdog][15]: Automatically detect potential application and infrastructure issues -- [Cloud Security Management][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure +- [Cloud Security][16]: Real-time threat detection and continuous configuration audits across your entire cloud infrastructure [1]: /containers/ [2]: /serverless/ diff --git a/content/en/getting_started/integrations/aws.md b/content/en/getting_started/integrations/aws.md index 9dfdb5f22c452..d74888d0962e9 100644 --- a/content/en/getting_started/integrations/aws.md +++ b/content/en/getting_started/integrations/aws.md @@ -114,7 +114,7 @@ Before getting started, ensure you have the following prerequisites: a. Select the AWS regions to integrate with. b. Add your Datadog [API key][9]. c. Optionally, send logs and other data to Datadog with the [Datadog Forwarder Lambda][1]. - d. Optionally, enable [Cloud Security Management Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + d. Optionally, enable [Cloud Security Misconfigurations][54] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. 5. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack. All the parameters are filled in based on your selections in the prior Datadog form, so you do not need to edit those unless desired. **Note:** The `DatadogAppKey` parameter enables the CloudFormation stack to make API calls to Datadog to add and edit the Datadog configuration for this AWS account. The key is automatically generated and tied to your Datadog account. @@ -208,7 +208,7 @@ Additionally, you can use [Watchdog][49], an algorithmic feature for APM perform Review [Getting Started with Cloud SIEM][50] to evaluate your logs against the out-of-the-box [Log Detection Rules][51]. These rules are customizable, and when threats are detected, they generate security signals which can be accessed on the [Security Signals Explorer][52]. To ensure that the correct team is notified, use [Notification Rules][53] to configure notification preferences across multiple rules. -#### Cloud Security Management Misconfigurations +#### Cloud Security Misconfigurations Use the [Setting Up CSM Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index 967240d379d7e..e4277c5c54c68 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -272,10 +272,10 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo {{< img src="integrations/google_cloud_platform/security_findings.png" alt="The security findings tab in the Google Cloud integration tile" style="width:90%;" >}} -### Cloud Security Management +### Cloud Security -Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. -Check out the [Setting up Cloud Security Management guide][49] to get started. +Datadog Cloud Security (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. +Check out the [Setting up Cloud Security guide][49] to get started. After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. diff --git a/content/en/getting_started/security/_index.md b/content/en/getting_started/security/_index.md index 72ea4a0d562e4..f448d59c59e2a 100644 --- a/content/en/getting_started/security/_index.md +++ b/content/en/getting_started/security/_index.md @@ -4,7 +4,7 @@ title: Getting Started with Security {{< whatsnext desc=" " >}} {{< nextlink href="getting_started/security/application_security" tag="documentation" >}}Getting Started with Application Security{{< /nextlink >}} - {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="getting_started/security/cloud_security_management" tag="documentation" >}}Getting Started with Cloud Security{{< /nextlink >}} {{< nextlink href="getting_started/security/cloud_siem" tag="documentation" >}}Getting Started with Cloud SIEM{{< /nextlink >}} {{< nextlink href="getting_started/code_security" tag="documentation" >}}Getting Started with Code Security{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index dd2267d8b4ded..96d38171b5c7b 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -1,11 +1,11 @@ --- -title: Getting Started with Cloud Security Management +title: Getting Started with Cloud Security aliases: - /getting_started/cloud_security_management further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Cloud Security Management" + text: "Cloud Security" - link: "/infrastructure/resource_catalog/schema/" tag: "Documentation" text: "Cloud Resources Schema Reference" @@ -28,7 +28,7 @@ further_reading: ## Overview -[Datadog Cloud Security Management][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +[Datadog Cloud Security][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. diff --git a/content/en/glossary/terms/resource.md b/content/en/glossary/terms/resource.md index e18414965a8c0..198e16aa5642a 100644 --- a/content/en/glossary/terms/resource.md +++ b/content/en/glossary/terms/resource.md @@ -6,4 +6,4 @@ core_product: --- 1. In APM, a resource is a particular domain of an application, typically an instrumented web endpoint, database query, or background job. 2. In RUM, a resource is a type of event. A resource event is generated for images, XHR, Fetch, CSS, or JS libraries loaded on a page. -3. In Cloud Security Management Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file +3. In Cloud Security Misconfigurations, a resource is a configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies. \ No newline at end of file diff --git a/content/en/glossary/terms/security_posture_score.md b/content/en/glossary/terms/security_posture_score.md index 0ea060ace1d06..772b27726204e 100644 --- a/content/en/glossary/terms/security_posture_score.md +++ b/content/en/glossary/terms/security_posture_score.md @@ -10,7 +10,7 @@ core_product: {{< jqmath-vanilla >}} -Available for [Cloud Security Management Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. +Available for [Cloud Security Misconfigurations][3], the security posture score represents the percentage of your environment that satisfies all of your active Datadog out-of-the-box [Cloud][1] and [Infrastructure][2] compliance rules. **Formula**: diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index 334b251b2f817..d4a146cc4068c 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -6,18 +6,18 @@ further_reading: text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" - link: "/security/cloud_security_management/vulnerabilities" tag: "Documentation" - text: "Cloud Security Management Vulnerabilities" + text: "Cloud Security Vulnerabilities" - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" text: "Enable SBOM collection in CSM Vulnerabilities" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities/" tag: "Documentation" - text: "Troubleshooting Cloud Security Management Vulnerabilities" + text: "Troubleshooting Cloud Security Vulnerabilities" --- ## Overview -The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security Management][2] (CSM) to help you streamline your security efforts. +The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security][2] (CSM) to help you streamline your security efforts. {{< img src="security/vulnerabilities/container_images.png" alt="The container images view highlighting vulnerabilities and container column sort feature" width="100%">}} @@ -35,7 +35,7 @@ To enable live container collection, see the [containers][3] documentation. It p ### Image collection -Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security Management][8] (CSM) vulnerabilities. +Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security][8] (CSM) vulnerabilities. #### Enable container image collection diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 0d59b14b7922d..8c61e69872227 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -8,7 +8,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Cloud Security Management Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/threats/" tag: "Documentation" text: "Cloud Security Management Threats" @@ -54,13 +54,13 @@ Resource Catalog leverages Datadog cloud integrations and the Datadog Agent to g ## Setup -By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security Management][1] for each cloud account. +By default, when you navigate to the Resource Catalog, you are able to see Datadog Agent monitored hosts, as well as cloud resources crawled for other Datadog products such as CNM (Cloud Network Monitoring), and DBM (Database Monitoring). To view additional cloud resources in the Resource Catalog, extend resource collection from the [Resource Catalog][5] setup page. To gain insights into your security risks, enable [Cloud Security][1] for each cloud account. {{< img src="/infrastructure/resource_catalog/resource-catalog-doc-img-2.png" alt="The Resource Catalog configuration page for extending resource collection" width="100%">}} **Note**: - Extending resource collection does _not_ incur additional costs. The Resource Catalog is a free product for Infrastructure Monitoring customers. -- Enabling Cloud Security Management automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. +- Enabling Cloud Security automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. ## Browse the Resource Catalog diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index 27fc1425d96fd..ba3d2943276fd 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -32,7 +32,7 @@ The Datadog CloudFormation StackSet performs the following steps: 1. Deploys the Datadog AWS CloudFormation Stack in every account under an AWS Organization or Organizational Unit. 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. -4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Management Misconfigurations (CSM Misconfigurations) specific use cases. +4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Misconfigurations (CSM Misconfigurations) specific use cases. 5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -60,7 +60,7 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - Select your Datadog APP key on Datadog AWS integration configuration page and use it in the `DatadogAppKey` parameter in the StackSet. - *Optionally:* - a. Enable [Cloud Security Management Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + a. Enable [Cloud Security Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. 3. **Configure StackSet options** diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index 463c1fb4dceb7..c3db5bfa7734c 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -117,7 +117,7 @@ The implications of restricting access below the Monitoring Reader role are: - Partial or total loss of monitoring data - Partial or total loss of metadata in the form of tags on your resource metrics - - Partial or total loss of data for [Cloud Security Management Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] + - Partial or total loss of data for [Cloud Security Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] - Partial or total loss of Datadog-generated metrics The implications of restricting or omitting the Azure AD roles are: diff --git a/content/en/integrations/guide/azure-manual-setup.md b/content/en/integrations/guide/azure-manual-setup.md index 968ea1f3cafb5..8b645c98459ca 100644 --- a/content/en/integrations/guide/azure-manual-setup.md +++ b/content/en/integrations/guide/azure-manual-setup.md @@ -172,7 +172,7 @@ A form to create a new app registration is displayed: **Note**: If you've selected to monitor individual subscriptions rather than a management group, select the subscriptions to monitor from the **Subscriptions to monitor** dropdown. -13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security Management][17]. +13. Select your Datadog site, as well as any other integration configuration options, such as host filters and whether to collect resources for [Cloud Security][17]. 14. Click **Review + create**, then click **Create**. diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index f3161c2c7d145..63deb7747660f 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -298,9 +298,9 @@ The Azure portal provides a read-only view of the API keys. To manage the keys, The Azure Datadog integration allows you to install the Datadog Agent on a VM or app service. If there is no default key selected, a Datadog Agent installation fails. -### Cloud Security Management Misconfigurations +### Cloud Security Misconfigurations -Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Management Misconfigurations (CSM Misconfigurations)][8]. +Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Misconfigurations (CSM Misconfigurations)][8]. By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. diff --git a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md index e6c3f69b790b5..3a4d2ca7c659c 100644 --- a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md +++ b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md @@ -380,7 +380,7 @@ The top of the sidepanel displays common client and server tags shared by the in ### Security -The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. +The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. ## Further Reading diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 777940865836a..7042287079fca 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -87,7 +87,7 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security Management](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. ## Application Security @@ -106,13 +106,13 @@ In addition to threat detection, Datadog provides end-to-end code and library vu {{< img src="security/security_monitoring/cloud_siem_overview_2.png" alt="The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends" width="100%">}} -## Cloud Security Management +## Cloud Security -[Cloud Security Management (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. +[Cloud Security (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues" width="100%">}} To get started with Datadog Security, navigate to the [**Security** > **Setup**][9] page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform. diff --git a/content/en/security/audit_trail.md b/content/en/security/audit_trail.md index 8b859045548ad..d1870700f7e93 100644 --- a/content/en/security/audit_trail.md +++ b/content/en/security/audit_trail.md @@ -12,7 +12,7 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index fec15e1193069..0656b01db1141 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management +title: Cloud Security aliases: - /security_platform/cloud_security_management/ further_reading: @@ -46,14 +46,14 @@ algolia: tags: ['csm', 'cloud security management', 'inbox'] cascade: algolia: - subcategory: Cloud Security Management + subcategory: Cloud Security --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} -Datadog Cloud Security Management (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +Datadog Cloud Security (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. @@ -64,7 +64,7 @@ CSM leverages both the Datadog Agent and Agentless. It includes a variety of fea - [**Identity Risks**][8]: Provides in-depth visibility into your organization's AWS IAM, Azure, and GCP risks, and enables you to detect and resolve identity risks on an ongoing basis. - [**Vulnerabilities**][9]: Continuously detect, prioritize, and remediate exploitable vulnerabilities in your container images, host images, and hosts running in your infrastructure. -{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security Management in Datadog" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="Cloud Security in Datadog" width="100%">}} {{< partial name="security-platform/CSW-billing-note.html" >}} @@ -96,7 +96,7 @@ Use the [Resource Catalog][12] to view specific misconfigurations and threats th ## Subscribe to weekly digest reports -Receive a weekly summary of Cloud Security Management activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. +Receive a weekly summary of Cloud Security activity over the past week, including important new security issues discovered in the last seven days. Subscriptions to the weekly digest report are managed on a per user basis. To [subscribe to the weekly digest report][11], you must have the `security_monitoring_signals_read` permission. ## Learn about emerging threats and vulnerabilities @@ -104,7 +104,7 @@ Use the [Security Research Feed][15] to stay current with the latest security de ## Next steps -To get started with CSM, navigate to the [**Cloud Security Management Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security Management][10]. +To get started with CSM, navigate to the [**Cloud Security Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security][10]. ## Further reading diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 7ce4a811022a6..601f6a72ee00a 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Guides +title: Cloud Security Guides disable_toc: true aliases: - /security_platform/cloud_workload_security/guide/ @@ -7,9 +7,9 @@ aliases: --- -{{< whatsnext desc="Cloud Security Management (CSM) Guides" >}} - {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security Management{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Management Agent Variables{{< /nextlink >}} +{{< whatsnext desc="Cloud Security (CSM) Guides" >}} + {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Agent Variables{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="CSM Threats Guides" >}} diff --git a/content/en/security/cloud_security_management/guide/agent_variables.md b/content/en/security/cloud_security_management/guide/agent_variables.md index 530e90e24de6d..6a1fd3025a17e 100644 --- a/content/en/security/cloud_security_management/guide/agent_variables.md +++ b/content/en/security/cloud_security_management/guide/agent_variables.md @@ -1,10 +1,10 @@ --- -title: Cloud Security Management Agent Variables +title: Cloud Security Agent Variables aliases: - /security/cloud_security_management/setup/agent_variables --- -The Datadog Agent has several environment variables that can be enabled for Cloud Security Management. This article describes the purpose of each environment variable. +The Datadog Agent has several environment variables that can be enabled for Cloud Security. This article describes the purpose of each environment variable. diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index fd8658a2458e2..22d8372032c17 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -152,7 +152,7 @@ runtime_security_config: Ensure you perform the following configuration requirements before deploying the Agent: 1. Customize the [Agent Installation Instructions][5] before proceeding with the installation. -2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security Management on the Agent][4]. +2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security on the Agent][4]. 3. Specify additional configurations from the previous **eBPF-less agent setup** sections to install the custom version and enable eBPF-less mode. diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 3bbc335342f22..9b0d7d12722f2 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -13,7 +13,7 @@ Datadog uses a graph processing framework to map relationships between cloud res ## Resource dependency graph -The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Management Misconfigurations resource relationships graph. +The following diagrams show how related resources are used to determine whether other resources are publicly accessible. For example, an AWS CloudTrail Trail stored in a public Amazon S3 bucket is itself publicly accessible. If a resource is publicly accessible because of another resource, the relationship is shown in the Cloud Security Misconfigurations resource relationships graph. **Note**: Not all resources with the Publicly Accessible attribute are shown in these diagrams. diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index e74ff2f65f802..0a1675728443c 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -3,13 +3,13 @@ title: Use Filters to Exclude Resources from Evaluation further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Cloud Security Guides - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: Setting Up Cloud Security Management + text: Setting Up Cloud Security --- -You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security Management (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. +You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. **Notes**: @@ -37,7 +37,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **AWS** section. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon for the account you want to add the filter to. 4. Enter a comma-separated list of `key:value` pairs for the tags you want to allowlist or blocklist. @@ -48,7 +48,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **Azure** section. 3. Expand a subscription. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. @@ -60,7 +60,7 @@ The allowlist enables you to specify tags that must be applied to a resource in {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup** page][1], click **Cloud accounts**. +1. On the [**Cloud Security Setup** page][1], click **Cloud accounts**. 2. Expand the **GCP** section. 3. Expand a project. 3. Under **Resource Evaluation Filters (Optional)**, click the **Plus** (+) icon. diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index 7b4712f38006d..658fec7e692d7 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -10,7 +10,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security Management. +Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security.
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 84165c8f31223..91eb9fab1141d 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -1,14 +1,14 @@ --- -title: Cloud Security Management Identity Risks +title: Cloud Security Identity Risks aliases: - /security/identity_risks/ further_reading: - link: "/security/cloud_security_management/" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Cloud Security" - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting Up Cloud Security Management" + text: "Setting Up Cloud Security" - link: "https://www.datadoghq.com/blog/datadog-ciem/" tag: "Blog" text: "Find and remediate identity risks with Datadog CIEM" @@ -26,7 +26,7 @@ further_reading: text: "Detect cross-account access risks in AWS with Datadog" --- -Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. +Cloud Security Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles.
CSM Identity Risks is available for AWS, Azure, and GCP.
@@ -48,7 +48,7 @@ Click **View Suggested Policy** to view a suggested downsized policy based on th {{< img src="security/identity_risks/downsized_policy.png" alt="Review suggestions for downsizing a policy on the Suggested downsized policy dialog" width="100%">}} -To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Management Issues][2] for more information. +To remediate the identity risk, click **Fix in AWS** to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click **Add Jira issue**. See [Create Jira Issues for Cloud Security Issues][2] for more information. {{< img src="security/identity_risks/side_panel_action_buttons_2.png" alt="Remediate identity risks using the action buttons on the side panel" width="100%">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 729264e474a67..741d2c1ca3832 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Misconfigurations +title: Cloud Security Misconfigurations aliases: - /security_platform/cspm/ - /security/cspm/#glossary @@ -9,7 +9,7 @@ algolia: tags: ['cspm'] --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. +Cloud Security Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. ## Detect misconfigurations across your cloud resources @@ -19,7 +19,7 @@ View a high-level overview of your security posture on the [Overview page][1]. E CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks @@ -57,7 +57,7 @@ You can also [create a Jira issue][15] and assign it to a team, use Terraform re {{< whatsnext >}} {{< nextlink href="/security/cloud_security_management/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security{{< /nextlink >}} {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for CSM Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for CSM Misconfigurations{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index 4b65a14a2046e..bebc5c56f91c7 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -18,7 +18,7 @@ further_reading: text: Misconfigurations Reports --- -Cloud Security Management Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. +Cloud Security Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 3b2db536a18b9..2cec1f37e6099 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -14,7 +14,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -The Cloud Security Management Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: +The Cloud Security Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: - Review the detailed configuration of a resource. - Review the compliance rules applied to your resources by CSM Misconfigurations. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index ab241bff2f753..8cc4282a69a44 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -17,7 +17,7 @@ further_reading: text: "Securing Datadog's cloud infrastructure: Our playbook and methodology" --- -With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security Management (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. +With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. 1. On the [CSM Compliance page][6], click **Create Framework**. 1. Enter the following details: diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index b4060bfc9e4bb..33c7dddf6e0b3 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -11,7 +11,7 @@ further_reading: text: "Create Custom Rules" --- -Kubernetes Security Posture Management (KSPM) for Cloud Security Management (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). +Kubernetes Security Posture Management (KSPM) for Cloud Security (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). ## Setting up KSPM diff --git a/content/en/security/cloud_security_management/review_remediate/_index.md b/content/en/security/cloud_security_management/review_remediate/_index.md index 38ebd3a1c4628..e96570e570284 100644 --- a/content/en/security/cloud_security_management/review_remediate/_index.md +++ b/content/en/security/cloud_security_management/review_remediate/_index.md @@ -4,7 +4,7 @@ disable_toc: true --- {{< whatsnext desc="" >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/mute_issues" >}}Mute Issues in Cloud Security{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/review_remediate/workflows" >}}Automate Security Workflows with Workflow Automation{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Management Issues{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/review_remediate/jira" >}}Create Jira Issues for Cloud Security Issues{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index ec68565f557f1..9b4e93ac83341 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -1,9 +1,9 @@ --- -title: Create Jira Issues for Cloud Security Management Issues +title: Create Jira Issues for Cloud Security Issues further_reading: - link: "/security/cloud_security_management/guide" tag: "Documentation" - text: Cloud Security Management Guides + text: Cloud Security Guides - link: "/integrations/jira/" tag: "Documentation" text: Datadog Jira Integration @@ -20,7 +20,7 @@ products: {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security Management (CSM) security issue. Jira for Cloud Security Management is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security (CSM) security issue. Jira for Cloud Security is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. **Notes**: - To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. diff --git a/content/en/security/cloud_security_management/review_remediate/mute_issues.md b/content/en/security/cloud_security_management/review_remediate/mute_issues.md index 71053fbafcba8..d540ca5438359 100644 --- a/content/en/security/cloud_security_management/review_remediate/mute_issues.md +++ b/content/en/security/cloud_security_management/review_remediate/mute_issues.md @@ -1,5 +1,5 @@ --- -title: Mute Issues in Cloud Security Management +title: Mute Issues in Cloud Security further_reading: - link: "security/default_rules" tag: "Documentation" diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 701d2e6197b39..e43c9b01554e0 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -3,7 +3,7 @@ title: Automate Security Workflows with Workflow Automation further_reading: - link: "/security/cloud_security_management" tag: "Documentation" - text: Cloud Security Management + text: Cloud Security - link: "/service_management/workflows/" tag: "Documentation" text: Workflow Automation @@ -29,7 +29,7 @@ products: [Datadog Workflow Automation][1] allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools. -Use Workflow Automation with [Cloud Security Management (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). +Use Workflow Automation with [Cloud Security (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). ## Understanding how triggers and sources work diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 007a3731effc9..085df8c23ccfb 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management +title: Setting up Cloud Security aliases: - /security_platform/cloud_workload_security/getting_started - /security/cloud_workload_security/getting_started @@ -23,12 +23,12 @@ further_reading: text: "AWS Fargate Configuration Guide for Datadog Security" - link: "/security/cloud_security_management/guide/agent_variables/" tag: "Guide" - text: "Cloud Security Management Agent Variables" + text: "Cloud Security Agent Variables" --- ## Overview -To get started with Cloud Security Management (CSM), review the following: +To get started with Cloud Security (CSM), review the following: - [Overview](#overview) - [Enable Agentless Scanning](#enable-agentless-scanning) @@ -43,13 +43,13 @@ To get started with Cloud Security Management (CSM), review the following: ## Enable Agentless Scanning -The simplest way to get started with Cloud Security Management is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. +The simplest way to get started with Cloud Security is by [enabling Agentless Scanning][1]. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent. -To learn more about Agentless Scanning, see [Cloud Security Management Agentless Scanning][2]. +To learn more about Agentless Scanning, see [Cloud Security Agentless Scanning][2]. ## Deploy the Agent for additional coverage -For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security Management on the Agent][3]. +For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see [Setting up Cloud Security on the Agent][3].
@@ -120,19 +120,19 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to ### AWS CloudTrail Logs -Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security Management][4]. +Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security][4]. ### IaC scanning -Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security Management][10]. +Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see [Setting up IaC Scanning for Cloud Security][10]. ### IaC remediation -Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security Management][5]. +Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see [Setting up IaC Remediation for Cloud Security][5]. ### Deploy via cloud integrations -Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security Management via Cloud Integrations][7]. +Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security via Cloud Integrations][7]. ## Disable CSM diff --git a/content/en/security/cloud_security_management/setup/agent/_index.md b/content/en/security/cloud_security_management/setup/agent/_index.md index 7841b87598b99..6ac1eb6632517 100644 --- a/content/en/security/cloud_security_management/setup/agent/_index.md +++ b/content/en/security/cloud_security_management/setup/agent/_index.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management on the Agent +title: Deploying Cloud Security on the Agent type: multi-code-lang aliases: - /security/cloud_security_management/setup/csm_cloud_workload_security/agent @@ -7,7 +7,7 @@ aliases: - /security/cloud_security_management/setup/csm_enterprise/agent --- -Use the following instructions to enable Cloud Security Management features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. +Use the following instructions to enable Cloud Security features—Misconfigurations, Threat Detection, and Vulnerability Management—on the Datadog Agent. {{< partial name="security-platform/CSW-billing-note.html" >}} diff --git a/content/en/security/cloud_security_management/setup/agent/docker.md b/content/en/security/cloud_security_management/setup/agent/docker.md index c7e358398cded..d495ec05c6763 100644 --- a/content/en/security/cloud_security_management/setup/agent/docker.md +++ b/content/en/security/cloud_security_management/setup/agent/docker.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Docker +title: Setting up Cloud Security on Docker code_lang: docker type: multi-code-lang code_lang_weight: 65 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md index c6ee9a3727f65..5cfbc387fa54c 100644 --- a/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md +++ b/content/en/security/cloud_security_management/setup/agent/ecs_ec2.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on ECS EC2 +title: Setting up Cloud Security on ECS EC2 code_lang: ecs_ec2 type: multi-code-lang code_lang_weight: 70 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/kubernetes.md b/content/en/security/cloud_security_management/setup/agent/kubernetes.md index 65438f39dd801..5fac5efd128ac 100644 --- a/content/en/security/cloud_security_management/setup/agent/kubernetes.md +++ b/content/en/security/cloud_security_management/setup/agent/kubernetes.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Kubernetes +title: Setting up Cloud Security on Kubernetes code_lang: kubernetes type: multi-code-lang code_lang_weight: 60 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/linux.md b/content/en/security/cloud_security_management/setup/agent/linux.md index 0bf00bec067e2..815b65b1150bf 100644 --- a/content/en/security/cloud_security_management/setup/agent/linux.md +++ b/content/en/security/cloud_security_management/setup/agent/linux.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Linux +title: Setting up Cloud Security on Linux code_lang: linux type: multi-code-lang code_lang_weight: 80 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agent/windows.md b/content/en/security/cloud_security_management/setup/agent/windows.md index 727b62b1826ac..8964fde4cc770 100644 --- a/content/en/security/cloud_security_management/setup/agent/windows.md +++ b/content/en/security/cloud_security_management/setup/agent/windows.md @@ -1,5 +1,5 @@ --- -title: Setting up Cloud Security Management on Windows +title: Setting up Cloud Security on Windows code_lang: windows type: multi-code-lang code_lang_weight: 75 # a number that represents relative weight. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index 2ca491d5d1a0c..a8c93c2a5be95 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Agentless Scanning +title: Cloud Security Agentless Scanning aliases: - /security/agentless_scanning - /security/cloud_security_management/agentless_scanning @@ -10,7 +10,7 @@ further_reading: --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview @@ -27,7 +27,7 @@ The following diagram illustrates how Agentless Scanning works: 1. Datadog schedules a scan and sends which resources to scan through Remote Configuration. - **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security Management enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. + **Note**: Scheduled scans ignore hosts that already have the [Datadog Agent installed with Cloud Security enabled](#agentless-scanning-with-existing-agent-installations). Datadog schedules a continuous re-scanning of resources every 12 hours to provide up-to-date insights into potential vulnerabilities and weaknesses. 2. For Lambda functions, the scanners fetch the function's code. 3. The scanner creates snapshots of volumes used in running VM instances. These snapshots serve as the basis for conducting scans. Using the snapshots, or the code, the scanner generates a list of packages. @@ -67,7 +67,7 @@ To further mitigate this risk, Datadog implements the following security measure When installed, the Datadog Agent offers real-time, deep visibility into risks and vulnerabilities that exist in your cloud workloads. It is recommended to fully install the Datadog Agent. -As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security Management offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. +As a result, Agentless Scanning excludes resources from its scans that have the Datadog Agent installed and configured for [Vulnerability Management][5]. In this way, Cloud Security offers complete visibility of your risk landscape without overriding the benefits received from installing the Datadog Agent with Vulnerability Management. The following diagram illustrates how Agentless scanning works with existing Agent installations: @@ -83,7 +83,7 @@ If you have [Sensitive Data Scanner][8] enabled, you can catalog and classify se Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners][1] in your cloud environments. These scanning instances retrieve a list of all S3 buckets and RDS instances through [Remote Configuration][10], and have set instructions to scan text files—such as CSVs and JSONs—and tables in every datastore over time. Sensitive Data Scanner leverages its [entire rules library][11] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. Data stores and their files are only read in your environment—no sensitive data is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security][9] affecting the sensitive datastores. You can click any issue to continue triage and remediation within Cloud Security. ## Cloud service provider cost diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md index d46c77e3de13f..64cd521e31a84 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/deployment_methods.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Cloud Security Agentless Scanning" --- There are two recommended ways to deploy Agentless scanners in your environment, either using cross-account scanning, or same account scanning. diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md index d5f879799bdc3..1577a70958e81 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/enable.md @@ -10,14 +10,14 @@ aliases: further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/agentless_scanning" tag: "Documentation" - text: "Cloud Security Management Agentless Scanning" + text: "Cloud Security Agentless Scanning" --- {{< site-region region="gov" >}} -
Agentless Scanning for Cloud Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
Agentless Scanning for Cloud Security is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} Agentless Scanning provides visibility into vulnerabilities that exist within your cloud infrastructure, without requiring you to install the Datadog Agent. To learn more about Agentless Scanning's capabilities and how it works, see the [Agentless Scanning][12] docs. @@ -71,10 +71,10 @@ To enable Agentless Scanning, use one of the following workflows: ### Quick start -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration. {{% collapse-content title="Quick start setup guide" level="h4" id="quick-start-setup" %}} -Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security Management, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security Management features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management. +Designed for new users, the quick start workflow offers an efficient setup process for Cloud Security, enabling immediate monitoring of AWS resources. It uses AWS CloudFormation to automate the configuration, and includes the Cloud Security features: Misconfigurations, Identity Risks (CIEM), and Vulnerability Management.
This article provides instructions for the new user quick start workflow that uses AWS CloudFormation to set up Agentless Scanning. For existing users who want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, see the instructions for @@ -86,9 +86,9 @@ For existing users who want to add a new AWS account or enable Agentless Scannin ##### Installation -1. On the [Intro to Cloud Security Management][4] page, click **Get Started with Cloud Security Management**. +1. On the [Intro to Cloud Security][4] page, click **Get Started with Cloud Security**. 1. Click **Quick Start**. The **Features** page is displayed, showing the features included with Agentless Scanning Quick Start. -1. Click **Start Using Cloud Security Management** to continue. +1. Click **Start Using Cloud Security** to continue. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. 1. Choose whether to enable **Sensitive Data Scanner** for cloud storage. This automatically catalogs and classifies sensitive data in Amazon S3 resources. @@ -109,7 +109,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -126,14 +126,14 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud The [Terraform Datadog Agentless Scanner module][6] provides a simple and reusable configuration for installing the Datadog Agentless scanner. {{% collapse-content title="Terraform setup guide" level="h4" id="terraform-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. +If you've already [set up Cloud Security][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated cloud account, you can use either Terraform, [AWS CloudFormation][2], or [Azure Resource Manager][5]. This article provides detailed instructions for the Terraform approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
{{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Under **Choose a method for adding your AWS account**, select **Manually**. 1. Follow the instructions for installing the [Datadog Agentless Scanner module][2]. @@ -148,7 +148,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > AWS**. 1. Click the **Edit scanning** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. **Enable Resource Scanning** should already be toggled on. If it isn't, toggle **Enable Resource Scanning** to the on position. 1. In the **How would you like to set up Agentless Scanning?** section, select **Terraform**. @@ -163,7 +163,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing Azure subscription" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations > Azure**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations > Azure**. 1. Expand the Tenant containing the subscription where you want to deploy the Agentless scanner. 1. Click the **Enable** button for the Azure subscription where you want to deploy the Agentless scanner. 1. Toggle **Vulnerability Scanning** to the on position. @@ -183,7 +183,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations**, and then expand the **AWS** or **Azure** section. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. @@ -210,9 +210,9 @@ For usage examples, refer to our [Github repository](https://github.com/DataDog/ Use the AWS CloudFormation template to create a CloudFormation stack. The template includes the IAM permissions required to deploy and manage Agentless scanners. {{% collapse-content title="AWS CloudFormation setup guide" level="h4" id="aws-cloudformation-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. +If you've already [set up Cloud Security][10] and want to add a new cloud account or enable [Agentless Scanning][1] on an existing integrated AWS account, you can use either [Terraform][7] or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach. -
If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
+
If you're setting up Cloud Security for the first time, you can follow the quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -223,7 +223,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{< tabs >}} {{% tab "New AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations** > **AWS**. 1. At the bottom of the AWS section, click **Add AWS accounts by following these steps**. The **Add New AWS Account(s)** dialog is displayed. 1. Select the AWS region where you want to create the CloudFormation stack. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. @@ -236,7 +236,7 @@ If you've already [set up Cloud Security Management][10] and want to add a new c {{% tab "Existing AWS account" %}} -1. On the [Cloud Security Management Setup][1] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][1] page, click **Cloud Integrations** > **AWS**. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) for the AWS account where you want to deploy the Agentless scanner. 1. Verify that **Enable Resource Scanning** is toggled on. If it isn't, switch the **Enable Resource Scanning** toggle to the on position and complete Steps 3-7 in [New AWS Account][2]. 1. In the **Agentless Scanning** section, toggle **Enable Vulnerability Management (Host, Container and Lambda)** to the on position. @@ -264,7 +264,7 @@ Datadog recommends updating the CloudFormation stack regularly, so you can get a ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **AWS**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **AWS**. 1. To disable Agentless Scanning for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle the **Agentless Scanning** section to the off position. 1. Click **Done**. @@ -280,7 +280,7 @@ To uninstall Agentless Scanning, log in to your AWS console and delete the Cloud Use the Azure Resource Manager template to deploy the Agentless Scanner. The template includes the role definitions required to deploy and manage Agentless scanners. {{% collapse-content title="Azure Resource Manager setup guide" level="h4" id="azure-resource-manager-setup" %}} -If you've already [set up Cloud Security Management][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach. +If you've already [set up Cloud Security][10] and want to add a new Azure subscription or enable [Agentless Scanning][1] on an existing integrated Azure subscription, you can use either [Terraform][7] or Azure Resource Manager. This article provides detailed instructions for the Azure Resource Manager approach.
Running Agentless scanners incurs additional costs. To optimize these costs while still ensuring reliable 12-hour scans, Datadog recommends setting up Agentless Scanning with Terraform as the default template.
@@ -309,7 +309,7 @@ Follow the instructions for setting up the [Datadog Azure integration][1]. ##### Disable Agentless Scanning -1. On the [Cloud Security Management Setup][10] page, click **Cloud Integrations** > **Azure**. +1. On the [Cloud Security Setup][10] page, click **Cloud Integrations** > **Azure**. 1. Locate your subscription's tenant, expand the list of subscriptions, and identify the subscription for which you want to disable Agentless Scanning. 1. Click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and toggle **Vulnerability Scanning** to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloud_integrations.md b/content/en/security/cloud_security_management/setup/cloud_integrations.md index 589cf66da25a0..97757d7c46186 100644 --- a/content/en/security/cloud_security_management/setup/cloud_integrations.md +++ b/content/en/security/cloud_security_management/setup/cloud_integrations.md @@ -1,5 +1,5 @@ --- -title: Deploying Cloud Security Management via Cloud Integrations +title: Deploying Cloud Security via Cloud Integrations aliases: - /security/cloud_security_management/setup/csm_enterprise/cloud_accounts - /security/cloud_security_management/setup/csm_pro/cloud_accounts @@ -42,7 +42,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{< tabs >}} {{% tab "AWS" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To stop resource collection for an account, click the **Edit** button ({{< img src="security/csm/setup/edit-button.png" inline="true" style="width:24px;">}}) and switch the **Enable Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -53,7 +53,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Azure" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **Azure** section. 1. To stop resource collection for a subscription, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. @@ -64,7 +64,7 @@ To enable resource scanning for your cloud accounts, you must first set up the i {{% /tab %}} {{% tab "Google Cloud" %}} -1. On the [**Cloud Security Management Setup**][1] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][1] page, click **Cloud Integrations**. 1. Expand the **GCP** section. 1. To stop resource collection for a project, switch the **Resource Scanning** toggle to the off position. 1. Click **Done**. diff --git a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md index de44db7a5602a..f34788abc4860 100644 --- a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md +++ b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md @@ -1,5 +1,5 @@ --- -title: Setting up AWS CloudTrail Logs for Cloud Security Management +title: Setting up AWS CloudTrail Logs for Cloud Security --- Set up AWS CloudTrail Logs to get the most out of [CSM Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index 91b3836dac768..c8f500d931cd3 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -1,11 +1,11 @@ --- -title: Setting up IaC Remediation for Cloud Security Management +title: Setting up IaC Remediation for Cloud Security aliases: - /security/cloud_security_management/setup/source_code_integrations further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -14,7 +14,7 @@ further_reading: text: "CSM Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security Management (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 07cdc54ec0a08..7bedbc45b652a 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -1,9 +1,9 @@ --- -title: Setting up IaC Scanning for Cloud Security Management +title: Setting up IaC Scanning for Cloud Security further_reading: - link: "/security/cloud_security_management/setup" tag: "Documentation" - text: "Setting up Cloud Security Management" + text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" text: "CSM Misconfigurations" @@ -16,7 +16,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security Management (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md index c8b32f26ba22d..1f5a4fe87d673 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/iac_scanning_exclusions.md @@ -6,7 +6,7 @@ further_reading: text: "IaC Scanning" - link: "/security/cloud_security_management/setup/iac_scanning" tag: "Documentation" - text: "Setting up IaC Scanning for Cloud Security Management" + text: "Setting up IaC Scanning for Cloud Security" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index 90f05937f82c9..461a4c984fd57 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -2,7 +2,7 @@ title: Setting Up CSM without Infrastructure Monitoring --- -In addition to setting up Cloud Security Management (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. +In addition to setting up Cloud Security (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. ## Set up CSM on your AWS account @@ -11,7 +11,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required account, add it by clicking **Add AWS Account(s)** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account number, navigate to the **Metric Collection** tab, then click the **disable metric collection** link. Then, click **Disable Metric Collection** to confirm. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, and a setup dialog automatically opens for the selected account. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, and a setup dialog automatically opens for the selected account. 1. On the setup dialog, switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -24,7 +24,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required client ID, add it by clicking **Add New App Registration** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the **Metric Collection** tab, then turn off the **Enable Metric Collection** toggle. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Azure subscription in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. @@ -37,7 +37,7 @@ In addition to setting up Cloud Security Management (CSM) with or without an Age If you don't see the required account, add it by clicking **Add GCP Account** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account name, navigate to the **Metric Collection** tab. Then, above the Metric Collection table, click **Disable All**. -1. On the **Resource Collection** tab, click **Enable** next to Cloud Security Management. You are redirected to the Cloud Security Management Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. +1. On the **Resource Collection** tab, click **Enable** next to Cloud Security. You are redirected to the Cloud Security Setup page, which automatically scrolls to the selected Google Cloud Platform project in the Cloud Integrations section. 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 7ff68a05fe476..ab6699daebf48 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -12,7 +12,7 @@ further_reading: text: "Learn more about CSM Vulnerabilities" --- -Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security Management (CSM) uses different measures of severity to calculate the scores. +Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security (CSM) uses different measures of severity to calculate the scores. ## CSM severity scoring framework diff --git a/content/en/security/cloud_security_management/troubleshooting/_index.md b/content/en/security/cloud_security_management/troubleshooting/_index.md index 67e997f465fcc..16fd8c8ec72be 100644 --- a/content/en/security/cloud_security_management/troubleshooting/_index.md +++ b/content/en/security/cloud_security_management/troubleshooting/_index.md @@ -1,11 +1,11 @@ --- -title: Cloud Security Management Troubleshooting +title: Cloud Security Troubleshooting disable_toc: true --- {{< whatsnext desc="Troubleshooting Guides" >}} {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Cloud Security Management Threats{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Management Vulnerabilities{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Vulnerabilities{{< /nextlink >}} {{< /whatsnext >}} \ No newline at end of file diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 5a12c0d3f8a42..d7851c36342e3 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" --- -If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index 9300532c3e6b6..7b41ca98115cc 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Cloud Security Management Vulnerabilities +title: Troubleshooting Cloud Security Vulnerabilities aliases: - /security/vulnerabilities/troubleshooting/ further_reading: @@ -16,7 +16,7 @@ further_reading: ## Overview -If you experience issues with Cloud Security Management (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Error messages diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index e146c9695ee13..ab572934ba492 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Vulnerabilities +title: Cloud Security Vulnerabilities aliases: - /security/infrastructure_vulnerabilities/ - /security/vulnerabilities/ @@ -22,14 +22,14 @@ further_reading: --- {{< site-region region="gov" >}} -
Cloud Security Management Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). +
Cloud Security Vulnerabilities is in Preview for your selected Datadog site ({{< region-param key="dd_site_name" >}}). Request access by filling this form.
{{< /site-region >}} ## Overview -Cloud Security Management Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. +Cloud Security Vulnerabilities (CSM Vulnerabilities) helps you improve your security posture and achieve compliance, by continuously scanning container images, hosts, host images, and serverless functions for vulnerabilities, from CI/CD pipelines to live production. Leveraging runtime observability, it helps you prioritize and remediate exploitable vulnerabilities in your daily workflows, all in a single view, and without any dependencies on other Datadog products. With CSM Vulnerabilities, you can manage your cloud security management strategy, all in one place: diff --git a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md index d789fe45152f2..ac1d5dfcae114 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md +++ b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md @@ -4,7 +4,7 @@ title: CSM Vulnerabilities Hosts and Containers Compatibility ## Operating systems -Cloud Security Management Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: +Cloud Security Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions: | Operating System | Supported Versions | Package Managers / Source | Agentless support | Agent support | |--------------------------|-----------------------------------------------------|---------------------------|-------------------|-------------------| @@ -33,7 +33,7 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho ## Application libraries -Cloud Security Management Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: +Cloud Security Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances: | Language | Supported Package Manager | Supported Files | Agentless support | Agent support | |----------|---------------------------|----------------------------------------------------------------------|-------------------|-------------------| diff --git a/content/en/security/cloud_siem/_index.md b/content/en/security/cloud_siem/_index.md index 1c1b7893455de..daed7a6e70ec4 100644 --- a/content/en/security/cloud_siem/_index.md +++ b/content/en/security/cloud_siem/_index.md @@ -39,7 +39,7 @@ further_reading: --- {{< learning-center-callout header="Join an enablement webinar session" hide_image="true" btn_title="Sign Up" btn_url="https://www.datadoghq.com/technical-enablement/sessions/?tags.topics-0=Security">}} - Learn how Datadog Cloud SIEM and Cloud Security Management elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. + Learn how Datadog Cloud SIEM and Cloud Security elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} ## Overview diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index a26825b5ce82c..35c525b342f43 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Cloud Security Management (CSM) insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Cloud Security (CSM) insights in the entity panel, [CSM must be configured][2]. ## Explore risk insights diff --git a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md index 5ba7eb580aac4..ff6f15eb34ce6 100644 --- a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md +++ b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md @@ -21,7 +21,7 @@ The following examples are covered in this guide: * [Configure the default security filter to exclude certain logs](#add-an-exclusion) * [Create custom security filters to specify which log sources to analyze](#create-a-custom-filter) -**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. +**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. ## Prerequisites diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 5bf81efdbc99b..b5812e4ba6acc 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -22,7 +22,7 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management @@ -41,7 +41,7 @@ Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. -- Cloud Security Management (CSM): +- Cloud Security (CSM): - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. @@ -59,7 +59,7 @@ To [create custom rules](#create-detection-rules), you can clone the default rul ## Search and filter detection rules -To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security Management, and Cloud SIEM). +To view out-of-the-box and custom detection rules in Datadog, navigate to the [**Security Settings**][10] page. Rules are listed on separate pages for each product (Application Security, Cloud Security, and Cloud SIEM). To search and filter the rules, use the search box and facets to query by value. For example, to only show rules for a given rule type, hover over the rule type and select `only`. You can also filter by facets such as `source` and `severity` when investigating and triaging incoming issues. @@ -120,7 +120,7 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - For ASM: Click **Application Security** and then click **Detection Rules**. - - For CSM: Click **Cloud Security Management** and then click **Threat Detection Rules**. + - For CSM: Click **Cloud Security** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. 1. In the rule editor, click **Version History** to see past changes. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 4340782998f52..ea4b02878a901 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -10,7 +10,7 @@ further_reading: text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" --- -This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Cloud Security (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. {{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} @@ -55,24 +55,24 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the
- + - + - +
AWS IAM roles and policies Log ManagementCloud Security ManagementCloud Security Cloud SIEM
AWS databases Log ManagementCloud Security ManagementCloud Security Cloud SIEM
AWS S3 buckets Log ManagementCloud Security ManagementCloud Security Cloud SIEM
-## Cloud Security Management +## Cloud Security ### Prerequisites @@ -80,7 +80,7 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the - Access to AWS Management Console - AWS Fargate ECS or EKS workloads -
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Infrastructure Monitoring with Cloud Security.
### Images diff --git a/content/en/security/notifications/_index.md b/content/en/security/notifications/_index.md index f455e717c6583..eed8bf8f3286a 100644 --- a/content/en/security/notifications/_index.md +++ b/content/en/security/notifications/_index.md @@ -16,7 +16,7 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index 837d1702b3e03..6cffda5f44bf9 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -15,7 +15,7 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management diff --git a/content/en/security/notifications/variables.md b/content/en/security/notifications/variables.md index 2bc1b3f587a08..d95eda35e615b 100644 --- a/content/en/security/notifications/variables.md +++ b/content/en/security/notifications/variables.md @@ -13,7 +13,7 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 1ed00bc4a4720..e2a4f1baead8e 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -6,7 +6,7 @@ further_reading: text: "Learn more about Application Security Management" - link: "/security/cloud_security_management" tag: "Documentation" - text: "Learn more about Cloud Security Management" + text: "Learn more about Cloud Security" - link: "/security/default_rules/#all" tag: "Documentation" text: "Out-of-the-box Detection Rules" @@ -14,7 +14,7 @@ further_reading: tag: "Blog" text: "How Datadog Security Inbox prioritizes security risks" products: -- name: Cloud Security Management +- name: Cloud Security url: /security/cloud_security_management/ icon: cloud-security-management - name: Application Security Management @@ -30,7 +30,7 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security (CSM). By default, these include the following types of findings: - A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. - A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. diff --git a/content/en/security/sensitive_data_scanner/_index.md b/content/en/security/sensitive_data_scanner/_index.md index 4b68161d3bba5..ae02a1c60d6ef 100644 --- a/content/en/security/sensitive_data_scanner/_index.md +++ b/content/en/security/sensitive_data_scanner/_index.md @@ -93,7 +93,7 @@ Sensitive Data Scanner scans for sensitive data by deploying [Agentless scanners Sensitive Data Scanner leverages its [entire rules library][10] to find matches. When a match is found, the location of the match is sent to Datadog by the scanning instance. **Note**: Data stores and their files are only read in your environment—no sensitive data that was scanned is sent back to Datadog. -Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security Management][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security Management. +Along with displaying sensitive data matches, Sensitive Data Scanner surfaces any security issues detected by [Cloud Security][11] affecting the sensitive data stores. You can click any issue to continue triage and remediation within Cloud Security. See [Set up Sensitive Data Scanner for Cloud Storage][12] for setup details. diff --git a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md index 2bf872751a920..f2a623dff0e86 100644 --- a/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md +++ b/content/en/security/sensitive_data_scanner/guide/investigate_sensitive_data_issues.md @@ -82,7 +82,7 @@ To investigate a datastore: - If it is not supposed to be in the bucket, delete the files or move them to an appropriate bucket. - If it is supposed to be in the bucket, complete the following steps to improve your security posture: 1. Click the **Security** tab in the side panel and review the **Misconfigurations** section. - 1. Click on a misconfiguration to see details in Cloud Security Management. + 1. Click on a misconfiguration to see details in Cloud Security. 1. In the **Next Steps** section: 1. Under **Triage**, click the dropdown to change the triage status of the signal. The default status is `OPEN`. 1. Click **Assign Signal** to assign a signal to yourself or another Datadog user. diff --git a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md index 4e94ac62a62d5..e6afee0d07a26 100644 --- a/content/en/security/sensitive_data_scanner/setup/cloud_storage.md +++ b/content/en/security/sensitive_data_scanner/setup/cloud_storage.md @@ -85,7 +85,7 @@ You can add a scanner to a new AWS account or an existing AWS account. 1. Select the AWS region in the dropdown menu. 1. Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection. **Note**: Only users with `api_keys_write` permissions can enable Remote Configuration for individual API keys. 1. If you want to send AWS logs to Datadog, leave **Yes** selected. -1. Select **Yes** if you want to use Datadog Cloud Security Management. +1. Select **Yes** if you want to use Datadog Cloud Security. 1. **Enable Sensitive Data Scanner** is automatically selected by default. This tells CloudFormation to add the AWS Managed SecurityAudit policy to your Datadog AWS Integration role and enable Agentless Scanning to start scanning your cloud data stores. 1. Click **Launch CloudFormation Template**. diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index bd81d4d3d1710..3cc24fbbc9bc2 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -22,7 +22,7 @@ CSM Threats uses the Datadog Agent to monitor your environment. If you don't alr 3. **DNS Activity Monitoring** to watch network traffic for malicious activity on hosts and containers in real-time. 4. **Kernel Activity Monitoring** to watch for kernel-layer attacks like process hijacking, container breakouts, and more in real-time. -{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} +{{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues to remediate" width="100%">}} ## Proactively block threats with Active Protection @@ -62,7 +62,7 @@ Datadog is introducing a new feature called Active Protection to address the cry {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Threats{{< /nextlink >}} {{< nextlink href="/security/threats/workload_security_rules">}}Learn about CSM Threats detection rules{{< /nextlink >}} {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security{{< /nextlink >}} {{< /whatsnext >}} [1]: /security/threats/setup/?tab=kuberneteshelm#prerequisites diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index a9441324a1c03..7b77b78fe8279 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -15,7 +15,7 @@ further_reading: [Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. -To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. +To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security. {{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index c01af0b88437d..9ff1cd0446049 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -33,7 +33,7 @@ Here are some important [role and permissions][11] to use for custom rules RBAC: ## Policies -Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security Management > Agent Configuration][3]. +Rules are managed and applied using policies. To view policies, go to [Security > Cloud Security > Agent Configuration][3]. You can create and deploy different custom policies containing rules you want to apply to different sets of hosts in your infrastructure. @@ -48,7 +48,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Create a policy -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Click **New Policy**. You can also open an existing policy, click **Actions**, and clone it. 3. Enter a name for the policy and click **Create**. The new policy is created and placed as the top priority, but it is not enabled or deployed. @@ -60,7 +60,7 @@ The default policy and its rules cannot be modified. You can use the policy prio ### Prioritize policies -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Click **Determine Priority**. 3. Drag the policies to set their priority. 4. Click **Confirm Reordering**. @@ -75,7 +75,7 @@ When a policy is overridden, the **Overridden** status is displayed. Hover over Tags identify two things: the Agents using the policy and the infrastructure where those Agents apply the policy. For example, if a policy has the tag `cluster_name:mycluster` the Agents in that cluster use the policy on the hosts in that cluster. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Hover over a policy, or open a policy, and click **Apply Tags & Deploy Policy**. 3. Enter tags and click **Apply**. If the policy is enabled, the policy is applied to the tag targets. @@ -116,7 +116,7 @@ As you define the rules using this tool, the threat expressions generated for th To use the Assisted rule creator: -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Assisted rule creator**. 4. Define the detection. To monitor your resource effectively, you have the following detection type options: @@ -136,7 +136,7 @@ To use the Assisted rule creator: You can create a custom Agent rule and deploy it as part of a new Agent policy. Later, when defining a custom [detection rule][3], you reference the custom Agent rule and add expression parameters. -1. Go to [Security > Cloud Security Management > Agent Configuration][3]. +1. Go to [Security > Cloud Security > Agent Configuration][3]. 2. Create or open a policy. 3. In **Actions**, select **Manual rule creator**. 4. Add a name and description for the rule. diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index f2c77c63bc596..83b6e532e2ca0 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -10,7 +10,7 @@ further_reading: text: "Notification Rules" --- -This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security Management (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. +This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). diff --git a/content/en/service_management/incident_management/declare.md b/content/en/service_management/incident_management/declare.md index e90f9f71a2efb..cd3c5d2bd67ad 100644 --- a/content/en/service_management/incident_management/declare.md +++ b/content/en/service_management/incident_management/declare.md @@ -29,7 +29,7 @@ Incidents created from a monitor will inherit [field values][10] from the monito ## From a Security Signal -Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. +Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security. Declare an incident from an Application Security Management signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. For more information, see [Investigate Security Signals][4] for Application Security Management. diff --git a/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md b/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md index 1d18b86164f83..eacb851372050 100644 --- a/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md +++ b/layouts/shortcodes/cloud-siem-aws-setup-cloudformation.en.md @@ -5,7 +5,7 @@ 1. Select the AWS Region where the CloudFormation stack will be launched. 1. Select or create the Datadog API Key used to send data from your AWS account to Datadog. 1. To configure the Datadog Lambda Forwarder, select **Yes** for **Send Logs to Datadog**. This enables AWS CloudTrail logs to be sent to Datadog. -1. To enable Cloud Security Management, select **Yes** for **Detect security issues**. +1. To enable Cloud Security, select **Yes** for **Detect security issues**. 1. If you select **Yes** for **Detect security issues**, the **Enable Sensitive Data Scanner for Cloud Storage** option appears. Turn this on to automatically identify and classify sensitive data stored in Amazon S3. 1. Click **Launch CloudFormation Template**. This opens the AWS Console and loads the CloudFormation stack with the parameters filled in based on your selections in the Datadog form. 1. Check the required boxes from AWS and click **Create stack**. diff --git a/layouts/shortcodes/csm-agentless-azure-resource-manager.md b/layouts/shortcodes/csm-agentless-azure-resource-manager.md index b3c797d4e802f..d106ba074aade 100644 --- a/layouts/shortcodes/csm-agentless-azure-resource-manager.md +++ b/layouts/shortcodes/csm-agentless-azure-resource-manager.md @@ -2,9 +2,9 @@ Complete the following steps to enable Agentless Scanning for your Azure subscriptions: -#### Cloud Security Management Setup page +#### Cloud Security Setup page -1. On the [Cloud Security Management Setup][1010] page, click **Cloud Integrations** > **Azure**. +1. On the [Cloud Security Setup][1010] page, click **Cloud Integrations** > **Azure**. 1. Locate the tenant ID of your subscription. 1. **(Optional)** To enable detection of misconfigurations, toggle **Resource Scanning** to the on position. 1. Expand the list of Azure subscriptions and locate the subscription where you want to deploy the Agentless scanner. diff --git a/layouts/shortcodes/csm-agentless-prereqs.en.md b/layouts/shortcodes/csm-agentless-prereqs.en.md index 754bdf7ef5a79..99cbae983bf3f 100644 --- a/layouts/shortcodes/csm-agentless-prereqs.en.md +++ b/layouts/shortcodes/csm-agentless-prereqs.en.md @@ -1,7 +1,7 @@ ## Prerequisites -To deploy Agentless scanning in your AWS environment, in addition to having [Cloud Security Management][3] enabled, you must enable Remote Configuration. +To deploy Agentless scanning in your AWS environment, in addition to having [Cloud Security][3] enabled, you must enable Remote Configuration. ### Enable Remote Configuration diff --git a/layouts/shortcodes/csm-setup-aws.en.md b/layouts/shortcodes/csm-setup-aws.en.md index 8889f2044a27f..e311b54e58038 100644 --- a/layouts/shortcodes/csm-setup-aws.en.md +++ b/layouts/shortcodes/csm-setup-aws.en.md @@ -4,7 +4,7 @@ If you haven't already, set up the [Amazon Web Services integration][1]. You mus ### Enable CSM for your AWS accounts -1. On the [**Cloud Security Management Setup**][3] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To enable resource scanning for an account, click the **Plus** button, then switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done**. diff --git a/layouts/shortcodes/csm-setup-azure.en.md b/layouts/shortcodes/csm-setup-azure.en.md index 24ca9c37b719f..7eb47f01629e4 100644 --- a/layouts/shortcodes/csm-setup-azure.en.md +++ b/layouts/shortcodes/csm-setup-azure.en.md @@ -6,7 +6,7 @@ If you haven't already, set up the [Microsoft Azure integration][1]. ### Enable CSM for your Azure subscriptions -1. On the [**Cloud Security Management Setup**][3] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 2. Expand the **Azure** section. 3. To enable resource scanning for a subscription, switch the **Resource Scanning** toggle to the on position. 4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][4]. diff --git a/layouts/shortcodes/csm-setup-google-cloud.en.md b/layouts/shortcodes/csm-setup-google-cloud.en.md index 93bbcabbc45fe..62fa46734783c 100644 --- a/layouts/shortcodes/csm-setup-google-cloud.en.md +++ b/layouts/shortcodes/csm-setup-google-cloud.en.md @@ -15,7 +15,7 @@ The Datadog Google Cloud Platform integration uses service accounts to create an ### Enable CSM for your Google Cloud projects -1. On the [**Cloud Security Management Setup**][2] page, click **Cloud Integrations**. +1. On the [**Cloud Security Setup**][2] page, click **Cloud Integrations**. 2. Expand the **GCP** section. 3. To enable resource scanning for a project, switch the **Resource Scanning** toggle to the on position. 4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][11]. diff --git a/layouts/shortcodes/csm-windows-setup.en.md b/layouts/shortcodes/csm-windows-setup.en.md index d60923ffa7177..7dddef39cc201 100644 --- a/layouts/shortcodes/csm-windows-setup.en.md +++ b/layouts/shortcodes/csm-windows-setup.en.md @@ -1,7 +1,7 @@ Use the following instructions to enable Threat Detection and Vulnerability scanning on Windows. -Datadog Cloud Security Management on Windows includes host vulnerability detection as well as built-in threat detection for Windows process and network events. The out-of-the-box Windows ruleset includes the following default rules: +Datadog Cloud Security on Windows includes host vulnerability detection as well as built-in threat detection for Windows process and network events. The out-of-the-box Windows ruleset includes the following default rules: - Certutil used to transmit or decode a file - Process memory was dumped using the minidump functions of comsvcs.dll diff --git a/layouts/shortcodes/semantic-color.en.md b/layouts/shortcodes/semantic-color.en.md index fec48237f138f..9b163eb44dccf 100644 --- a/layouts/shortcodes/semantic-color.en.md +++ b/layouts/shortcodes/semantic-color.en.md @@ -10,8 +10,8 @@ | `@static_analysis.result.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | | `@deployment.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | | `@evaluation.status` | Used by [CI Visibility](https://www.datadoghq.com/product/ci-cd-monitoring/) | -| `evaluation` | Used by [Cloud Security Management](https://www.datadoghq.com/product/cloud-security-management/) | -| `severity` | Used by [Cloud Security Management](https://www.datadoghq.com/product/cloud-security-management/) | +| `evaluation` | Used by [Cloud Security](https://www.datadoghq.com/product/cloud-security-management/) | +| `severity` | Used by [Cloud Security](https://www.datadoghq.com/product/cloud-security-management/) | | `@resource.status_code` | Used by [RUM & Session Replay](https://docs.datadoghq.com/real_user_monitoring/). Uses the same colors as `http.status_code`. | | `@error.resource.status_code` | Used by [RUM & Session Replay](https://docs.datadoghq.com/real_user_monitoring/). Uses the same colors as `http.status_code`. | | `@batch.status` | Used by [Synthetic Monitoring](https://docs.datadoghq.com/synthetics/) for test batch results. | From 5a1102901146933148b9421c32043b78d0c78187 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 11:01:00 -0600 Subject: [PATCH 06/28] Remove instances of ` (CSM)` --- content/en/account_management/billing/product_allotments.md | 2 +- content/en/containers/kubernetes/installation.md | 2 +- content/en/getting_started/devsecops/_index.md | 2 +- content/en/getting_started/integrations/google_cloud.md | 2 +- .../en/getting_started/security/cloud_security_management.md | 2 +- content/en/infrastructure/containers/container_images.md | 4 ++-- content/en/security/_index.md | 2 +- content/en/security/cloud_security_management/_index.md | 2 +- content/en/security/cloud_security_management/guide/_index.md | 2 +- .../guide/resource_evaluation_filters.md | 2 +- .../frameworks_and_benchmarks/custom_frameworks.md | 2 +- .../cloud_security_management/misconfigurations/kspm.md | 2 +- .../cloud_security_management/review_remediate/jira.md | 2 +- .../cloud_security_management/review_remediate/workflows.md | 2 +- content/en/security/cloud_security_management/setup/_index.md | 2 +- .../cloud_security_management/setup/iac_remediation.md | 2 +- .../cloud_security_management/setup/iac_scanning/_index.md | 2 +- .../setup/without_infrastructure_monitoring.md | 2 +- .../en/security/cloud_security_management/severity_scoring.md | 2 +- .../cloud_security_management/troubleshooting/threats.md | 2 +- .../troubleshooting/vulnerabilities.md | 2 +- content/en/security/cloud_siem/entities_and_risk_scoring.md | 2 +- content/en/security/detection_rules/_index.md | 2 +- content/en/security/guide/aws_fargate_config_guide.md | 2 +- content/en/security/security_inbox.md | 2 +- content/en/security/upcoming_changes_notification_rules.md | 2 +- 26 files changed, 27 insertions(+), 27 deletions(-) diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index 7504ab67ca6f9..018bd36953dea 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Cloud Security (CSM) | N/A | Sum | +| CSM Enterprise Containers | Cloud Security | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | diff --git a/content/en/containers/kubernetes/installation.md b/content/en/containers/kubernetes/installation.md index bff550ce89566..94f5e222a6fe8 100644 --- a/content/en/containers/kubernetes/installation.md +++ b/content/en/containers/kubernetes/installation.md @@ -293,7 +293,7 @@ helm uninstall datadog-agent ### Monitor your infrastructure in Datadog Use the [Containers][13] page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see [Containers View][14]. -Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security][19] (CSM). For information on how to use the Container Images page, see the [Containers Images View][20]. +Use the [Container Images][18] page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from [Cloud Security][19]. For information on how to use the Container Images page, see the [Containers Images View][20]. The [Kubernetes][21] section features an overview of all your Kubernetes resources. [Orchestrator Explorer][22] allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The [Resource Utilization][23] page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see [Orchestrator Explorer][24] and [Kubernetes Resource Utilization][25]. diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index 3b8916381c86c..201607b1ea2bc 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -6,7 +6,7 @@ This guide introduces the Infrastructure Monitoring DevSecOps bundles, with link ## Infrastructure DevSecOps -The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security (CSM)][3]. +The Infrastructure DevSecOps bundles combine infrastructure monitoring with the security capabilities of [Cloud Security][3]. {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index e4277c5c54c68..8429653a7157e 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -274,7 +274,7 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo ### Cloud Security -Datadog Cloud Security (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. +Datadog Cloud Security delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. Check out the [Setting up Cloud Security guide][49] to get started. After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 96d38171b5c7b..7219f0ba8eafd 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -28,7 +28,7 @@ further_reading: ## Overview -[Datadog Cloud Security][1] (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +[Datadog Cloud Security][1] delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index d4a146cc4068c..ed3ee333f8bb8 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -17,7 +17,7 @@ further_reading: ## Overview -The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security][2] (CSM) to help you streamline your security efforts. +The [container images view][1] in Datadog provides key insights into every image used in your environment to help you assess their deployment footprint. It also detects and remediates security and performance issues that can affect multiple containers. You can view container image details alongside the rest of your container data to troubleshoot image issues affecting infrastructure health. Additionally, you can view vulnerabilities found in your container images from [Cloud Security][2] to help you streamline your security efforts. {{< img src="security/vulnerabilities/container_images.png" alt="The container images view highlighting vulnerabilities and container column sort feature" width="100%">}} @@ -35,7 +35,7 @@ To enable live container collection, see the [containers][3] documentation. It p ### Image collection -Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security][8] (CSM) vulnerabilities. +Datadog collects container image metadata to provide enhanced debugging context for related containers and [Cloud Security][8] vulnerabilities. #### Enable container image collection diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 7042287079fca..a018e36a91ce6 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -108,7 +108,7 @@ In addition to threat detection, Datadog provides end-to-end code and library vu ## Cloud Security -[Cloud Security (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. +[Cloud Security][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 0656b01db1141..da1463c0018b4 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -53,7 +53,7 @@ cascade: Learn how Datadog Cloud SIEM and Cloud Security elevate your organization's threat detection and investigation for dynamic, cloud-scale environments. {{< /learning-center-callout >}} -Datadog Cloud Security (CSM) delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. +Datadog Cloud Security delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 601f6a72ee00a..1a158548cac04 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -7,7 +7,7 @@ aliases: --- -{{< whatsnext desc="Cloud Security (CSM) Guides" >}} +{{< whatsnext desc="Cloud Security Guides" >}} {{< nextlink href="/getting_started/cloud_security_management" >}}First Steps for Cloud Security{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Agent Variables{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index 0a1675728443c..48853eafe2907 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -9,7 +9,7 @@ further_reading: text: Setting Up Cloud Security --- -You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security (CSM). The filters must be specified as a comma-separated list of `key:value` pairs. +You can use resource tags to create filters that include or exclude resources from being evaluated by Cloud Security. The filters must be specified as a comma-separated list of `key:value` pairs. **Notes**: diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index 8cc4282a69a44..e7401ab42e0ec 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -17,7 +17,7 @@ further_reading: text: "Securing Datadog's cloud infrastructure: Our playbook and methodology" --- -With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security (CSM) [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. +With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. 1. On the [CSM Compliance page][6], click **Create Framework**. 1. Enter the following details: diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index 33c7dddf6e0b3..02b954a14d7a6 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -11,7 +11,7 @@ further_reading: text: "Create Custom Rules" --- -Kubernetes Security Posture Management (KSPM) for Cloud Security (CSM) helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). +Kubernetes Security Posture Management (KSPM) for Cloud Security helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by [CIS][1], or your own [custom detection policies](#create-your-own-kubernetes-detection-rules). ## Setting up KSPM diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index 9b4e93ac83341..5ae3178c01b86 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -20,7 +20,7 @@ products: {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security (CSM) security issue. Jira for Cloud Security is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security security issue. Jira for Cloud Security is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. **Notes**: - To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index e43c9b01554e0..3bc5aff126467 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -29,7 +29,7 @@ products: [Datadog Workflow Automation][1] allows you to orchestrate and automate your end-to-end processes by building workflows made up of actions that connect to your infrastructure and tools. -Use Workflow Automation with [Cloud Security (CSM)][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). +Use Workflow Automation with [Cloud Security][2] to automate your security-related workflows. For example, you can create workflows that allow you to [block access to a public Amazon S3 bucket via an interactive Slack message](#block-access-to-aws-s3-bucket-via-slack), or [automatically create a Jira issue and assign it to a team](#automatically-create-and-assign-a-jira-issue). ## Understanding how triggers and sources work diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 085df8c23ccfb..f0932a45ef81d 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -28,7 +28,7 @@ further_reading: ## Overview -To get started with Cloud Security (CSM), review the following: +To get started with Cloud Security, review the following: - [Overview](#overview) - [Enable Agentless Scanning](#enable-agentless-scanning) diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index c8f500d931cd3..a868a2e6a5772 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -14,7 +14,7 @@ further_reading: text: "CSM Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security (CSM). IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security. IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 7bedbc45b652a..534927c58bb79 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -16,7 +16,7 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security (CSM). IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security. IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index 461a4c984fd57..822b19b212ba7 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -2,7 +2,7 @@ title: Setting Up CSM without Infrastructure Monitoring --- -In addition to setting up Cloud Security (CSM) with or without an Agent, you can also set it up without Infrastructure Monitoring. +In addition to setting up Cloud Security with or without an Agent, you can also set it up without Infrastructure Monitoring. ## Set up CSM on your AWS account diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index ab6699daebf48..641eb2326719d 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -12,7 +12,7 @@ further_reading: text: "Learn more about CSM Vulnerabilities" --- -Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security (CSM) uses different measures of severity to calculate the scores. +Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security uses different measures of severity to calculate the scores. ## CSM severity scoring framework diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index d7851c36342e3..5668fc67ad03b 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting CSM Vulnerabilities" --- -If you experience issues with Cloud Security (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index 7b41ca98115cc..35f6b5452b393 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -16,7 +16,7 @@ further_reading: ## Overview -If you experience issues with Cloud Security (CSM) Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Vulnerabilities, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Error messages diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index 35c525b342f43..3021878db3e9a 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Cloud Security (CSM) insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Cloud Security insights in the entity panel, [CSM must be configured][2]. ## Explore risk insights diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index b5812e4ba6acc..9203cc2708a8b 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -41,7 +41,7 @@ Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. -- Cloud Security (CSM): +- Cloud Security: - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index ea4b02878a901..2bbca58f54fa8 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -10,7 +10,7 @@ further_reading: text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" --- -This guide walks you through configuring [Cloud Security (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Cloud Security][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. {{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index e2a4f1baead8e..140b468edfba6 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -30,7 +30,7 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security (CSM). By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security. By default, these include the following types of findings: - A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. - A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index 83b6e532e2ca0..60d688c575562 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -10,7 +10,7 @@ further_reading: text: "Notification Rules" --- -This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security (CSM)][4], and more specifically cloud configuration and infrastructure configuration signals. +This article outlines upcoming changes to how [notification rules][1] are configured. These changes mostly impact [Cloud Security][4], and more specifically cloud configuration and infrastructure configuration signals. Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). From c7e63f4b237251c83a0e2626848707e9a513835d Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 11:12:13 -0600 Subject: [PATCH 07/28] Remove blog post --- .../en/getting_started/security/cloud_security_management.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 7219f0ba8eafd..9cae0349cd409 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -12,9 +12,6 @@ further_reading: - link: "https://www.datadoghq.com/blog/automate-end-to-end-processes-with-datadog-workflows/" tag: "Blog" text: "Automate end-to-end processes with Datadog Workflows" -- link: "https://www.datadoghq.com/blog/csm-at-datadog/" - tag: "Blog" - text: "How we use Datadog CSM to improve security posture in our cloud infrastructure" - link: "https://www.datadoghq.com/blog/detecting-leaked-credentials/" tag: "Blog" text: "How we detect and notify users about leaked Datadog credentials" From 74fe18470440c3d763474ce2aed7baef047a73fc Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 11:44:54 -0600 Subject: [PATCH 08/28] Remove redundant feature name abbreviations --- content/en/integrations/guide/aws-organizations-setup.md | 4 ++-- .../guide/azure-architecture-and-configuration.md | 2 +- content/en/integrations/guide/azure-portal.md | 2 +- .../cloud_security_management/identity_risks/_index.md | 2 +- .../cloud_security_management/misconfigurations/_index.md | 2 +- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/findings/_index.md | 2 +- .../cloud_security_management/vulnerabilities/_index.md | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index ba3d2943276fd..b7a2f9486659b 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -32,7 +32,7 @@ The Datadog CloudFormation StackSet performs the following steps: 1. Deploys the Datadog AWS CloudFormation Stack in every account under an AWS Organization or Organizational Unit. 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. -4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Misconfigurations (CSM Misconfigurations) specific use cases. +4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Misconfigurations specific use cases. 5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -60,7 +60,7 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - Select your Datadog APP key on Datadog AWS integration configuration page and use it in the `DatadogAppKey` parameter in the StackSet. - *Optionally:* - a. Enable [Cloud Security Misconfigurations][5] (CSM Misconfigurations) to scan your cloud environment, hosts, and containers for misconfigurations and security risks. + a. Enable [Cloud Security Misconfigurations][5] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. 3. **Configure StackSet options** diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index c3db5bfa7734c..6241845f029bd 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -117,7 +117,7 @@ The implications of restricting access below the Monitoring Reader role are: - Partial or total loss of monitoring data - Partial or total loss of metadata in the form of tags on your resource metrics - - Partial or total loss of data for [Cloud Security Misconfigurations (CSM Misconfigurations)][3] or [Resource Catalog][4] + - Partial or total loss of data for [Cloud Security Misconfigurations][3] or [Resource Catalog][4] - Partial or total loss of Datadog-generated metrics The implications of restricting or omitting the Azure AD roles are: diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index 63deb7747660f..edc23a40879c4 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -300,7 +300,7 @@ The Azure Datadog integration allows you to install the Datadog Agent on a VM or ### Cloud Security Misconfigurations -Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Misconfigurations (CSM Misconfigurations)][8]. +Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Misconfigurations][8]. By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 91eb9fab1141d..7f9ad4a2a4853 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -26,7 +26,7 @@ further_reading: text: "Detect cross-account access risks in AWS with Datadog" --- -Cloud Security Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. +Cloud Security Identity Risks is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles.
CSM Identity Risks is available for AWS, Azure, and GCP.
diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 741d2c1ca3832..b6fb4f5a2fb7c 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -9,7 +9,7 @@ algolia: tags: ['cspm'] --- -Cloud Security Misconfigurations (CSM Misconfigurations) makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. +Cloud Security Misconfigurations makes it easier to assess and visualize the current and historic security posture of your cloud resources, automate audit evidence collection, and remediate misconfigurations that leave your organization vulnerable to attacks. By continuously surfacing security weaknesses resulting from misconfigurations, teams can mitigate risks while ensuring compliance with industry standards. ## Detect misconfigurations across your cloud resources diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index bebc5c56f91c7..00c87cd5b3c92 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -18,7 +18,7 @@ further_reading: text: Misconfigurations Reports --- -Cloud Security Misconfigurations (CSM Misconfigurations) [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. +Cloud Security Misconfigurations [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 2cec1f37e6099..f1e2bea81955c 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -14,7 +14,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -The Cloud Security Misconfigurations (CSM Misconfigurations) [Explorer][1] allows you to: +The Cloud Security Misconfigurations [Explorer][1] allows you to: - Review the detailed configuration of a resource. - Review the compliance rules applied to your resources by CSM Misconfigurations. diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index ab572934ba492..bd3f24ecd863e 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -29,7 +29,7 @@ Request access by }} {{< nextlink href="/security/cloud_siem/guide" >}}    Cloud SIEM{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide" >}}    Cloud Security Management{{< /nextlink >}} -{{< nextlink href="/security/application_security/guide" >}}    Application Security Management{{< /nextlink >}} +{{< nextlink href="/security/application_security/guide" >}}    App and API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Digital Experience:">}} diff --git a/content/en/data_security/_index.md b/content/en/data_security/_index.md index bb276d720c66f..9bfd659dcecfc 100644 --- a/content/en/data_security/_index.md +++ b/content/en/data_security/_index.md @@ -86,7 +86,7 @@ The Datadog tracing libraries are used to instrument your applications, services - Application Performance Monitoring (APM) - Continuous Profiler - CI Visibility -- Application Security Management +- App and API Protection For detailed information about how tracing-library sourced data is managed, default basic security settings, and custom obfuscating, scrubbing, excluding, and modifying of trace-related elements, read [Configuring Agent and Tracer for trace data security][18]. diff --git a/content/en/database_monitoring/setup_oracle/rds.md b/content/en/database_monitoring/setup_oracle/rds.md index 29a441a0f7393..d755953ea43db 100644 --- a/content/en/database_monitoring/setup_oracle/rds.md +++ b/content/en/database_monitoring/setup_oracle/rds.md @@ -69,7 +69,7 @@ exec rdsadmin.rdsadmin_util.grant_sys_object('V_$OSSTAT','DATADOG','SELECT',p_gr exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PARAMETER','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PGASTAT','DATADOG','SELECT',p_grant_option => false); -exec rdsadmin.rdsadmin_util.grant_sys_object('V_$ASM_DISKGROUP','DATADOG','SELECT',p_grant_option => false); +exec rdsadmin.rdsadmin_util.grant_sys_object('V_$AAP_DISKGROUP','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$RSRCMGRMETRIC','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_CONFIG','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_STATS','DATADOG','SELECT',p_grant_option => false); diff --git a/content/en/developers/guide/data-collection-resolution-retention.md b/content/en/developers/guide/data-collection-resolution-retention.md index a340ed0b8feef..d88be045f7143 100644 --- a/content/en/developers/guide/data-collection-resolution-retention.md +++ b/content/en/developers/guide/data-collection-resolution-retention.md @@ -17,7 +17,7 @@ Find below a summary of Datadog data [collection][1], [resolution][2], and reten | APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | 30 days | | APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | 15 days. Viewed traces are retained long-term. See [Trace Retention][3] for details. | | APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | 15 months | -| ASM | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | 90 days. Underlying traces kept for 15 days. | +| AAP | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | 90 days. Underlying traces kept for 15 days. | | Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | 7 days | | CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | 15 months. | | CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | 30 days. | @@ -31,7 +31,7 @@ Find below a summary of Datadog data [collection][1], [resolution][2], and reten | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | 15 months | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | 15 months | | Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | 15 months | -| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 ms | 15 months | +| Workload Protection | Signals | Datadog Workload Protection | Real time | 1 ms | 15 months | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | 15 months | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | 15 days | | DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | 15 months | diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index 2fca7185e5b99..c5d04a340fc74 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -120,7 +120,7 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/synthetics" >}}Synthetic Monitoring: Start testing and monitoring your API endpoints and key business journeys with Synthetic tests.{{< /nextlink >}} {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} -{{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} +{{< nextlink href="/getting_started/application_security" >}}App and API Protection: Discover best practices for getting your team up and running with AAP.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security Management: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} diff --git a/content/en/getting_started/security/application_security.md b/content/en/getting_started/security/application_security.md index 4930ded86c752..d3877e0cdea1f 100644 --- a/content/en/getting_started/security/application_security.md +++ b/content/en/getting_started/security/application_security.md @@ -1,5 +1,5 @@ --- -title: Getting Started with Application Security Management +title: Getting Started with App and API Protection aliases: - /security/security_monitoring/getting_started/ - /getting_started/application_security @@ -9,7 +9,7 @@ further_reading: text: "Application Security terms and concepts" - link: "/security/application_security/how-appsec-works" tag: "Documentation" - text: "How Application Security Management works" + text: "How App and API Protection works" - link: "https://dtdg.co/fe" tag: "Foundation Enablement" text: "Join an interactive session to elevate your security and threat detection" @@ -20,47 +20,47 @@ further_reading: ## Overview -Datadog Application Security Management (ASM) helps secure your web applications and APIs in production. +Datadog App and API Protection (AAP) helps secure your web applications and APIs in production. - With threat detection, Datadog provides real-time protection against attacks and attackers targeting code-level vulnerabilities. - With [Code Security][28], Datadog detects code and library vulnerabilities in your repositories and your running services, providing end-to-end visibility from development to production. -This guide walks you through best practices for getting your team up and running with ASM. +This guide walks you through best practices for getting your team up and running with AAP. ## Identify services that have security risk -**Identify services vulnerable or exposed to attacks** that would benefit from ASM. On the [**Software Catalog > Security page**,][1] view and select the services you wish to enable. +**Identify services vulnerable or exposed to attacks** that would benefit from AAP. On the [**Software Catalog > Security page**,][1] view and select the services you wish to enable. -{{< img src="getting_started/appsec/ASM_activation_service_selection_v2.png" alt="ASM Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} +{{< img src="getting_started/appsec/AAP_activation_service_selection_v2.png" alt="AAP Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} -These security insights are detected from data reported by APM. The insights help prioritize your security efforts. ASM identifies, prioritizes, and helps remediate all security risks on your services. +These security insights are detected from data reported by APM. The insights help prioritize your security efforts. AAP identifies, prioritizes, and helps remediate all security risks on your services. **Note**: If no vulnerabilities or suspicious requests are reported, ensure your services are using a recent Datadog tracing library version. From the [Security Software Catalog][2], open any service's side panel and look at its **Tracing Configuration**. -{{< img src="getting_started/appsec/ASM_Tracing_Configuration.png" alt="Tracer Configuration tab in APM Software Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services." style="width:100%;" >}} +{{< img src="getting_started/appsec/AAP_Tracing_Configuration.png" alt="Tracer Configuration tab in APM Software Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services." style="width:100%;" >}} -## Enable ASM +## Enable AAP -### Enable ASM with in-app instructions +### Enable AAP with in-app instructions - To enable Threat Management in-app, navigate to [**Application Security > Setup**][29]. - To enable Code Security in-app, navigate to [**Code Security > Setup**][29]. - -### Enable ASM with Remote Configuration +### Enable AAP with Remote Configuration #### Prerequisites: - Datadog Agent versions 7.42.0 or higher installed on your hosts or containers. - Datadog Tracer versions are [compatible with Remote Configuration][17]. @@ -73,8 +73,8 @@ These security insights are detected from data reported by APM. The insights hel See [Setting up Remote Configuration][21] for more information. -### Test ASM -Once enabled, ASM immediately identifies application vulnerabilities and detects attacks and attackers targeting your services. +### Test AAP +Once enabled, AAP immediately identifies application vulnerabilities and detects attacks and attackers targeting your services. 1. **Validate vulnerabilities**: Navigate to the [Vulnerabilities tab][14], triage and remediate your vulnerabilities. 2. **Validate attacks**: Send attack patterns to trigger a test detection rule. From your terminal, run the following script: @@ -91,9 +91,9 @@ Once enabled, ASM immediately identifies application vulnerabilities and detects 3. Go to [Security Signals Explorer][6] to see the signal that is generated after a few seconds. -## Disable ASM +## Disable AAP -For information on disabling ASM or its related capabilities, see the following: +For information on disabling AAP or its related capabilities, see the following: - [Disabling threat management and protection][24] - [Disabling Code Security (SAST, SCA, or IAST)][27] diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 6a141f0d53b39..61767bcbcf8ce 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -54,8 +54,8 @@ With CSM, Security and DevOps teams can act on the shared context of observabili ## Phase 2: Customization -1. Set up [CSM Threats suppression rules][18] to reduce noise. -2. Create custom detection rules for [CSM Misconfigurations][19] and [CSM Threats][20]. +1. Set up [Workload Protection suppression rules][18] to reduce noise. +2. Create custom detection rules for [CSM Misconfigurations][19] and [Workload Protection][20]. ## Phase 3: Reports and dashboards @@ -68,7 +68,7 @@ With CSM, Security and DevOps teams can act on the shared context of observabili For information on disabling CSM, see the following: - [Disable CSM Vulnerabilities][32] -- [Disable CSM Threats][33] +- [Disable Workload Protection][33] ## Further reading diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 0d59b14b7922d..f62bb696b925f 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -11,7 +11,7 @@ further_reading: text: "Cloud Security Management Misconfigurations" - link: "/security/threats/" tag: "Documentation" - text: "Cloud Security Management Threats" + text: "Workload Protection" - link: "https://www.datadoghq.com/blog/datadog-resource-catalog/" tag: "Blog" text: "Govern your infrastructure resources with the Datadog Resource Catalog" diff --git a/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md b/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md index 9e93b53bffc77..20c22701559e3 100644 --- a/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md +++ b/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md @@ -140,7 +140,7 @@ exec rdsadmin.rdsadmin_util.grant_sys_object('V_$CONTAINERS','DATADOG','SELECT', exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL_PLAN_STATISTICS_ALL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PGASTAT','DATADOG','SELECT',p_grant_option => false); -exec rdsadmin.rdsadmin_util.grant_sys_object('V_$ASM_DISKGROUP','DATADOG','SELECT',p_grant_option => false); +exec rdsadmin.rdsadmin_util.grant_sys_object('V_$AAP_DISKGROUP','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$RSRCMGRMETRIC','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_CONFIG','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_STATS','DATADOG','SELECT',p_grant_option => false); diff --git a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md index e6c3f69b790b5..d57bbadd653a7 100644 --- a/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md +++ b/content/en/network_monitoring/cloud_network_monitoring/network_analytics.md @@ -380,7 +380,7 @@ The top of the sidepanel displays common client and server tags shared by the in ### Security -The **Security** tab highlights potential network threats and findings detected by [Cloud Security Management Threats][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. +The **Security** tab highlights potential network threats and findings detected by [Workload Protection][6] and [Cloud Security Management Misconfigurations][7]. These signals are generated when Datadog detects network activity that matches a [detection or compliance rule][8], or if there are other threats and misconfigurations related to the selected network flow. ## Further Reading diff --git a/content/en/opentelemetry/compatibility.md b/content/en/opentelemetry/compatibility.md index 679b8a0b9b771..1cf0c53fb207e 100644 --- a/content/en/opentelemetry/compatibility.md +++ b/content/en/opentelemetry/compatibility.md @@ -46,7 +46,7 @@ The following table shows Datadog feature compatibility across different setups: | [Live Container Monitoring/Kubernetes Explorer][20] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Live Processes][16] | | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | [Universal Service Monitoring][17] (USM) | |{{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | -| [Application Security Management][11] (ASM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | +| [App and API Protection][11] (AAP) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Continuous Profiler][12] | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Jobs Monitoring][13] (DJM) | | | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | | [Data Streams Monitoring][15] (DSM) | {{< tooltip text="N/A" tooltip="OTel does not offer DSM functionality" >}}| | {{< X >}} | {{< X >}}
(Datadog SDK only) | {{< X >}} | diff --git a/content/en/opentelemetry/instrument/api_support/_index.md b/content/en/opentelemetry/instrument/api_support/_index.md index d29280e2e9bc7..778ace53f4b34 100644 --- a/content/en/opentelemetry/instrument/api_support/_index.md +++ b/content/en/opentelemetry/instrument/api_support/_index.md @@ -31,7 +31,7 @@ By [instrumenting your code with OpenTelemetry APIs][2], your code: - Remains free of vendor-specific API calls. - Does not depend on Datadog tracing libraries at compile time (only runtime). -Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [Application Security Management][5], and [Live Processes][6]. +Replace the OpenTelemetry SDK with the Datadog tracing library in the instrumented application, and the traces produced by your running code can be processed, analyzed, and monitored alongside Datadog traces and in Datadog proprietary products such as [Continuous Profiler][3], [Data Streams Monitoring][4], [App and API Protection][5], and [Live Processes][6]. To learn more, follow the link for your language: diff --git a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md index da98290ea1920..dcbd4a95724a7 100644 --- a/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md +++ b/content/en/opentelemetry/setup/otlp_ingest_in_the_agent.md @@ -21,7 +21,7 @@ further_reading: OTLP Ingest in the Agent is a way to send telemetry data directly from applications instrumented with [OpenTelemetry SDKs][1] to Datadog Agent. Since versions 6.32.0 and 7.32.0, the Datadog Agent can ingest OTLP traces and [OTLP metrics][2] through gRPC or HTTP. Since versions 6.48.0 and 7.48.0, the Datadog Agent can ingest OTLP logs through gRPC or HTTP. -OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as Application Security Management, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. +OTLP Ingest in the Agent allows you to use observability features in the Datadog Agent. Data from applications instrumented with OpenTelemetry SDK cannot be used in some Datadog proprietary products, such as App and API Protection, Continuous Profiler, and Ingestion Rules. [OpenTelemetry Runtime Metrics are supported for some languages][10]. {{< img src="/opentelemetry/setup/dd-agent-otlp-ingest.png" alt="Diagram: OpenTelemetry SDK sends data through OTLP protocol to a Collector with Datadog Exporter, which forwards to Datadog's platform." style="width:100%;" >}} diff --git a/content/en/security/_index.md b/content/en/security/_index.md index f29e6a7f2bf25..0d7d3c58ca895 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -26,7 +26,7 @@ further_reading: text: "Start tracking misconfigurations with CSM Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" - text: "Uncover kernel-level threats with CSM Threats" + text: "Uncover kernel-level threats with Workload Protection" - link: "https://securitylabs.datadoghq.com/" tag: "Security Labs" text: "Read about security-related topics on Datadog's Security Labs blog" @@ -91,7 +91,7 @@ Datadog Security includes [Application Security](#application-security), [Cloud ## Application Security -Datadog [Application Security][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). ASM leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. +Datadog [Application Security][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. In addition to threat detection, Datadog provides end-to-end code and library vulnerability detection from development to production with [Code Security][20], which includes the following capabilities: - [Static Code Analysis (SAST)][21] for identifying security and quality issues in your first-party code diff --git a/content/en/security/access_control.md b/content/en/security/access_control.md index 0bc804e995a3f..d68b7b1ec4879 100644 --- a/content/en/security/access_control.md +++ b/content/en/security/access_control.md @@ -5,10 +5,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec further_reading: diff --git a/content/en/security/account_takeover_protection.md b/content/en/security/account_takeover_protection.md index d8e072482231c..43e375d8b9ed3 100644 --- a/content/en/security/account_takeover_protection.md +++ b/content/en/security/account_takeover_protection.md @@ -4,16 +4,16 @@ disable_toc: false further_reading: - link: "security/application_security/terms/" tag: "Documentation" - text: "ASM Terms and Concepts" + text: "AAP Terms and Concepts" - link: "security/application_security/threats/add-user-info/?tab=set_user" tag: "Documentation" text: "User Monitoring and Protection" - link: "security/application_security/guide/" tag: "Documentation" - text: "Application Security Management Guides" + text: "App and API Protection Guides" --- -ASM provides account takeover (ATO) protection to detect and mitigate account takeover attacks. +AAP provides account takeover (ATO) protection to detect and mitigate account takeover attacks. ATO protection has the following benefits: @@ -54,11 +54,11 @@ Brute force ## Setting up ATO detection and prevention -ASM provides managed detections of ATO attacks. +AAP provides managed detections of ATO attacks. Effective ATO detection and prevention requires the following: -1. Instrumenting your production login endpoints. This enables detection with ASM-managed rules. +1. Instrumenting your production login endpoints. This enables detection with AAP-managed rules. 2. Remote configuration. This enables blocking attacks and pushing remote instrumentation from the Datadog user interface. 3. Notifications. Ensures you are notified of compromised accounts. 4. Reviewing your first detection. Understand how automated protection fits in with your attacks and escalation requirements. @@ -86,7 +86,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Remote Configuration -[Remote Configuration][4] enables ASM users to instrument apps with custom [business logic][5] data in near real time. +[Remote Configuration][4] enables AAP users to instrument apps with custom [business logic][5] data in near real time. ## Notifications @@ -95,7 +95,7 @@ You are not limited to how Datadog defines these enrichments. Many platform prod ## Review your first detection -ASM highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. +AAP highlights the most relevant information and suggests actions to take based on the detection type. It also indicates what actions have been taken. {{An Account Takeover signal showing different highlighted areas of interest}} @@ -166,11 +166,11 @@ Blocking advanced distributed attacks is often a business decision because attac Here are three critical components for success in mitigating these attacks: -1. Proper onboarding: Are you configured for blocking with ASM? +1. Proper onboarding: Are you configured for blocking with AAP? 2. Proper configuration: Ensure you have correctly set client IPs and X-Forwarded-For (XFF) HTTP headers. 3. Internal communication plans: Communication with security teams, service owners, and product leads is critical to understanding the impact of mitigating large scale attacks. -
Responders can identify service owners using the tags in all ASM signals.
+
Responders can identify service owners using the tags in all AAP signals.
### Know your trends @@ -197,7 +197,7 @@ Many consumer applications have low occurrences of user authentication from data #### Proxies -Datadog uses [Spur][8] to determine if an IP is a proxy. Datadog correlates indicators of compromise (IOCs) with account takeover attacks for faster detection with the ASM-managed account takeover rules. +Datadog uses [Spur][8] to determine if an IP is a proxy. Datadog correlates indicators of compromise (IOCs) with account takeover attacks for faster detection with the AAP-managed account takeover rules. Datadog recommends never blocking IP addresses solely based on threat intelligence IOCs for IP addresses. See our threat intelligence [best practices][9] for details. @@ -242,7 +242,7 @@ Develop an incident response plan using the following post compromise steps: 1. Monitoring compromised user accounts. 2. Plan to invalidate credentials and contact users to update credentials. -3. Consider blocking users using ASM. +3. Consider blocking users using AAP. Attack motivation can influence post-compromise activity. Attackers wanting to resell accounts are unlikely to use accounts immediately after a compromise. Attackers attempting to access stored funds will use accounts immediately after compromise. diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md index 4811cff838d5e..cd90bc16f1973 100644 --- a/content/en/security/application_security/_index.md +++ b/content/en/security/application_security/_index.md @@ -1,5 +1,5 @@ --- -title: Application Security Management +title: App and API Protection description: Monitor threats targeting production system, leveraging the execution context provided by distributed traces. aliases: - /security_platform/application_security @@ -10,7 +10,7 @@ aliases: further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App and API Protection Works" - link: "/security/application_security/threats/" tag: "Documentation" text: "Threat Management" @@ -19,19 +19,19 @@ further_reading: text: "Software Composition Analysis" - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/" tag: "Product Page" - text: "Datadog Application Security Management" + text: "Datadog App and API Protection" - link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" tag: "Blog" - text: "Secure serverless applications with Datadog ASM" + text: "Secure serverless applications with Datadog AAP" - link: "https://www.datadoghq.com/blog/apm-security-view/" tag: "Blog" text: "Gain visibility into risks, vulnerabilities, and attacks with APM Security View" - link: "https://www.datadoghq.com/blog/block-attackers-application-security-management-datadog/" tag: "Blog" - text: "Block attackers in your apps and APIs with Datadog Application Security Management" + text: "Block attackers in your apps and APIs with Datadog App and API Protection" - link: "https://www.datadoghq.com/blog/threat-modeling-datadog-application-security-management/" tag: "Blog" - text: "Threat modeling with Datadog Application Security Management" + text: "Threat modeling with Datadog App and API Protection" - link: "https://www.datadoghq.com/blog/aws-waf-datadog/" tag: "Blog" text: "Monitor AWS WAF activity with Datadog" @@ -46,39 +46,39 @@ algolia: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}} -Datadog Application Security Management (ASM) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. +Datadog App and API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. -ASM leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. +AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, AAP leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code. When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats. -Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by ASM and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel. +Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by AAP and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel. -With ASM, you can cut through the noise of continuous trace data to focus on securing and protecting your environment. +With AAP, you can cut through the noise of continuous trace data to focus on securing and protecting your environment. -Until you fully remediate the potential vulnerabilities in your application code, ASM enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click. +Until you fully remediate the potential vulnerabilities in your application code, AAP enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click. ## Understanding how application security is implemented in Datadog -If you're curious how Application Security Management is structured and how it uses tracing data to identify security problems, read [How Application Security Management Works][3]. +If you're curious how App and API Protection is structured and how it uses tracing data to identify security problems, read [How App and API Protection Works][3]. ## Configure your environment -Powered by provided [out-of-the-box rules][4], ASM detects threats without manual configuration. If you already have Datadog [APM][1] configured on a physical or virtual host, setup only requires setting one environment variable to get started. +Powered by provided [out-of-the-box rules][4], AAP detects threats without manual configuration. If you already have Datadog [APM][1] configured on a physical or virtual host, setup only requires setting one environment variable to get started. -To start configuring your environment to detect and protect threats with ASM, follow the enabling documentation for each product. Once ASM is configured, you can begin investigating and remediating security signals in the [Security Signals Explorer][6]. +To start configuring your environment to detect and protect threats with AAP, follow the enabling documentation for each product. Once AAP is configured, you can begin investigating and remediating security signals in the [Security Signals Explorer][6]. ## Investigate and remediate security signals In the [Security Signals Explorer][6], click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context. -## Disable ASM -For information on disabling ASM or its features, see the following: +## Disable AAP +For information on disabling AAP or its features, see the following: - [Disabling threat management and protection][10] diff --git a/content/en/security/application_security/api-inventory/_index.md b/content/en/security/application_security/api-inventory/_index.md index 2d7444b657f00..70369020b6213 100644 --- a/content/en/security/application_security/api-inventory/_index.md +++ b/content/en/security/application_security/api-inventory/_index.md @@ -30,7 +30,7 @@ Using the API Security Inventory you can: ## Configuration -To use API Security on your services, **you must have ASM Threats Protection enabled**. The following library versions are compatible with API Security Inventory. [Remote Configuration][1] is required. +To use API Security on your services, **you must have AAP Threats Protection enabled**. The following library versions are compatible with API Security Inventory. [Remote Configuration][1] is required. |Technology|Minimum tracer version| Support for sensitive data scanning | |----------|----------|----------| @@ -47,7 +47,7 @@ To use API Security on your services, **you must have ASM Threats Protection ena ## How it works -API Inventory leverages the Datadog tracing library with ASM enabled to gather security metadata about API traffic, including the API schema, types of sensitive data processed, and the authentication scheme. API information is evaluated per endpoint, every 30 seconds, which should ensure minimal performance impact. +API Inventory leverages the Datadog tracing library with AAP enabled to gather security metadata about API traffic, including the API schema, types of sensitive data processed, and the authentication scheme. API information is evaluated per endpoint, every 30 seconds, which should ensure minimal performance impact. API Inventory Security uses [Remote Configuration][4] to manage and configure scanning rules that detect sensitive data and authentication. @@ -59,7 +59,7 @@ See the number of [attacks][2] your API experienced within the last week. ### Processing sensitive data -[ASM][2] matches known patterns for sensitive data in API requests. If it finds a match, the endpoint is tagged with the type of sensitive data processed. +[AAP][2] matches known patterns for sensitive data in API requests. If it finds a match, the endpoint is tagged with the type of sensitive data processed. The matching occurs within your application, and none of the sensitive data is sent to Datadog. diff --git a/content/en/security/application_security/guide/_index.md b/content/en/security/application_security/guide/_index.md index 797fde0fafce7..14630099354cc 100644 --- a/content/en/security/application_security/guide/_index.md +++ b/content/en/security/application_security/guide/_index.md @@ -1,14 +1,14 @@ --- -title: Application Security Management Guides +title: App and API Protection Guides private: true disable_toc: true --- {{< whatsnext desc="Getting Started" >}} - {{< nextlink href="/getting_started/application_security/" >}}First steps with Application Security Management{{< /nextlink >}} + {{< nextlink href="/getting_started/application_security/" >}}First steps with App and API Protection{{< /nextlink >}} {{< /whatsnext >}} {{< whatsnext desc="Advanced Topics" >}} {{< nextlink href="/security/application_security/guide/standalone_application_security/" >}}Standalone Application Security{{< /nextlink >}} - {{< nextlink href="/security/application_security/guide/manage_account_theft_appsec/" >}}Managing account theft with ASM{{< /nextlink >}} + {{< nextlink href="/security/application_security/guide/manage_account_theft_appsec/" >}}Managing account theft with AAP{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md index d51550b47138e..50a81fc188c75 100644 --- a/content/en/security/application_security/guide/manage_account_theft_appsec.md +++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md @@ -1,20 +1,20 @@ --- -title: Managing Account Theft with ASM +title: Managing Account Theft with AAP disable_toc: false --- Users are trusted entities in your systems with access to sensitive information and the ability to perform sensitive actions. Malicious actors have identified users as an opportunity to target websites and steal valuable data and resources. -Datadog Application Security Management (ASM) provides [built-in][1] detection and protection capabilities to help you manage this threat. +Datadog App and API Protection (AAP) provides [built-in][1] detection and protection capabilities to help you manage this threat. -This guide describes how to use ASM to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: +This guide describes how to use AAP to prepare for and respond to account takeover (ATO) campaigns. This guide is divided into three phases: 1. [Collecting login information](#phase-1-collecting-login-information): - - Enable and verify login activity collection in Datadog ASM using automatic or manual instrumentation methods. + - Enable and verify login activity collection in Datadog AAP using automatic or manual instrumentation methods. - Use remote configuration options if you cannot modify your service code. - Troubleshoot missing or incorrect data. 2. [Preparing for account takeover campaigns](#phase-2-preparing-for-ato-campaigns): - - Prepare for ATO campaigns detected by ASM. + - Prepare for ATO campaigns detected by AAP. - Configure notifications for attack alerts. - Validate proper data propagation for accurate attacker identification. - Set up automatic IP blocking for immediate mitigation. @@ -24,58 +24,58 @@ This guide describes how to use ASM to prepare for and respond to account takeov ## Phase 1: Collecting login information -To detect malicious patterns, ASM requires visibility into your users' login activity. This phase describes how to enable and validate this visibility. +To detect malicious patterns, AAP requires visibility into your users' login activity. This phase describes how to enable and validate this visibility. -### Step 1.1: Ensure ASM is enabled on your identity service +### Step 1.1: Ensure AAP is enabled on your identity service -This step describes how to set up your service to use ASM. +This step describes how to set up your service to use AAP. -
If your service is already using ASM, you can go to Step 1.3: Validating whether login information is automatically collected.
+
If your service is already using AAP, you can go to Step 1.3: Validating whether login information is automatically collected.
1. Go to [**Software Catalog**][2], click the **Security** lens, and search for your login service name. -2. Click on the service to open its details. If the **Threat management** pill is green, ASM is enabled and you may move to [Step 1.3: Validating whether login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). +2. Click on the service to open its details. If the **Threat management** pill is green, AAP is enabled and you may move to [Step 1.3: Validating whether login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). - If ASM isn't enabled, the panel displays the **Discover ASM** button. + If AAP isn't enabled, the panel displays the **Discover AAP** button. - To set up ASM, move to [Step 1.2: Enabling ASM on login service](#step-12-enabling-asm-on-your-login-service). + To set up AAP, move to [Step 1.2: Enabling AAP on login service](#step-12-enabling-asm-on-your-login-service). -### Step 1.2: Enabling ASM on your login service +### Step 1.2: Enabling AAP on your login service -To enable ASM on your login service, ensure you meet the following requirements: +To enable AAP on your login service, ensure you meet the following requirements: -* Similarly to Datadog APM, ASM requires a library integration in your services and a running Datadog Agent. -* ASM generally benefits from using the newest library possible; however, minimum supported versions are documented in [Compatibility Requirements][3]. +* Similarly to Datadog APM, AAP requires a library integration in your services and a running Datadog Agent. +* AAP generally benefits from using the newest library possible; however, minimum supported versions are documented in [Compatibility Requirements][3]. * At a minimum, **Threat Detection** must be enabled. Ideally, **Automatic user activity event tracking** should be enabled as well. -To enable ASM using a new deployment, use the `APPSEC_ENABLED` environment variable/library configuration or [Remote Configuration][11]. You can use either method, but Remote Configuration can be set up using the Datadog UI. +To enable AAP using a new deployment, use the `APPSEC_ENABLED` environment variable/library configuration or [Remote Configuration][11]. You can use either method, but Remote Configuration can be set up using the Datadog UI. -**To enable ASM using Remote Configuration**, and without having to restart your services, do the following: +**To enable AAP using Remote Configuration**, and without having to restart your services, do the following: -1. Go to [ASM onboarding][5]. -2. Click **Get Started with ASM**. +1. Go to [AAP onboarding][5]. +2. Click **Get Started with AAP**. 3. In **Activate on services already monitored by Datadog**, click **Select Services.** 4. Select your service(s), and then click **Next** and proceed with the setup instructions. -When you see traces from your service in [ASM Traces][6], move to [Step 1.3: Validating login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). +When you see traces from your service in [AAP Traces][6], move to [Step 1.3: Validating login information is automatically collected](#step-1.3:-validating-login-information-is-automatically-collected). -For more detailed instructions on using a new deployment, see [Enabling ASM Threat Detection using Datadog Tracing Libraries][7]. +For more detailed instructions on using a new deployment, see [Enabling AAP Threat Detection using Datadog Tracing Libraries][7]. ### Step 1.3: Validating login information is automatically collected -After you have enabled ASM, you can validate that login information is collected by Datadog. +After you have enabled AAP, you can validate that login information is collected by Datadog. -**Note:** After ASM is enabled on a service, wait a few minutes for users to log into the service or log into the service yourself. +**Note:** After AAP is enabled on a service, wait a few minutes for users to log into the service or log into the service yourself. To validate login information is collected, do the following: -1. Go to [Traces][8] in ASM. +1. Go to [Traces][8] in AAP. 2. Look for traces tagged with login activity from your login service. For example, in **Search for**, you might have `@appsec.security\activity:business\logic.users.login.*`. 3. Check if all your login services are reporting login activity. You can see this in the **Service** facet. @@ -87,7 +87,7 @@ To validate login information is collected, do the following: To validate that login metadata is collected, do the following: -1. Go to [Traces][8] in ASM. +1. Go to [Traces][8] in AAP. 2. Look for traces tagged with successful and failed login activity from your login service. You can update the search query in **Search for** to filter `business_logic.users.login.success` or `business_logic.users.login.failure`. 3. Open a trace. 4. On the **Security** tab, review the **Business Logic Event**. @@ -108,7 +108,7 @@ In the event of a **false** user (`usr.exists:false`), look for the following is ### Step 1.5: Manually instrumenting your services -ASM collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained. +AAP collects login information and metadata using an SDK embedded in the Datadog libraries. Instrumentation is performed by calling the SDK when a user login is successful/fails and by providing the SDK with the metadata of the login. The SDK attaches the login and the metadata to the trace and sends it to Datadog where it is retained.
For an alternative to modifying the service's code, go to Step 1.6: Remote instrumentation of your services.
@@ -124,7 +124,7 @@ To manually instrument your services, do the following: ### Step 1.6: Remote instrumentation of your services -ASM can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. +AAP can use custom In-App WAF rules to flag login attempts and extract the metadata from the request needed by detection rules. This approach requires that [Remote Configuration][11] is enabled and working. Verify Remote Configuration is running for this service in [Remote Configuration][12]. @@ -148,11 +148,11 @@ For more details, see [Tracking business logic information without modifying the ## Phase 2: Preparing for ATO campaigns -After setting up instrumentation for your services, ASM monitors for attack campaigns. You can review the traffic in the [Attacks overview][14] **Business logic** section. +After setting up instrumentation for your services, AAP monitors for attack campaigns. You can review the traffic in the [Attacks overview][14] **Business logic** section. -ASM detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. +AAP detects [multiple attacker strategies][15]. Upon detecting an attack with a high level of confidence, the [built-in detection rules][16] generate a signal. The severity of the signal is set based on the urgency of the threat: from **Low** in case of unsuccessful attacks to **Critical** in case of successful account compromises. @@ -176,7 +176,7 @@ The actions covered in the next sections help you to identify and leverage detec In microservice environments, services are generally reached by internal hosts running other services. This internal environment makes it challenging to identify the unique traits of the original attacker's request, such as IP, user agent, fingerprint, etc. -[ASM Traces][20] can help you validate that the login event is properly tagged with the source IPs, user agent, etc. To validate, review login traces in [Traces][21] and check for the following: +[AAP Traces][20] can help you validate that the login event is properly tagged with the source IPs, user agent, etc. To validate, review login traces in [Traces][21] and check for the following: * Source IPs (`@http.client_ip`) are varied and public IPs. * **Problem:** If login attempts are coming from a few IPs only, this might be a proxy that you can't block without risking availability. @@ -192,19 +192,19 @@ In microservice environments, services are generally reached by internal hosts r
Before you begin: Verify that the IP addresses are properly configured, as described in Step 2.2: Validate proper data propagation.
-ASM automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. +AAP automatic blocking can be used to block attacks at any time of the day. Automatic blocking can help block attacks before your team members are online, providing security during off hours. Within an ATO, automatic blocking can help mitigate the load issues caused by the increase in failed login attempts or prevent the attacker from using compromised accounts. You can configure automatic blocking to block IPs identified as part of an attack. This is only a partial remediation because attackers can change IPs; however, it can give you more time to implement comprehensive remediation. To configure automatic blocking, do the following: -1. Go to **ASM** > **Protection** > [Detection Rules][23]. +1. Go to **AAP** > **Protection** > [Detection Rules][23]. 2. In **Search**, enter `tag:"category:account_takeover"`. 3. Open the rules where you want to turn on blocking. Datadog recommends turning IP blocking on for **High** or **Critical** severity. 4. In the rule, in **Define Conditions**, in **Security Responses**, enable **IP automated blocking**. You may also enable **User automated blocking**. You can control the blocking behavior per condition. Each rule can have multiple conditions based on your confidence and the attack success. -**Datadog does not recommend permanent blocking of IP addresses**. Attackers are unlikely to reuse IPs and permanent blocking could result in blocking users. Moreover, ASM has a limit of how many IPs it can block (`~10000`), and this could fill this list with unnecessary IPs. +**Datadog does not recommend permanent blocking of IP addresses**. Attackers are unlikely to reuse IPs and permanent blocking could result in blocking users. Moreover, AAP has a limit of how many IPs it can block (`~10000`), and this could fill this list with unnecessary IPs. @@ -279,7 +279,7 @@ Datadog tries to identify common attributes between the login failures in your s If accurate, the activity of the cluster should closely match the increase in login failures while also being low/nonexistent before. If no cluster is available, click **Investigate in full screen** and review the targeted users/IPs for outliers. -If the list is truncated, click **View in ASM Protection Trace Explorer** and run the investigation with the Traces explorer. For additional tools, see [Step 3.3: Investigation](#step-33-investigation). +If the list is truncated, click **View in AAP Protection Trace Explorer** and run the investigation with the Traces explorer. For additional tools, see [Step 3.3: Investigation](#step-33-investigation). {{% /tab %}} {{< /tabs >}} @@ -344,7 +344,7 @@ Those are two important indicators: Click an indicator to see further information about the cluster traffic. -In **Cluster Activity**, there is a visualization of the volume of the overall APM traffic matching this cluster. While comparing it to the ASM data, beware the scale, since APM data may be sampled while ASM's isn't. +In **Cluster Activity**, there is a visualization of the volume of the overall APM traffic matching this cluster. While comparing it to the AAP data, beware the scale, since APM data may be sampled while AAP's isn't. In the following example, a lot of traffic comes from before the attack. This means a legitimate activity matches this cluster in normal traffic and it would get blocked if you were to take action. You don't need to escalate or click **Block All Attacking IPs** in the signal. @@ -356,7 +356,7 @@ After confirming that the traits match the attackers, you can push an In-App WAF To create the rule, do the following: -1. Go to **ASM** > **In-App WAF** > [Custom Rules](https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules). +1. Go to **AAP** > **In-App WAF** > [Custom Rules](https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules). 2. Click **Create New Rule** and complete the configuration. 3. Select your login service (or a service where you want to block the requests). You can target blocking to the login route also. 4. Configure the conditions of the rule. In this example, the user agent is used. If you want to block a specific user agent, you can paste it with the operator `matches value in list`. If you want more flexibility, you can also use a regex. @@ -434,7 +434,7 @@ In the diffuse attacks case, attacker attributes are available in the signal. 1. After opening the signal in the side panel, click **Investigate in full screen**. -2. In **Attacker Attributes**, select the cluster and click on **Filter this signal by selection**, then, in **Traces**, click **View in ASM Protection Trace Explorer**. +2. In **Attacker Attributes**, select the cluster and click on **Filter this signal by selection**, then, in **Traces**, click **View in AAP Protection Trace Explorer**. This gets you to the trace explorer with filters set to the flagged attributes. You can start the investigation with the current query, but you should expand it to also match login successes on top of the failures. You can do that by replacing `@appsec.security_activity:business_logic.users.login.failure` with `@appsec.security_activity:business_logic.users.login.*`. Review the exhaustiveness and accuracy of the filter using [the technique described above](#isolate-attacker-activity). @@ -518,13 +518,13 @@ If the signal wasn't accurate, you can extract the list or users or IPs and add #### In-App WAF rules -If the Denylist isn't sufficient, you can create a WAF rule. A WAF rule evaluates slower than the Denylist, but it is more flexible. To create the rule, go to **ASM** > **Protection** > **In-App WAF** > [Custom Rules][28]. +If the Denylist isn't sufficient, you can create a WAF rule. A WAF rule evaluates slower than the Denylist, but it is more flexible. To create the rule, go to **AAP** > **Protection** > **In-App WAF** > [Custom Rules][28]. To create a new rule, do the following: -1. Go to **ASM** > **Protection** > **In-App WAF** > [Custom Rules][28]. +1. Go to **AAP** > **Protection** > **In-App WAF** > [Custom Rules][28]. 2. Click **Create New Rule**. 3. Follow the steps in **Define your custom rule**. 4. In **Select the services you want this rule to apply to**, select your login service, or whichever services where you want to block requests. You can also target the blocking to the login route. @@ -639,7 +639,7 @@ Account theft is a common threat but also much more complex than traditional inj In this guide, you did the following: - Learned what account takeover campaigns can look like, how to triage them, and how to counter them. -- Instrumented your login services to provide Datadog ASM with all the context it needs. +- Instrumented your login services to provide Datadog AAP with all the context it needs. - Configured your login services to provide every capability at the time of the attack. This is general guidance. Depending on your applications and environments, there might be a need for additional response strategies. diff --git a/content/en/security/application_security/guide/standalone_application_security.md b/content/en/security/application_security/guide/standalone_application_security.md index 6ef15b14cc184..e214d3ec0fb8b 100644 --- a/content/en/security/application_security/guide/standalone_application_security.md +++ b/content/en/security/application_security/guide/standalone_application_security.md @@ -3,7 +3,7 @@ title: Set Up Application Security Products without using APM disable_toc: false --- -Datadog ASM [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone Application Security. This guide explains how to set up Standalone Application Security. +Datadog AAP [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone Application Security. This guide explains how to set up Standalone Application Security. ## Prerequisites @@ -31,9 +31,9 @@ Standalone Application Security is currently supported for the following tracing Set up the Datadog Agent using the standard method for APM or Application Security setup, but set up the Tracing Library by adding the `DD_APM_TRACING_ENABLED=false` environment variable to the service that runs the Tracing Library. -This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by Application Security products. The environment variable can then be combined with environment variables to enable ASM Threat Management or Code Security. +This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by Application Security products. The environment variable can then be combined with environment variables to enable AAP Threat Management or Code Security. -For ASM Threat Management, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable. +For AAP Threat Management, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable. For Code Security, add the `DD_APM_TRACING_ENABLED=false DD_IAST_ENABLED=true` environment variable. diff --git a/content/en/security/application_security/how-appsec-works.md b/content/en/security/application_security/how-appsec-works.md index fa548f15c8b42..ed61b18eabced 100644 --- a/content/en/security/application_security/how-appsec-works.md +++ b/content/en/security/application_security/how-appsec-works.md @@ -11,7 +11,7 @@ further_reading: --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} ## Overview diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index c22ccd1e541bb..e4a74d183e18d 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Serverless +title: Enabling AAP for Serverless aliases: - /security/application_security/getting_started/serverless - /security/application_security/enabling/serverless @@ -9,10 +9,10 @@ further_reading: text: "How Application Security Works" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/threats/" tag: "Documentation" text: "Application Threat Management" @@ -23,27 +23,27 @@ further_reading: {{< partial name="security-platform/appsec-serverless.html" >}}
-See [compatibility requirements][4] for information about what ASM features are available for serverless functions. +See [compatibility requirements][4] for information about what AAP features are available for serverless functions. ## AWS Lambda -Configuring ASM for AWS Lambda involves: +Configuring AAP for AWS Lambda involves: -1. Identifying functions that are vulnerable or are under attack, which would most benefit from ASM. Find them on [the Security tab of your Software Catalog][1]. -2. Setting up ASM instrumentation by using the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][6], or manually by using the Datadog tracing layers. +1. Identifying functions that are vulnerable or are under attack, which would most benefit from AAP. Find them on [the Security tab of your Software Catalog][1]. +2. Setting up AAP instrumentation by using the [Datadog CLI](https://docs.datadoghq.com/serverless/serverless_integrations/cli), [AWS CDK](https://github.com/DataDog/datadog-cdk-constructs), [Datadog Serverless Framework plugin][6], or manually by using the Datadog tracing layers. 3. Triggering security signals in your application and seeing how Datadog displays the resulting information. ### Prerequisites - [Serverless APM Tracing][apm-lambda-tracing-setup] is setup on the Lambda function to send traces directly to Datadog. - X-Ray tracing, by itself, is not sufficient for ASM and requires APM Tracing to be enabled. + X-Ray tracing, by itself, is not sufficient for AAP and requires APM Tracing to be enabled. ### Get started {{< tabs >}} {{% tab "Serverless Framework" %}} -The [Datadog Serverless Framework plugin][1] can be used to automatically configure and deploy your lambda with ASM. +The [Datadog Serverless Framework plugin][1] can be used to automatically configure and deploy your lambda with AAP. To install and configure the Datadog Serverless Framework plugin: @@ -52,11 +52,11 @@ To install and configure the Datadog Serverless Framework plugin: serverless plugin install --name serverless-plugin-datadog ``` -2. Enable ASM by updating your `serverless.yml` with the `enableASM` configuration parameter: +2. Enable AAP by updating your `serverless.yml` with the `enableAAP` configuration parameter: ```yaml custom: datadog: - enableASM: true + enableAAP: true ``` Overall, your new `serverless.yml` file should contain at least: @@ -65,11 +65,11 @@ To install and configure the Datadog Serverless Framework plugin: datadog: apiKeySecretArn: "{Datadog_API_Key_Secret_ARN}" # or apiKey enableDDTracing: true - enableASM: true + enableAAP: true ``` See also the complete list of [plugin parameters][4] to further configure your lambda settings. -4. Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +4. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [1]: https://docs.datadoghq.com/serverless/serverless_integrations/plugin [2]: https://docs.datadoghq.com/serverless/libraries_integrations/extension @@ -320,7 +320,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions [1]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html {{< /site-region >}} -3. Enable ASM by adding the following environment variables on your function deployment: +3. Enable AAP by adding the following environment variables on your function deployment: ```yaml environment: AWS_LAMBDA_EXEC_WRAPPER: /opt/datadog_wrapper @@ -333,7 +333,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions - **Python**: Set your function's handler to `datadog_lambda.handler.handler`. - Also, set the environment variable `DD_LAMBDA_HANDLER` to your original handler, for example, `myfunc.handler`. -5. Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +5. Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc @@ -342,7 +342,7 @@ The [Datadog CDK Construct][1] automatically installs Datadog on your functions ## Google Cloud Run -
ASM support for Google Cloud Run is in Preview.
+
AAP support for Google Cloud Run is in Preview.
### How `serverless-init` works @@ -944,7 +944,7 @@ As long as your command to run is passed as an argument to `datadog-init`, you w ### Setup #### Set application settings -To enable ASM on your application, begin by adding the following key-value pairs under **Application Settings** in your Azure configuration settings. +To enable AAP on your application, begin by adding the following key-value pairs under **Application Settings** in your Azure configuration settings. {{< img src="serverless/azure_app_service/application-settings.jpg" alt="Azure App Service Configuration: the Application Settings, under the Configuration section of Settings in the Azure UI. Three settings are listed: DD_API_KEY, DD_SERVICE, and DD_START_APP." style="width:80%;" >}} @@ -1002,7 +1002,7 @@ Download the [`datadog_wrapper`][8] file from the releases and upload it to your ## Testing threat detection -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: +To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt: ```sh curl -A 'dd-test-scanner-log' https://your-function-url/existing-route ``` diff --git a/content/en/security/application_security/threats/_index.md b/content/en/security/application_security/threats/_index.md index bd583c3e74349..57744d58c1451 100644 --- a/content/en/security/application_security/threats/_index.md +++ b/content/en/security/application_security/threats/_index.md @@ -6,38 +6,38 @@ further_reading: text: "Tracking User Activity" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" - text: "Configuring your ASM setup" + text: "Configuring your AAP setup" - link: "/security/code_security/software_composition_analysis/" tag: "Documentation" text: "Software Composition Analysis" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How ASM Works" + text: "How AAP Works" --- {{< site-region region="gov" >}} -
Application Security Management is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
+
App and API Protection is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}).
{{< /site-region >}} -Datadog's Application Security Management (ASM) Threat Management protects web applications and APIs from a wide range of security threats, including: +Datadog's App and API Protection (AAP) Threat Management protects web applications and APIs from a wide range of security threats, including: - Exploit attempts - Application abuse and fraud - API abuse -Integrated into the Datadog platform, ASM Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. +Integrated into the Datadog platform, AAP Threat Management leverages Datadog’s extensive observability data (logs and traces) to provide full-stack visibility and security in a unified platform. -ASM Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. +AAP Threat Management enables teams to identify and remediate threats quickly. Its key differentiator is bridging the gap between security and DevOps, promoting collaboration between development, security, and operations teams. ## Use cases -Discover the ways Datadog ASM Threat Management helps common use cases: +Discover the ways Datadog AAP Threat Management helps common use cases: -| You want to... | How Datadog ASM can help | +| You want to... | How Datadog AAP can help | | ----------- | ----------- | -| **Web Application Protection:** Prevent vulnerability exploits such as SQL Injection, Server-side Request Forgery, and Local File Inclusion. | Enable [Exploit Prevention][9] on your services. ASM Threat Management blocks exploits in real-time and generates signals for further investigation.| +| **Web Application Protection:** Prevent vulnerability exploits such as SQL Injection, Server-side Request Forgery, and Local File Inclusion. | Enable [Exploit Prevention][9] on your services. AAP Threat Management blocks exploits in real-time and generates signals for further investigation.| | **Application and API abuse:** Protect applications against application and API abuse such as credential stuffing and Account Takeover attacks.| Leverage [OOTB detection rules][10] for notifications such as unusual account creations or password resets from an IP, or distributed credential stuffing campaigns. Review the benefits of [OOTB Account TakeOver Protection][11].| -| **API Security:** Learn about your organization’s APIs, understand the posture and actions needed to reduce risk using a prioritized list of API endpoints.| ASM Threat Management:
- Inventories all your API endpoints.
- Gives you visibility into your API traffic, including API abuse.
- Highlights risk across your API endpoints. For example, vulnerable or unauthenticated endpoints processing sensitive data.| +| **API Security:** Learn about your organization’s APIs, understand the posture and actions needed to reduce risk using a prioritized list of API endpoints.| AAP Threat Management:
- Inventories all your API endpoints.
- Gives you visibility into your API traffic, including API abuse.
- Highlights risk across your API endpoints. For example, vulnerable or unauthenticated endpoints processing sensitive data.| ## Security signals @@ -45,12 +45,12 @@ Security signals raised by Threat Monitoring are summarized and surfaced in view {{< img src="security/application_security/threats/threats-on-svc-cat_3.png" alt="Software Catalog with services showing threat signals" style="width:100%;" >}} -For additional information about how Threat Management works, read [How ASM Works][4]. +For additional information about how Threat Management works, read [How AAP Works][4]. ## Explore threat signals -When threat data for your services is coming into Datadog, [ASM Overview][7] shows a summary of what's happening. Here, you can enable vulnerability detection, review attacks, customize alerting and reporting, and enable ASM on your services. To investigate signals of suspicious activity, click a service's **Review** link. +When threat data for your services is coming into Datadog, [AAP Overview][7] shows a summary of what's happening. Here, you can enable vulnerability detection, review attacks, customize alerting and reporting, and enable AAP on your services. To investigate signals of suspicious activity, click a service's **Review** link. In the [Signals Explorer][2], filter by attributes and facets to find critical threats. Click into a signal to see details for it, including the user information and their IP address, what rule they triggered, attack flow, and related traces and other security signals. From this page you can also click to create a case and declare an incident. For more information see [Investigate Security Signals][8]. @@ -59,9 +59,9 @@ In the [Signals Explorer][2], filter by attributes and facets to find critical t ## Create In-App WAF rules for identifying attack patterns -You can [create In-App WAF rules][5] that define what suspicious behavior looks like in your application, augmenting the default rules that come with ASM. Then [specify custom rules][6] to generate security signals from the attack attempts triggered from these rules, raising them in the Threat Monitoring views for your investigation. +You can [create In-App WAF rules][5] that define what suspicious behavior looks like in your application, augmenting the default rules that come with AAP. Then [specify custom rules][6] to generate security signals from the attack attempts triggered from these rules, raising them in the Threat Monitoring views for your investigation. -## Slow down attacks and attackers with ASM Protect +## Slow down attacks and attackers with AAP Protect {{% asm-protect %}} diff --git a/content/en/security/application_security/threats/add-user-info.md b/content/en/security/application_security/threats/add-user-info.md index 2f06fc6ee9720..ecd68df0d1d5e 100644 --- a/content/en/security/application_security/threats/add-user-info.md +++ b/content/en/security/application_security/threats/add-user-info.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -16,7 +16,7 @@ further_reading: Instrument your services and track user activity to detect and block bad actors. -[Add authenticated user information on traces](#adding-authenticated-user-information-to-traces-and-enabling-user-blocking-capability) to identify and block bad actors targeting your authenticated attack surface. To do this, set the user ID tag on the running APM trace, providing the necessary instrumentation for ASM to block authenticated attackers. This allows ASM to associate attacks and business logic events to users. +[Add authenticated user information on traces](#adding-authenticated-user-information-to-traces-and-enabling-user-blocking-capability) to identify and block bad actors targeting your authenticated attack surface. To do this, set the user ID tag on the running APM trace, providing the necessary instrumentation for AAP to block authenticated attackers. This allows AAP to associate attacks and business logic events to users. [Track user logins and activity](#adding-business-logic-information-login-success-login-failure-any-business-logic-to-traces) to detect account takeovers and business logic abuse with out-of-the-box detection rules, and to ultimately block attackers. @@ -726,13 +726,13 @@ track_custom_event(tracer, event_name, metadata) ### Tracking business logic information without modifying the code -If your service has ASM enabled and [Remote Configuration][1] enabled, you can create a custom WAF rule to flag any request it matches with a custom business logic tag. This doesn't require any modification to your application, and can be done entirely from Datadog. +If your service has AAP enabled and [Remote Configuration][1] enabled, you can create a custom WAF rule to flag any request it matches with a custom business logic tag. This doesn't require any modification to your application, and can be done entirely from Datadog. To get started, navigate to the [Custom WAF Rule page][2] and click on "Create New Rule". -{{< img src="security/application_security/threats/custom-waf-rule-menu.png" alt="Access the Custom WAF Rule Menu from the ASM homepage by clicking on Protection, then In-App WAF and Custom Rules" style="width:100%;" >}} +{{< img src="security/application_security/threats/custom-waf-rule-menu.png" alt="Access the Custom WAF Rule Menu from the AAP homepage by clicking on Protection, then In-App WAF and Custom Rules" style="width:100%;" >}} -This will open a menu in which you may define your custom WAF rule. By selecting the "Business Logic" category, you will be able to configure an event type (for instance, `users.password_reset`). You can then select the service you want to track, and a specific endpoint. You may also use the rule condition to target a specific parameter to identify the codeflow you want to _instrument_. When the condition matches, the library tags the trace and flags it to be forwarded to ASM. If you don't need the condition, you may set a broad condition to match everything. +This will open a menu in which you may define your custom WAF rule. By selecting the "Business Logic" category, you will be able to configure an event type (for instance, `users.password_reset`). You can then select the service you want to track, and a specific endpoint. You may also use the rule condition to target a specific parameter to identify the codeflow you want to _instrument_. When the condition matches, the library tags the trace and flags it to be forwarded to AAP. If you don't need the condition, you may set a broad condition to match everything. {{< img src="security/application_security/threats/custom-waf-rule-form.png" alt="Screenshot of the form that appear when you click on the Create New Rule button" style="width:50%;" >}} @@ -744,7 +744,7 @@ Once saved, the rule is deployed to instances of the service that have Remote Co ## Automatic user activity event tracking -When ASM is enabled, Datadog Tracing Libraries attempt to detect user activity events automatically. +When AAP is enabled, Datadog Tracing Libraries attempt to detect user activity events automatically. The events that can be automatically detected are: @@ -769,7 +769,7 @@ Automatic user activity tracking offers the following modes: - `anonymization` mode (short name: `anon`): - This mode is the same as `identification`, but anonymizes the user ID by hashing (SHA256) it and cropping the resulting hash. - `disabled` mode: - - ASM libraries do *not* collect any user ID from their automated instrumentations. + - AAP libraries do *not* collect any user ID from their automated instrumentations. - User login events are not emitted.
All modes only affect automated instrumentation. The modes don't apply to manual collection. Manual collection is configured using an SDK, and those settings are not overridden by automated instrumentation.
@@ -795,7 +795,7 @@ The following modes are deprecated: ## Disabling user activity event tracking -To disable automated user activity detection through your [ASM Software Catalog][14], change the automatic tracking mode environment variable `DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE` to `disabled` on the service you want to deactivate. All modes only affect automated instrumentation and require [Remote Configuration][15] to be enabled. +To disable automated user activity detection through your [AAP Software Catalog][14], change the automatic tracking mode environment variable `DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE` to `disabled` on the service you want to deactivate. All modes only affect automated instrumentation and require [Remote Configuration][15] to be enabled. For manual configuration, you can set the environment variable `DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED` to `false` on your service and restart it. This must be set on the application hosting the Datadog Tracing Library, and not on the Datadog Agent. diff --git a/content/en/security/application_security/threats/attack-summary.md b/content/en/security/application_security/threats/attack-summary.md index 78d6cb06a2fa7..054aa1e25cf3c 100644 --- a/content/en/security/application_security/threats/attack-summary.md +++ b/content/en/security/application_security/threats/attack-summary.md @@ -4,9 +4,9 @@ aliases: - /security/application_security/threats/threat-overview --- -{{< img src="security/application_security/threats/appsec-threat-overview-page-top.png" alt="Screenshot of the ASM Attack Summary page" >}} +{{< img src="security/application_security/threats/appsec-threat-overview-page-top.png" alt="Screenshot of the AAP Attack Summary page" >}} -The ASM **Attack Summary** provides a quick view of your application and API posture. It highlights trends, service exposure, attack traffic, and the impact on business logic. You can pivot from widgets to their related traces. +The AAP **Attack Summary** provides a quick view of your application and API posture. It highlights trends, service exposure, attack traffic, and the impact on business logic. You can pivot from widgets to their related traces. Each section of **Attack Summary** focuses on a different aspect of security with supporting information. diff --git a/content/en/security/application_security/threats/attacker-explorer.md b/content/en/security/application_security/threats/attacker-explorer.md index 2d929dc0370af..423d4603cd23a 100644 --- a/content/en/security/application_security/threats/attacker-explorer.md +++ b/content/en/security/application_security/threats/attacker-explorer.md @@ -11,7 +11,7 @@ This topic describes how to use **Attacker Explorer** to investigate and block F ## Overview -Datadog Application Security Management (ASM) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. +Datadog App and API Protection (AAP) identifies attackers as suspicious and flagged. With [Attacker Explorer][1], you can investigate and take action against the attackers. ### Definitions @@ -26,10 +26,10 @@ Datadog Application Security Management (ASM) identifies attackers as suspicious To understand the difference between the different explorers, review these approaches: -- **Protect:** Automated blocking using ASM Protection configuration. Customers should block attack tools as their first automated blocking action. Blocking attack tools reduces common vulnerability discovery for OWASP threats such as SQLi, command injection, and SSRF. +- **Protect:** Automated blocking using AAP Protection configuration. Customers should block attack tools as their first automated blocking action. Blocking attack tools reduces common vulnerability discovery for OWASP threats such as SQLi, command injection, and SSRF. - **Reactive:** Blocking using Signals or Attackers explorer in response to observed threats. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_nav.png" alt="Screenshot of the ASM Attacker Explorer navigation" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_nav.png" alt="Screenshot of the AAP Attacker Explorer navigation" >}} Each explorer focuses on a specific use case: @@ -46,7 +46,7 @@ Each explorer focuses on a specific use case: To start reviewing attackers, go to [Attacker Explorer][1]. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_default_view2.png" alt="ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_default_view2.png" alt="AAP Attacker Explorer" >}} There are two sections to the Attacker Explorer: @@ -58,7 +58,7 @@ There are two sections to the Attacker Explorer: Click on any row to view the history and attributes of the IP. -{{< img src="security/application_security/threats/attacker-explorer/ip_drawer.png" alt="Investigate and IP address with ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/ip_drawer.png" alt="Investigate and IP address with AAP Attacker Explorer" >}} IPs can be blocked or added to the Passlist from the IP drawer. @@ -72,7 +72,7 @@ IPs can be blocked or added to the Passlist from the IP drawer. To block an individual IP temporarily or permanently, do the following: -{{< img src="security/application_security/threats/attacker-explorer/block_ip_address.png" alt="Block an IP address with ASM Attacker Explorer" >}} +{{< img src="security/application_security/threats/attacker-explorer/block_ip_address.png" alt="Block an IP address with AAP Attacker Explorer" >}} 1. Click `Block` on the row. 2. Choose a blocking duration. @@ -90,7 +90,7 @@ To compare and block IPs in bulk, do the following: In the following example, the selected IPs are from the same location and appear to be related. The **Compare and Block** option opens the **Block selected attackers** view, showing metrics and attributes for the selected IP addresses. - {{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the ASM Attacker Explorer group blocking" >}} + {{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the AAP Attacker Explorer group blocking" >}} 4. To block attackers, click **Block**. @@ -98,7 +98,7 @@ To compare and block IPs in bulk, do the following: When you select the **Compare and Block** option, the **Block selected attackers** view opens, showing metrics and attributes for the selected IP addresses. -{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the ASM Attacker Explorer group blocking" >}} +{{< img src="security/application_security/threats/attacker-explorer/attacker_explorer_review_groups2.png" alt="Screenshot of the AAP Attacker Explorer group blocking" >}}
Metrics for Similarity Overview and Activity are scoped to the last 30 days.
@@ -110,7 +110,7 @@ Contains the IPs selected from the explorer. Deselecting an IP removes it from t ### Similarity overview -Each column exists to help block with confidence and safety. The provided attributes are also used by ASM's Attacker Similarity feature. +Each column exists to help block with confidence and safety. The provided attributes are also used by AAP's Attacker Similarity feature. ASNs : Autonomous System Numbers. Attacks with large numbers of IP addresses might originate from the same ASN, especially when attacks originate from data centers and cloud IPs. @@ -141,7 +141,7 @@ The traces associated with the IP addresses over the selected time. Benign traffic is sampled APM traffic which are traces without business logic or attack traffic detections. -Attack traffic is all ASM traces, inclusive of business logic. +Attack traffic is all AAP traces, inclusive of business logic. ### Block diff --git a/content/en/security/application_security/threats/attacker_clustering.md b/content/en/security/application_security/threats/attacker_clustering.md index b95d6a86728db..d23d20650681d 100644 --- a/content/en/security/application_security/threats/attacker_clustering.md +++ b/content/en/security/application_security/threats/attacker_clustering.md @@ -22,7 +22,7 @@ further_reading: ## Overview -Attacker Clustering improves distributed attack blocking. Datadog Application Security Management (ASM) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. +Attacker Clustering improves distributed attack blocking. Datadog App and API Protection (AAP) identifies security signal traffic attacker patterns and to help you mitigate distributed attacks more efficiently. Attacker clustering highlights a set of common attributes shared by a significant portion of traffic and suggests blocking based on those attributes. @@ -30,9 +30,9 @@ Blocking on attacker attributes means you keep your application or API protected ## What signals are used for attacker clusters? -The attacker clustering is computed for every [ASM security signal][4] emitted from a detection rule tagged with `category:account_takeover` or `category:fraud` +The attacker clustering is computed for every [AAP security signal][4] emitted from a detection rule tagged with `category:account_takeover` or `category:fraud` -Out of the box, attacker clustering is computed for the ASM detection rules that detect API abuse, credential stuffing, or brute force attacks. +Out of the box, attacker clustering is computed for the AAP detection rules that detect API abuse, credential stuffing, or brute force attacks. If you want the attacker clustering executed on custom detection rules, add these tags in the detection rule editor (see screenshot below). @@ -50,7 +50,7 @@ Attacker clustering is computed using the following request attributes: When the attacker attributes are identified, they are displayed on the signal side panel and **Signals** page. Attacker attributes can be a combination of the attributes listed above. -{{< img src="security/application_security/threats/attacker-attributes.png" alt="Screenshot of an ASM signals with attacker attributes identified" >}} +{{< img src="security/application_security/threats/attacker-attributes.png" alt="Screenshot of an AAP signals with attacker attributes identified" >}} ## Attacker clustering mechanism @@ -60,7 +60,7 @@ The algorithm tracks the changes in the attack traffic by identifying emerging t Traffic associated with threat intelligence is also considered in the clustering mechanism. The more an attribute is correlated with [Threat Intelligence][1], the higher the chance to create an attacker cluster around this attribute. -The attacker clustering attributes selected are then shown as regular expressions that can be used to block with ASM's [In-App WAF][3] or to filter out traffic in ASM Traces explorer for investigation. +The attacker clustering attributes selected are then shown as regular expressions that can be used to block with AAP's [In-App WAF][3] or to filter out traffic in AAP Traces explorer for investigation. ## Further reading diff --git a/content/en/security/application_security/threats/attacker_fingerprint.md b/content/en/security/application_security/threats/attacker_fingerprint.md index 7b699545cdf7b..cf8463cf8aa70 100644 --- a/content/en/security/application_security/threats/attacker_fingerprint.md +++ b/content/en/security/application_security/threats/attacker_fingerprint.md @@ -11,7 +11,7 @@ This topic describes a feature called **Datadog Attacker Fingerprint** to identi ## Overview -Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when Application Security Management (ASM) is enabled on your service. +Datadog Attacker Fingerprint identifies attackers beyond IP addresses. Datadog Attacker fingerprints are automatically computed and added to your traces on attack or login attempts when App and API Protection (AAP) is enabled on your service. Datadog Attacker fingerprints are composed of several fragments: * Endpoint Identifier @@ -59,9 +59,9 @@ The network identifier fragment provides information about the network part of t ## How to use Attacker Fingerprints -Fragments can be used as filters in the ASM Traces explorer by filtering on the desired fingerprint field. For example: `@appsec.fingerprint.header.ua_hash:e462fa45` will filter on all requests that have the same user agent hash. +Fragments can be used as filters in the AAP Traces explorer by filtering on the desired fingerprint field. For example: `@appsec.fingerprint.header.ua_hash:e462fa45` will filter on all requests that have the same user agent hash. -{{< img src="security/application_security/threats/attacker-fingerprint-trace.png" alt="Screenshot of an ASM trace with attacker fingerprint in the trace side panel" >}} +{{< img src="security/application_security/threats/attacker-fingerprint-trace.png" alt="Screenshot of an AAP trace with attacker fingerprint in the trace side panel" >}} Attacker fingerprints are used in the [Attacker Clustering][1] feature. If a significant portion of your traffic presents the same fingerprint attributes, attacker clustering will show it has a common attack attribute. diff --git a/content/en/security/application_security/threats/custom_rules.md b/content/en/security/application_security/threats/custom_rules.md index cd4848d0f2b8f..55d3bf197dff3 100644 --- a/content/en/security/application_security/threats/custom_rules.md +++ b/content/en/security/application_security/threats/custom_rules.md @@ -6,34 +6,34 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/event_rules/" tag: "Documentation" text: "Creating event rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App and API Protection issues" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" - link: "/tracing/trace_explorer/query_syntax/" tag: "Documentation" - text: "Syntax for defining the ASM query" + text: "Syntax for defining the AAP query" --- ## Overview -Application Security Management (ASM) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. +App and API Protection (AAP) comes with a set of [out-of-the-box detection rules][1] which aim to catch attack attempts, vulnerabilities found by attacker, and business logic abuse that impact your production systems. However, there are situations where you may want to customize a rule based on your environment or workload. For example, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. -Another example is customizing a rule to exclude an internal security scanner. ASM detects its activity as expected. However, you may not want to be notified of its regularly occurring scan. +Another example is customizing a rule to exclude an internal security scanner. AAP detects its activity as expected. However, you may not want to be notified of its regularly occurring scan. -In these situations, a custom detection rule can be created to exclude such events. This guide shows you how to create a custom detection rule for ASM. +In these situations, a custom detection rule can be created to exclude such events. This guide shows you how to create a custom detection rule for AAP. ## Business logic abuse detection rule -ASM offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. +AAP offers out of the box rules to detect business logic abuse (for example, resetting a password through brute force). Those rules require [adding business logic information to traces][7]. Recent Datadog Tracing Libraries attempt to detect and send user login and signup events automatically without needing to modify the code. If needed, you can [opt out of the automatic user activity event tracking][8]. @@ -45,13 +45,13 @@ See the section below to see how to configure your rules. To customize an OOTB detection rule, you must first clone an existing rule. Navigate to your [Detection Rules][2] and select a rule. Scroll to the bottom of the rule and click the Clone Rule button. This now enables you to edit the existing rule. -### Define an ASM query +### Define an AAP query -Construct an ASM query using the [same query syntax as in the ASM Trace Explorer][3]. For example, create a query to monitor login successes from outside of the United States: `@appsec.security_activity:business_logic.users.login.success -@actor.ip_details.country.iso_code:US`. +Construct an AAP query using the [same query syntax as in the AAP Trace Explorer][3]. For example, create a query to monitor login successes from outside of the United States: `@appsec.security_activity:business_logic.users.login.success -@actor.ip_details.country.iso_code:US`. Optionally, define a unique count and signal grouping. Count the number of unique values observed for an attribute in a given timeframe. The defined group-by generates a signal for each group-by value. Typically, the group-by is an entity (like user, IP, or service). The group-by is also used to [join the queries together](#joining-queries). -Use the preview section to see which ASM traces match the search query. You can also add additional queries with the Add Query button. +Use the preview section to see which AAP traces match the search query. You can also add additional queries with the Add Query button. ##### Joining queries diff --git a/content/en/security/application_security/threats/exploit-prevention.md b/content/en/security/application_security/threats/exploit-prevention.md index 46eefc69c6338..7bec2b7a061ca 100644 --- a/content/en/security/application_security/threats/exploit-prevention.md +++ b/content/en/security/application_security/threats/exploit-prevention.md @@ -4,7 +4,7 @@ disable_toc: false further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/threats/library_configuration/" tag: "Documentation" text: "Other setup considerations and configuration options" @@ -19,43 +19,43 @@ further_reading: ## Overview -Use ASM **Exploit Prevention** to protect your critical applications and APIs against zero-day vulnerabilities without tuning or reconfiguration. +Use AAP **Exploit Prevention** to protect your critical applications and APIs against zero-day vulnerabilities without tuning or reconfiguration. -With ASM's context-aware capabilities, you can gain a deep understanding of application logic, data flow, and state. +With AAP's context-aware capabilities, you can gain a deep understanding of application logic, data flow, and state. Combine telemetry from the Datadog tracer with predefined heuristics to detect and block exploits with higher accuracy, ensuring legitimate traffic remains unaffected. ## How exploit prevention works -1. With the Datadog ASM tracing library instrumented in your applications, details are captured about every interaction within the application, including requests, code execution, and data flows. -2. When an attack payload reaches the application, ASM evaluates if the payload triggers code paths tied to known vulnerabilities. +1. With the Datadog AAP tracing library instrumented in your applications, details are captured about every interaction within the application, including requests, code execution, and data flows. +2. When an attack payload reaches the application, AAP evaluates if the payload triggers code paths tied to known vulnerabilities. 3. If a potential exploit is detected: - 1. ASM blocks the request in real-time before it causes damage. - 2. ASM raises security signals for further investigation. + 1. AAP blocks the request in real-time before it causes damage. + 2. AAP raises security signals for further investigation. 4. Exploit prevention detections are accompanied by stack traces that provide full visibility of the code location of the vulnerability, providing a clear path to remediation. ### Example 1: Server-side request forgery An attacker tricks the server into making unauthorized requests to internal systems or external servers, potentially leaking information or a further exploitation. -ASM Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. +AAP Exploit Prevention checks whether an internal or external request's URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request. ### Example 2: Local file inclusion An attacker exploits a vulnerable parameter to include local files from the server, potentially exposing sensitive data like configuration files or possibly enabling remote code execution. -ASM Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. +AAP Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed. ### Example 3: SQL injection An attacker injects malicious SQL code into a query, potentially gaining unauthorized access to the database, manipulating data, or executing administrative operations. -ASM Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. +AAP Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query. ## Prerequisites - Ensure that your applications are instrumented with the Datadog tracer. -- ASM Threat Management must be enabled. See [Threat Management Setup][1]. +- AAP Threat Management must be enabled. See [Threat Management Setup][1]. - Ensure Remote Configuration is enabled to push rule updates and In-App WAF policies. See [Enabling Remote Configuration][2]. ### Library Compatibility @@ -88,13 +88,13 @@ ASM Exploit Prevention intercepts all SQL queries to determine if a user paramet 3. If you have applied a custom policy for your services, you can skip Steps 2.a and 2.b for cloning a policy and directly set the Exploit Prevention rules in **blocking** mode (Steps 2.c and 2.d). -## Reviewing exploit attempts in ASM +## Reviewing exploit attempts in AAP -After you have enabled Exploit Prevention, if ASM detects an exploit attempt, it proceeds to block that request. Exploit Prevention detections are always accompanied by stack traces, which provide full visibility of where the vulnerability lies in your code, ensuring a clear path to remediation. +After you have enabled Exploit Prevention, if AAP detects an exploit attempt, it proceeds to block that request. Exploit Prevention detections are always accompanied by stack traces, which provide full visibility of where the vulnerability lies in your code, ensuring a clear path to remediation. {{< img src="security/application_security/threats/exploit-prevention-detection.png" alt="Exploit Prevention detection" width="100%" >}} -In addition, ASM also generates a signal correlating all the blocked traces and isolating the attacker IP addresses that are targeting your service(s). You can take action by blocking all attacking IPs. +In addition, AAP also generates a signal correlating all the blocked traces and isolating the attacker IP addresses that are targeting your service(s). You can take action by blocking all attacking IPs. {{< img src="security/application_security/threats/signal-correlating-blocked-traces.png" alt="Your image description" width="100%" >}} diff --git a/content/en/security/application_security/threats/inapp_waf_rules.md b/content/en/security/application_security/threats/inapp_waf_rules.md index c7e2613748967..2ee792b8d2eed 100644 --- a/content/en/security/application_security/threats/inapp_waf_rules.md +++ b/content/en/security/application_security/threats/inapp_waf_rules.md @@ -7,24 +7,24 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/custom_rules/" tag: "Documentation" text: "Writing custom detection rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshoot common Datadog Application Security Management issues" + text: "Troubleshoot common Datadog App and API Protection issues" --- ## Overview -With Application Security Management (ASM) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. +With App and API Protection (AAP) enabled, the Datadog tracing library actively monitors all web services and API requests for suspicious security activity. -An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box ASM In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. +An _In-App WAF rule_ specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box AAP In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules. You can add to the In-App WAF rules without upgrading the tracing library. -## Structure of an ASM In-App WAF rule +## Structure of an AAP In-App WAF rule An In-App WAF rule is a JSON object composed of a category, a name, tags, and conditions. When a security trace is detected, tags from the rules are propagated onto the security trace, and can be used to build [detection rules][1]. @@ -59,7 +59,7 @@ Custom In-App WAF rules enable users to log or block specific types of requests **Note:** Default rules in In-App WAF are read-only. To refine your In-App WAF behavior, modify the In-App WAF rules. Default rules cannot be modified, however, you can create a custom rule based on one of the default rules, and modify the match conditions to your needs. Be sure to disable the default rule so that you don't have two similar rules evaluating the same requests. -## Configure an ASM In-App WAF rule +## Configure an AAP In-App WAF rule Blocking on a service is defined through the policy rules. Three Datadog default policies are included in the In-App WAF: *Datadog Recommended*, *Datadog Monitoring-only*, which monitors attacks only, and *Datadog Block Attack tools*, which blocks attack tools and monitors all other attacks. @@ -70,7 +70,7 @@ Services using a policy are visible directly in the policy management page. {{< img src="security/application_security/threats/waf/in-app-waf.png" alt="In-App WAF configuration page, showing two default policies." style="width:100%;" >}} 2. Click on the three dots to the right of one of the policies, and select **Download Configuration of this Policy** to download the configuration file to your local machine. -3. Optionally, select **Apply this Policy to Services** to apply a default policy to one or more of your protection enabled ASM services. +3. Optionally, select **Apply this Policy to Services** to apply a default policy to one or more of your protection enabled AAP services. **Note:** A policy can be applied to one or more services, but a service can only contain one _policy_. @@ -108,7 +108,7 @@ Services using a policy are visible directly in the policy management page. 4. Using a utility such as SCP or FTP, copy the `appsec-rules.json` file to your application server, for example, `/home/asm/appsec-rules.json`. -5. Following the instructions in [Enabling ASM][3] for adding application variables in your environment, add the `DD_APPSEC_RULES` environment variable to your service with the full path to the file: +5. Following the instructions in [Enabling AAP][3] for adding application variables in your environment, add the `DD_APPSEC_RULES` environment variable to your service with the full path to the file: ``` DD_APPSEC_RULES=/home/asm/appsec-rules.json ``` @@ -117,7 +117,7 @@ Services using a policy are visible directly in the policy management page. ## What to do next -Next, [configure detection rules to create security signals][1] based on those security traces defined by the In-App WAF rules you created. You can modify the provided out-of-the-box ASM detection rules or create new ones. +Next, [configure detection rules to create security signals][1] based on those security traces defined by the In-App WAF rules you created. You can modify the provided out-of-the-box AAP detection rules or create new ones. ## Further Reading diff --git a/content/en/security/application_security/threats/library_configuration.md b/content/en/security/application_security/threats/library_configuration.md index c5901cda19814..0f553f257055b 100644 --- a/content/en/security/application_security/threats/library_configuration.md +++ b/content/en/security/application_security/threats/library_configuration.md @@ -7,44 +7,44 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog Application Security Management" + text: "Protect against Threats with Datadog App and API Protection" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "Out-of-the-Box Application Security Management Rules" + text: "Out-of-the-Box App and API Protection Rules" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Adding user information to traces" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting ASM" + text: "Troubleshooting AAP" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- ## Configuring a client IP header -ASM automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. +AAP automatically attempts to resolve `http.client_ip` from several well-known headers, such as `X-Forwarded-For`. If you use a custom header for this field, or want to bypass the resolution algorithm, set the `DD_TRACE_CLIENT_IP_HEADER` environment variable. If this variable is set, the library only checks the specified header for the client IP. ## Track authenticated bad actors Many critical attacks are performed by authenticated users who can access your most sensitive endpoints. To identify bad actors that are generating suspicious security activity, add user information to traces by instrumenting your services with the standardized user tags. You can add custom tags to your root span, or use instrumentation functions. -The Datadog Tracing Library attempts to detect user login and signup events when compatible authentication frameworks are in use, and ASM is enabled. +The Datadog Tracing Library attempts to detect user login and signup events when compatible authentication frameworks are in use, and AAP is enabled. Read [Tracking User Activity][1] for more information on how to manually track user activity, or [see how to opt out][7] of the automatic tracking. ## Exclude specific parameters from triggering detections -There may be a time when an ASM signal, or a security trace, is a false positive. For example, ASM repeatedly detects +There may be a time when an AAP signal, or a security trace, is a false positive. For example, AAP repeatedly detects the same security trace and a signal is generated, but the signal has been reviewed and is not a threat. You can add an entry to the passlist, which ignore events from a rule, to eliminate noisy signal patterns and focus on legitimately security traces. To add a passlist entry, do one of the following: -- Click on a signal in [ASM Signals][4] and click the **Add Entry** link next to the **Add to passlist** suggested action. This method automatically adds an entry for the targeted service. +- Click on a signal in [AAP Signals][4] and click the **Add Entry** link next to the **Add to passlist** suggested action. This method automatically adds an entry for the targeted service. - Navigate to [Passlist Configuration][5] and manually configure a new passlist entry based on your own criteria. **Note**: Requests (traces) that match a passlist entry are not billed. @@ -53,9 +53,9 @@ To add a passlist entry, do one of the following: The data that you collect with Datadog can contain sensitive information that you want to filter out, obfuscate, scrub, filter, modify, or just not collect. Additionally, the data may contain synthetic traffic that might cause your threat detection be inaccurate, or cause Datadog to not accurately indicate the security of your services. -By default, ASM collects information from security traces to help you understand why the request was flagged as suspicious. Before sending the data, ASM scans it for patterns and keywords that indicate that the data is sensitive. If the data is deemed sensitive, it is replaced with a `` flag. This enables you to observe that although the request was suspicious, the request data was not collected because of data security concerns. User-related data, such user IDs of authenticated requests, are not part of the data being redacted. +By default, AAP collects information from security traces to help you understand why the request was flagged as suspicious. Before sending the data, AAP scans it for patterns and keywords that indicate that the data is sensitive. If the data is deemed sensitive, it is replaced with a `` flag. This enables you to observe that although the request was suspicious, the request data was not collected because of data security concerns. User-related data, such user IDs of authenticated requests, are not part of the data being redacted. -To protect users’ data, **sensitive data scanning is activated by default in ASM**. You can customize the configuration by using the following environment variables. The scanning is based on the [RE2 syntax][2]. To customize scanning, set the value of these environment variables to a valid [RE2][9] pattern: +To protect users’ data, **sensitive data scanning is activated by default in AAP**. You can customize the configuration by using the following environment variables. The scanning is based on the [RE2 syntax][2]. To customize scanning, set the value of these environment variables to a valid [RE2][9] pattern: * `DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP` - Pattern for scanning for keys whose values commonly contain sensitive data. If found, the values and any child nodes associated with the key are redacted. * `DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP` - Pattern for scanning for values that could indicate sensitive data. If found, the value and all its child nodes are redacted. @@ -101,7 +101,7 @@ See [Automatic user activity event tracking modes][10] for information on automa {{% asm-protection-page-configuration %}} -{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as ASM blocks requests originating from blocked IPs" width="75%" >}} +{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as AAP blocks requests originating from blocked IPs" width="75%" >}} ## Further Reading diff --git a/content/en/security/application_security/threats/protection.md b/content/en/security/application_security/threats/protection.md index 401128536f8d0..8f1034df86529 100644 --- a/content/en/security/application_security/threats/protection.md +++ b/content/en/security/application_security/threats/protection.md @@ -4,43 +4,43 @@ is_beta: true further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management with Datadog" + text: "App and API Protection with Datadog" --- ## Overview If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][2], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -Application Security Management (ASM) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. +App and API Protection (AAP) Protect enables you to slow down attacks and attackers by _blocking_ them. Security traces are blocked in real-time by the Datadog tracing libraries. Blocks are saved in the Datadog platform, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. ## Prerequisites To use protection capabilities with your service: - [Update your Datadog Agent][3] to at least version 7.41.1. -- [Enable ASM][1]. +- [Enable AAP][1]. - [Enable Remote Configuration][2]. -- Update your tracing library to at least the minimum version needed to turn on protection. For details, see the ASM capabilities support section of [Compatibility][12] for your service's language. +- Update your tracing library to at least the minimum version needed to turn on protection. For details, see the AAP capabilities support section of [Compatibility][12] for your service's language. - If you plan to use authenticated user blocking, [add user information to traces][4]. ## Blocking attackers (IPs and authenticated users) -You can block attackers that are flagged in ASM [Security Signals][5] temporarily or permanently. In the Signals Explorer, click into a signal to see what users and IP addresses are generating the signal, and optionally block them. +You can block attackers that are flagged in AAP [Security Signals][5] temporarily or permanently. In the Signals Explorer, click into a signal to see what users and IP addresses are generating the signal, and optionally block them. -From there, all ASM-protected services block incoming requests performed by the blocked IP or user, for the specified duration. All blocked traces are tagged with `security_response.block_ip` or `security_response.block_user` and displayed in the [Trace Explorer][6]. Services where ASM is disabled aren't protected. See [Investigate Security Signals][20] for more information. +From there, all AAP-protected services block incoming requests performed by the blocked IP or user, for the specified duration. All blocked traces are tagged with `security_response.block_ip` or `security_response.block_user` and displayed in the [Trace Explorer][6]. Services where AAP is disabled aren't protected. See [Investigate Security Signals][20] for more information. ## Respond to threats in real time by automating attacker blocking -In addition to manually blocking attackers, you can configure automation rules to have ASM automatically block attackers that are flagged in Security Signals. +In addition to manually blocking attackers, you can configure automation rules to have AAP automatically block attackers that are flagged in Security Signals. To get started, navigate to **Security > Application Security > Protection > [Detection Rules][14]**. You can create a new rule or edit an existing rule with type _Application security_. For example, you can create a rule to trigger `Critical` severity signals when Credential Stuffing attacks are detected, and automatically block the associated attackers' IP addresses for 30 minutes. **Note**: You must instrument your services to be able to block authenticated attackers. See [User Monitoring and Protection][15] for more details. -## Block attackers at the perimeter - integrate ASM with your existing WAF deployments +## Block attackers at the perimeter - integrate AAP with your existing WAF deployments -Datadog ASM enables customers to block attackers at the perimeter, directly from the Security Signal. ASM integrates with [Workflows][17] to push the attackers' IP addresses to perimeter Web Application Firewalls (AWS WAF, Cloudflare, Fastly) and ensure requests from these attackers are blocked at the edge even before they enter the customer's environment. -Create workflows from the available [blueprints][18] and run them directly from ASM's Signal side panel. +Datadog AAP enables customers to block attackers at the perimeter, directly from the Security Signal. AAP integrates with [Workflows][17] to push the attackers' IP addresses to perimeter Web Application Firewalls (AWS WAF, Cloudflare, Fastly) and ensure requests from these attackers are blocked at the edge even before they enter the customer's environment. +Create workflows from the available [blueprints][18] and run them directly from AAP's Signal side panel. ## Denylist @@ -52,15 +52,15 @@ You can use the _Passlist_ to permanently allow specific IP addresses access to ## Blocking attack attempts with In-App WAF -ASM In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. +AAP In-App WAF (web application firewall) combines the detection techniques of perimeter-based WAFs with the rich context provided by Datadog, helping your teams protect their systems with confidence. -Because ASM is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. ASM can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. +Because AAP is aware of an application's routes, protection can be applied granularly to specific services, and not necessarily across all applications and traffic. This contextual efficiency reduces your inspection effort, and it reduces the false positive rate compared to a perimeter WAF. There is no learning period, because most web frameworks provide a structured map of routes. AAP can help your team roll out protections against zero-day vulnerabilities automatically soon after the vulnerability is disclosed, while targeting vulnerable applications, limiting the risk of false positives. ### How In-App WAF blocks security traces In addition to the `monitoring` and `disabled` modes offered for each of the 130+ In-App WAF rules, rules also have `blocking` mode. Each rule specifies conditions on the incoming request to define what the library considers suspicious. When a given rule pattern matches an ongoing HTTP request, the request is blocked by the library. -Managed policies define the mode in which each of the In-App WAF rules behave on match: `monitoring`, `blocking`, or `disabled`. Because it has the full context of your applications, ASM knows which rules to apply to protect your applications while limiting the number of false positives. +Managed policies define the mode in which each of the In-App WAF rules behave on match: `monitoring`, `blocking`, or `disabled`. Because it has the full context of your applications, AAP knows which rules to apply to protect your applications while limiting the number of false positives. For fine-grained control, you can clone a Datadog managed policy or create a custom policy and set the mode to meet your needs. If you set the policy to `auto-updating`, your applications are protected by the latest detections rolled out by Datadog. You also have the option to pin a policy to a specific version of the ruleset. @@ -70,13 +70,13 @@ Manage In-App WAF by navigating to Security --> Application Security --> Configu View blocked security traces in the [Trace Explorer][11] by filtering on the facet `Blocked:true`. -{{< img src="security/application_security/app_sec_blocked.png" alt="ASM Trace Explorer filtered using facet Blocked set to true." style="width:100%;" >}} +{{< img src="security/application_security/app_sec_blocked.png" alt="AAP Trace Explorer filtered using facet Blocked set to true." style="width:100%;" >}} ### Configure In-App WAF -1. [**Enable Remote Configuration**][2] so that your ASM-enabled services show up under In-App WAF. This is required to securely push In-App WAF configuration from your Datadog backend to the tracing library in your infrastructure. +1. [**Enable Remote Configuration**][2] so that your AAP-enabled services show up under In-App WAF. This is required to securely push In-App WAF configuration from your Datadog backend to the tracing library in your infrastructure. -2. **Associate your ASM/Remote Configuration-enabled services with a policy**. After Remote Configuration is enabled on a service, navigate to **Security > Application Security > Protection > [In-App WAF][9]**. The service appears under the _Datadog Monitoring-only_ policy by default. Datadog Monitoring-only is a managed policy and is read-only, meaning you cannot modify the status (monitoring, blocking, or disabled) for individual rules. +2. **Associate your AAP/Remote Configuration-enabled services with a policy**. After Remote Configuration is enabled on a service, navigate to **Security > Application Security > Protection > [In-App WAF][9]**. The service appears under the _Datadog Monitoring-only_ policy by default. Datadog Monitoring-only is a managed policy and is read-only, meaning you cannot modify the status (monitoring, blocking, or disabled) for individual rules. If you need granular control, clone one of the available policies to create a custom policy where rule statuses can be modified. Associate one or more of your services with this custom policy. @@ -88,7 +88,7 @@ View blocked security traces in the [Trace Explorer][11] by filtering on the fac {{% asm-protection-page-configuration %}} -{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as ASM blocks requests originating from blocked IPs" width="75%" >}} +{{< img src="/security/application_security/asm-blocking-page-html.png" alt="The page displayed as AAP blocks requests originating from blocked IPs" width="75%" >}} The default HTTP response status code while serving the deny page to attackers is `403 FORBIDDEN`. To customize the response, navigate to **Security > Application Security > Protection > In-App Waf > [Custom Responses][16]**. diff --git a/content/en/security/application_security/threats/security_signals.md b/content/en/security/application_security/threats/security_signals.md index 86445e7a1b662..0648523c639d3 100644 --- a/content/en/security/application_security/threats/security_signals.md +++ b/content/en/security/application_security/threats/security_signals.md @@ -3,18 +3,18 @@ title: Investigate Security Signals further_reading: - link: "/security/default_rules/?category=cat-application-security#cat-application-security" tag: "Documentation" - text: "Explore ASM threat detection OOTB rules" + text: "Explore AAP threat detection OOTB rules" - link: "/security/application_security/threats/custom_rules/" tag: "Documentation" - text: "Configure custom ASM threat detection rules" + text: "Configure custom AAP threat detection rules" - link: "/security/application_security/threats/threat-intelligence/" tag: "Documentation" - text: "ASM threat intelligence" + text: "AAP threat intelligence" --- ## Overview -ASM security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. +AAP security signals are created when Datadog detects a threat based on a detection rule. View, search, filter, and investigate security signals in the [Signals Explorer][2], or configure [Notification Rules][8] to send signals to third-party tools. {{< img src="security/application_security/threats/security_signals/appsec-threat-signals.png" alt="Overview of investigating threats in signals explorer with details side panel">}} @@ -55,7 +55,7 @@ You can triage a signal by assigning it to a user for further investigation. The - **Under Review**: The signal is actively being investigated. From the **Under Review** state, you can move the signal to **Archived** or **Open** as needed. - **Archived**: The detection that caused the signal has been resolved. From the **Archived** state, you can move the signal back to **Open** if it's within 30 days of when the signal was originally detected. -**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for Application Security Management. +**Note**: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][9] for more information about Datadog's default roles and granular role-based access control permissions available for App and API Protection. ## Declare an incident @@ -92,7 +92,7 @@ Use [Workflow Automation][5] to manually trigger a workflow for a security signa 2. In the signal details, view each of the sections, such as **What Happened**, **Activity Summary**, and **Detection Rule**. 3. Review the **Next Steps** and take action: - Click **Block all Attacking IPs** (by specific duration or permanently). - - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the Application Security Management **Protect Write** permission. + - Click **Automated Attacker Blocking** (based on [detection][10] rules). This setting requires the App and API Protection **Protect Write** permission. - Click **[Block with Edge WAF][11]**. ## Bulk actions diff --git a/content/en/security/application_security/threats/setup/compatibility/_index.md b/content/en/security/application_security/threats/setup/compatibility/_index.md index b115c88a059d2..2280b6c7840aa 100644 --- a/content/en/security/application_security/threats/setup/compatibility/_index.md +++ b/content/en/security/application_security/threats/setup/compatibility/_index.md @@ -4,15 +4,15 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- -The following ASM capabilities are supported relative to each language's tracing library: +The following AAP capabilities are supported relative to each language's tracing library: -| ASM capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | +| AAP capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | |----------------------------------------|---------|----------|--------------------------------------------------|---------------|-----------------|---------------|---------------| | Threat Detection | 1.8.0 | 2.23.0 | 4.0.0 | 1.9.0 | 1.47.0 | 1.9.0 | 0.84.0 | | API Security | 1.31.0 | 2.42.0 | 4.30.0 for Node.js 16+, or 5.6.0 for Node.js 18+ | 2.6.0 | 1.59.0 | 2.4.0 | 0.98.0 | diff --git a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md index 220ad98376657..9c5f3a13e936a 100644 --- a/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/compatibility/gcp-service-extensions.md @@ -1,13 +1,13 @@ --- -title: ASM GCP Service Extensions Compatibility Requirements +title: AAP GCP Service Extensions Compatibility Requirements code_lang: gcp-service-extensions type: multi-code-lang code_lang_weight: 40 --- -The following table lists the support for application security capabilities in the ASM GCP Service Extensions according to the specified version: +The following table lists the support for application security capabilities in the AAP GCP Service Extensions according to the specified version: -| Application Security capability | Minimum ASM Service Extensions image version | +| Application Security capability | Minimum AAP Service Extensions image version | |----------------------------------------|----------------------------------------------| | Threat Detection | 1.71.0 | | Threat Protection | 1.71.0 | @@ -17,11 +17,11 @@ The following table lists the support for application security capabilities in t | Automatic user activity event tracking | not supported | | API Security | not supported | -Please review ASM GCP Service Extensions integration version 1.71.0 [limitations][1]. +Please review AAP GCP Service Extensions integration version 1.71.0 [limitations][1]. -## ASM GCP Service Extensions support +## AAP GCP Service Extensions support -ASM GCP Service Extensions is in Preview. +AAP GCP Service Extensions is in Preview.
If you would like to see support added for any of the unsupported capabilities, let us know! Fill out If you would like to see support added for any of the unsupported capabilities, let us know! Fill out this short form to send details.
diff --git a/content/en/security/application_security/threats/setup/single_step/_index.md b/content/en/security/application_security/threats/setup/single_step/_index.md index 806cf47c9bc41..66e6c131ac154 100644 --- a/content/en/security/application_security/threats/setup/single_step/_index.md +++ b/content/en/security/application_security/threats/setup/single_step/_index.md @@ -1,20 +1,20 @@ --- -title: Enabling ASM threat detection and protection using single step instrumentation +title: Enabling AAP threat detection and protection using single step instrumentation external_redirect: /security/application_security/threats/threat_detection/ --- -
Enabling ASM threat detection and protection using single step instrumentation is in Preview.
+
Enabling AAP threat detection and protection using single step instrumentation is in Preview.
## Requirements - **Minimum Agent version 7.53.0** - **Minimum Helm version 3.62.0** (For Kubernetes deployments) -- **Languages and architectures**: Single step ASM instrumentation only supports tracing Java, Python, Node.js, and .NET Core services on `x86_64` and `arm64` architectures. +- **Languages and architectures**: Single step AAP instrumentation only supports tracing Java, Python, Node.js, and .NET Core services on `x86_64` and `arm64` architectures. - **Operating systems**: Linux VMs (Debian, Ubuntu, Amazon Linux, CentOS/Red Hat, Fedora), Docker, Kubernetes clusters with Linux containers. ## Enabling in one step -If you [install or update a Datadog Agent][1] with the **Enable Threat Protection (new)** option selected, the Agent is installed and configured to enable ASM. This allows you to automatically instrument your application, without any additional installation or configuration steps. Restart services for this instrumentation to take effect. +If you [install or update a Datadog Agent][1] with the **Enable Threat Protection (new)** option selected, the Agent is installed and configured to enable AAP. This allows you to automatically instrument your application, without any additional installation or configuration steps. Restart services for this instrumentation to take effect. {{< img src="/security/application_security/single_step/asm_single_step_threat_detection_2.png" alt="Account settings Ubuntu setup page highlighting the toggle for Enabling APM instrumentation and Threat Protection." style="width:100%;" >}} @@ -24,7 +24,7 @@ The following examples show how it works on each infrastructure type. {{< tabs >}} {{% tab "Linux host or VM" %}} -With one command, you can install, configure, and start the Agent, while also instrumenting your services with ASM. +With one command, you can install, configure, and start the Agent, while also instrumenting your services with AAP. For an Ubuntu host: @@ -49,7 +49,7 @@ For an Ubuntu host: 4. Restart the services on the host or VM. 5. [Explore the performance observability of your services in Datadog][5]. -**Note:** To configure single-step for both ASM Threat Protection and Code Security, add the environment variables `DD_APPSEC_ENABLED=true` _and_ `DD_IAST_ENABLED=true` to your one-line installation command. +**Note:** To configure single-step for both AAP Threat Protection and Code Security, add the environment variables `DD_APPSEC_ENABLED=true` _and_ `DD_IAST_ENABLED=true` to your one-line installation command. ### Specifying tracing library versions {#lib-linux} @@ -210,7 +210,7 @@ To enable single step instrumentation with Helm: [17]: /tracing/trace_collection/automatic_instrumentation/single-step-apm/?tab=kubernetes#removing-instrumentation-for-specific-services {{% /tab %}} {{< /tabs >}} -## Removing Single Step APM and ASM instrumentation from your Agent +## Removing Single Step APM and AAP instrumentation from your Agent If you don't want to collect trace data for a particular service, host, VM, or container, complete the follow steps: ### Removing instrumentation for specific services Run the following commands and restart the service to stop injecting the library into the service and stop producing traces from that service. @@ -221,7 +221,7 @@ Run the following commands and restart the service to stop injecting the library DD_INSTRUMENT_SERVICE_WITH_APM=false ``` 2. Restart the service. -3. To disable ASM, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. +3. To disable AAP, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. {{% /tab %}} {{% tab "Docker" %}} 1. Add the `DD_INSTRUMENT_SERVICE_WITH_APM` environment variable to the service startup command: @@ -229,7 +229,7 @@ Run the following commands and restart the service to stop injecting the library docker run -e DD_INSTRUMENT_SERVICE_WITH_APM=false ``` 2. Restart the service. -3. To disable ASM, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. +3. To disable AAP, remove the `DD_APPSEC_ENABLED=true` environment variable from your application configuration, and restart your service. {{% /tab %}} {{% tab "Kubernetes" %}} 1. Set the `admission.datadoghq.com/enabled:` label to `"false"` for the pod spec: diff --git a/content/en/security/application_security/threats/setup/standalone/_index.md b/content/en/security/application_security/threats/setup/standalone/_index.md index 4288246ced749..b60012602cf35 100644 --- a/content/en/security/application_security/threats/setup/standalone/_index.md +++ b/content/en/security/application_security/threats/setup/standalone/_index.md @@ -19,7 +19,7 @@ further_reading: text: "How Application & API Protection Works in Datadog" - link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" tag: "Blog" - text: "Secure serverless applications with Datadog ASM" + text: "Secure serverless applications with Datadog AAP" --- ## Prerequisites @@ -29,7 +29,7 @@ Before setting up Application & API Protection, ensure the following prerequisit - **Datadog APM Configuration:** Datadog APM is configured for your application or service, and web traces (`type:web`) are being received by Datadog. - **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Application & API Protection capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][1] page. -## Using ASM without APM tracing +## Using AAP without APM tracing If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled: diff --git a/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md index 09e4575edc374..ae421113aa069 100644 --- a/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/standalone/gcp-service-extensions.md @@ -22,7 +22,7 @@ further_reading: To try the preview of Application & API Protection Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (ASM) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App & API Protection (AAP) Service Extensions integration has support for threat detection and blocking. ## Prerequisites diff --git a/content/en/security/application_security/threats/setup/threat_detection/_index.md b/content/en/security/application_security/threats/setup/threat_detection/_index.md index b2d9436b6c106..c91aacadb4e6f 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/_index.md +++ b/content/en/security/application_security/threats/setup/threat_detection/_index.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM Threat Detection using Datadog Tracing Libraries +title: Enabling AAP Threat Detection using Datadog Tracing Libraries type: multi-code-lang aliases: - /security/application_security/enabling/tracing_libraries/threat_detection/ @@ -7,22 +7,22 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against Threats with Datadog Application Security Management" + text: "Protect against Threats with Datadog App and API Protection" - link: "/security/application_security/add-user-info/" tag: "Documentation" text: "Tracking user activity" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" - link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" tag: "Blog" - text: "Secure serverless applications with Datadog ASM" + text: "Secure serverless applications with Datadog AAP" --- ## Prerequisites @@ -32,7 +32,7 @@ Before setting up Threat Management, ensure the following prerequisites are met: - **Datadog APM Configuration:** Datadog APM is configured for your application or service, and web traces (`type:web`) are being received by Datadog. - **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Threat Management capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][1] page. -Select your application language for details on how to enable ASM Threat Detection for your language and infrastructure types. +Select your application language for details on how to enable AAP Threat Detection for your language and infrastructure types. {{< partial name="security-platform/appsec-languages.html" >}}
diff --git a/content/en/security/application_security/threats/setup/threat_detection/dotnet.md b/content/en/security/application_security/threats/setup/threat_detection/dotnet.md index 6122960e221f5..5ad4767192c47 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/dotnet.md +++ b/content/en/security/application_security/threats/setup/threat_detection/dotnet.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for .NET +title: Enabling AAP for .NET code_lang: dotnet type: multi-code-lang code_lang_weight: 10 @@ -16,10 +16,10 @@ further_reading: text: '.NET Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for .NET apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -31,9 +31,9 @@ You can monitor application security for .NET apps running in Docker, Kubernetes 1. **Update your [Datadog .NET library][1]** to at least version 2.2.0 (at least version 2.16.0 for Software Composition Analysis detection features) for your target operating system architecture. - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][2]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][2]. -2. **Enable ASM** by setting the `DD_APPSEC_ENABLED` environment variable to `true`. For example, on Windows self-hosted, run the following PowerShell snippet as part of your application start up script: +2. **Enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`. For example, on Windows self-hosted, run the following PowerShell snippet as part of your application start up script: ``` $target=[System.EnvironmentVariableTarget]::Process [System.Environment]::SetEnvironmentVariable("DD_APPSEC_ENABLED","true",$target) @@ -143,7 +143,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/envoy.md b/content/en/security/application_security/threats/setup/threat_detection/envoy.md index b24d3c5787a59..28775ef0651d5 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/envoy.md +++ b/content/en/security/application_security/threats/setup/threat_detection/envoy.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Envoy +title: Enabling AAP for Envoy code_lang: envoy type: multi-code-lang code_lang_weight: 50 @@ -9,14 +9,14 @@ further_reading: text: "Envoy integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- -{{< callout url="#" btn_hidden="true" header="ASM for Envoy is in Preview" >}} -To try the preview of ASM for Envoy, follow the setup instructions below. +{{< callout url="#" btn_hidden="true" header="AAP for Envoy is in Preview" >}} +To try the preview of AAP for Envoy, follow the setup instructions below. {{< /callout >}} You can enable application security for the Envoy proxy. The Datadog Envoy integration has support for threat detection and blocking. @@ -29,7 +29,7 @@ You can enable application security for the Envoy proxy. The Datadog Envoy integ ## Enabling threat detection ### Get started -The ASM Envoy integration uses the Envoy external processing filter. +The AAP Envoy integration uses the Envoy external processing filter. 1. **Configure Envoy** to use the [external processing filter][3]. For example: @@ -93,10 +93,10 @@ For example: ## Datadog Go Tracer and Envoy integration
- Note: The ASM Envoy integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version. + Note: The AAP Envoy integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version.
- The Envoy integration uses the [Datadog Go Tracer][6] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][7] and [ASM Library Configuration][8]. + The Envoy integration uses the [Datadog Go Tracer][6] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][7] and [AAP Library Configuration][8]. ## Limitations diff --git a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md index 9222a73876c0e..79e2e38c1f2d0 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md +++ b/content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md @@ -1,28 +1,28 @@ --- -title: Enabling ASM for GCP Service Extensions +title: Enabling AAP for GCP Service Extensions code_lang: gcp-service-extensions type: multi-code-lang code_lang_weight: 50 further_reading: - link: 'https://github.com/DataDog/dd-trace-go/tree/main/contrib/envoyproxy/go-control-plane/cmd/serviceextensions' tag: "Source Code" - text: "ASM Service Extension's source code" + text: "AAP Service Extension's source code" - link: 'https://cloud.google.com/service-extensions/docs/overview' tag: "Documentation" text: "Google Cloud Service Extensions overview" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- -{{< callout url="#" btn_hidden="true" header="ASM Service Extensions is in Preview" >}} -To try the preview of ASM Service Extensions for GCP, follow the setup instructions below. +{{< callout url="#" btn_hidden="true" header="AAP Service Extensions is in Preview" >}} +To try the preview of AAP Service Extensions for GCP, follow the setup instructions below. {{< /callout >}} -You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog Application Security Management (ASM) Service Extensions integration has support for threat detection and blocking. +You can enable application security with GCP Service Extensions within GCP Cloud Load Balancing. The Datadog App and API Protection (AAP) Service Extensions integration has support for threat detection and blocking. ## Prerequisites @@ -41,7 +41,7 @@ You can enable application security with GCP Service Extensions within GCP Cloud On your GCP project, multiple steps are needed to fully create a Service Extension. Google Cloud provides guides to create [a callout backend service][4] and [create a Service Extension as a traffic extension][5]. -To integrate a Service Extension with ASM, do the following: +To integrate a Service Extension with AAP, do the following: 1. **Create a new VM Compute instance** using the Datadog Service Extensions Docker image. The image is available on the [Datadog Go tracer GitHub Registry][6]. @@ -84,7 +84,7 @@ To integrate a Service Extension with ASM, do the following: 1. To send all traffic to the extension, insert `true` in the **Match condition**. 2. For **Programability type**, select `Callouts`. 3. Select the backend service you created in the previous step. - 4. Select all **Events** from the list where you want ASM to run detection.
+ 4. Select all **Events** from the list where you want AAP to run detection.

{{% appsec-getstarted-2-plusrisk %}} @@ -96,7 +96,7 @@ To integrate a Service Extension with ASM, do the following: Note: The GCP Service Extensions integration is built on top of the Datadog Go Tracer. It follows the same release process as the tracer, and its Docker images are tagged with the corresponding tracer version.
- The GCP Service Extensions integration uses the [Datadog Go Tracer][7] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][8] and [ASM Library Configuration][9]. + The GCP Service Extensions integration uses the [Datadog Go Tracer][7] and inherits all environment variables from the tracer. You can find more information in [Configuring the Go Tracing Library][8] and [AAP Library Configuration][9]. ## Limitations diff --git a/content/en/security/application_security/threats/setup/threat_detection/go.md b/content/en/security/application_security/threats/setup/threat_detection/go.md index 58f6db417a13a..bc1a328c69c56 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/go.md +++ b/content/en/security/application_security/threats/setup/threat_detection/go.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Go +title: Enabling AAP for Go code_lang: go type: multi-code-lang code_lang_weight: 20 @@ -16,10 +16,10 @@ further_reading: text: 'Go Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Go apps running in Docker, Kubernetes, and Amazon ECS. @@ -40,7 +40,7 @@ You can monitor application security for Go apps running in Docker, Kubernetes, 2. Datadog has a series of pluggable packages which provide out-of-the-box support for instrumenting a series of Go libraries and frameworks. A list of these packages can be found in the [compatibility requirements][1] page. Import these packages into your application and follow the configuration instructions listed alongside each integration. -3. **Recompile your program** with ASM enabled: +3. **Recompile your program** with AAP enabled: ```console $ go build -v -tags appsec my-program ``` @@ -49,9 +49,9 @@ You can monitor application security for Go apps running in Docker, Kubernetes, - The Go build tag `appsec` is not necessary if CGO is enabled with `CGO_ENABLED=1`. - Datadog WAF needs the following shared libraries on Linux: `libc.so.6` and `libpthread.so.0`. - When using the build tag `appsec` and CGO is disabled, the produced binary is still linked dynamically to these libraries. - - The Go build tag `datadog.no_waf` can be used to disable ASM at build time in any situation where the requirements above are a hinderance. + - The Go build tag `datadog.no_waf` can be used to disable AAP at build time in any situation where the requirements above are a hinderance. -4. **Redeploy your Go service and enable ASM** by setting the `DD_APPSEC_ENABLED` environment variable to `true`: +4. **Redeploy your Go service and enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`: ```console $ env DD_APPSEC_ENABLED=true ./my-program ``` @@ -79,7 +79,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your application's deployment configuration file for APM and add the ASM environment variable: +Update your application's deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/java.md b/content/en/security/application_security/threats/setup/threat_detection/java.md index 84e130f20ed3c..ba9b849792bb2 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/java.md +++ b/content/en/security/application_security/threats/setup/threat_detection/java.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Java +title: Enabling AAP for Java code_lang: java type: multi-code-lang code_lang_weight: 0 @@ -15,10 +15,10 @@ further_reading: text: 'Java Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- @@ -49,9 +49,9 @@ You can monitor application security for Java apps running in Docker, Kubernetes {{% /tab %}} {{< /tabs >}} - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][2]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][2]. -2. **Run your Java application with ASM enabled.** From the command line: +2. **Run your Java application with AAP enabled.** From the command line: ```shell java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar ``` @@ -82,7 +82,7 @@ ENV DD_APPSEC_ENABLED=true {{% /tab %}} {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/application_security/threats/setup/threat_detection/nginx.md b/content/en/security/application_security/threats/setup/threat_detection/nginx.md index 95d528fb98d08..3a7237b722b34 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nginx.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nginx.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Nginx +title: Enabling AAP for Nginx code_lang: nginx type: multi-code-lang code_lang_weight: 50 @@ -13,10 +13,10 @@ further_reading: text: "nginx integration's source code" - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- The Datadog nginx tracing module has experimental support for threat detection and blocking. @@ -37,7 +37,7 @@ The Datadog nginx tracing module has experimental support for threat detection a pattern "ngx_http_datadog_module-appsec-<amd64/arm64>-<nginx version>.so.tgz". Note that this artifact includes "appsec" in the name. -3. **Enable ASM in the nginx configuration**. +3. **Enable AAP in the nginx configuration**. You need to: * define one or more thread pools with the [`thread_pool`][4] directive, * explicitly enable AppSec with [`datadog_appsec_enabled`][5], and diff --git a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md index 58ce761e80057..799043bca57e9 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/nodejs.md +++ b/content/en/security/application_security/threats/setup/threat_detection/nodejs.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Node.js +title: Enabling AAP for Node.js code_lang: nodejs type: multi-code-lang code_lang_weight: 50 @@ -16,10 +16,10 @@ further_reading: text: 'Node.js Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Node.js apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -37,9 +37,9 @@ You can monitor application security for Node.js apps running in Docker, Kuberne ``` Use this [migration guide][1] to assess any breaking changes if you upgraded your library. - Application Security Management is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. + App and API Protection is compatible with Express v4+ and Node.js v14+. For additional information, see [Compatibility][2]. -2. **Where you import and initialize the Node.js library for APM, also enable ASM.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: +2. **Where you import and initialize the Node.js library for APM, also enable AAP.** This might be either in your code or with environment variables. If you initialized APM in code, add `{appsec: true}` to your init statement: {{< tabs >}} {{% tab "In JavaScript code" %}} @@ -77,7 +77,7 @@ import `dd-trace/init`; ```shell node --require dd-trace/init app.js ``` - Then use environment variables to enable ASM: + Then use environment variables to enable AAP: ```shell DD_APPSEC_ENABLED=true node app.js ``` @@ -135,7 +135,7 @@ Update your ECS task definition JSON file, by adding this in the environment sec {{% /tab %}} {{% tab "AWS Fargate" %}} -Initialize ASM in your code or set `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: +Initialize AAP in your code or set `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: ```shell DD_APPSEC_ENABLED=true node app.js ``` diff --git a/content/en/security/application_security/threats/setup/threat_detection/php.md b/content/en/security/application_security/threats/setup/threat_detection/php.md index f206a039d4f11..8dffd75efe13c 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/php.md +++ b/content/en/security/application_security/threats/setup/threat_detection/php.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for PHP +title: Enabling AAP for PHP code_lang: php type: multi-code-lang code_lang_weight: 40 @@ -16,10 +16,10 @@ further_reading: text: 'PHP Datadog Tracer Library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS. @@ -34,9 +34,9 @@ You can monitor application security for PHP apps running in host-based or conta wget https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php -O datadog-setup.php php datadog-setup.php --php-bin all --enable-appsec ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. -2. **Enable the library in your code** by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling ASM, you can optionally enable it after by setting the following environment variable: +2. **Enable the library in your code** by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling AAP, you can optionally enable it after by setting the following environment variable: {{< tabs >}} {{% tab "Docker CLI" %}} diff --git a/content/en/security/application_security/threats/setup/threat_detection/python.md b/content/en/security/application_security/threats/setup/threat_detection/python.md index d7c6f911379ce..60819553ba2f7 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/python.md +++ b/content/en/security/application_security/threats/setup/threat_detection/python.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Python +title: Enabling AAP for Python code_lang: python type: multi-code-lang code_lang_weight: 50 @@ -16,10 +16,10 @@ further_reading: text: 'Python Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor the security of your Python apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -34,9 +34,9 @@ You can monitor the security of your Python apps running in Docker, Kubernetes, pip install --upgrade ddtrace ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. -2. **Enable ASM when starting the Python application**. +2. **Enable AAP when starting the Python application**. ```bash DD_APPSEC_ENABLED=true ddtrace-run python app.py @@ -96,7 +96,7 @@ You can monitor the security of your Python apps running in Docker, Kubernetes, {{% /tab %}} {{% tab "AWS Fargate" %}} - Initialize ASM in your code or set the `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: + Initialize AAP in your code or set the `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: ```shell DD_APPSEC_ENABLED=true ddtrace-run python app.py ``` diff --git a/content/en/security/application_security/threats/setup/threat_detection/ruby.md b/content/en/security/application_security/threats/setup/threat_detection/ruby.md index b19219b3089ac..d9470e308646a 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/ruby.md +++ b/content/en/security/application_security/threats/setup/threat_detection/ruby.md @@ -1,5 +1,5 @@ --- -title: Enabling ASM for Ruby +title: Enabling AAP for Ruby code_lang: ruby type: multi-code-lang code_lang_weight: 30 @@ -16,10 +16,10 @@ further_reading: text: 'Ruby Datadog library source code' - link: "/security/default_rules/?category=cat-application-security" tag: "Documentation" - text: "OOTB Application Security Management Rules" + text: "OOTB App and API Protection Rules" - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" --- You can monitor application security for Ruby apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. @@ -35,13 +35,13 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes gem 'datadog', '~> 2.0' # Use 'ddtrace' if you're using v1.x ``` - To check that your service's language and framework versions are supported for ASM capabilities, see [Compatibility][1]. + To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. For more information about upgrading to v2 from a `dd-trace` 1.x version, see [the Ruby tracer upgrade guide][2]. -2. **Enable ASM** by enabling the APM tracer. The following options describe a quick setup that covers the most common cases. Read [the Ruby tracer documentation][3] for more details. +2. **Enable AAP** by enabling the APM tracer. The following options describe a quick setup that covers the most common cases. Read [the Ruby tracer documentation][3] for more details. - You can enable ASM either in your code: + You can enable AAP either in your code: {{< tabs >}} @@ -57,7 +57,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :rails - # enable ASM + # enable AAP c.appsec.enabled = true c.appsec.instrument :rails end @@ -79,7 +79,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes Datadog.configure do |c| # the APM tracer is enabled by auto-instrumentation - # enable ASM + # enable AAP c.appsec.enabled = true c.appsec.instrument :rails end @@ -99,7 +99,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :sinatra - # enable ASM for Sinatra + # enable AAP for Sinatra c.appsec.enabled = true c.appsec.instrument :sinatra end @@ -114,7 +114,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes Datadog.configure do |c| # the APM tracer is enabled by auto-instrumentation - # enable ASM for Sinatra + # enable AAP for Sinatra c.appsec.enabled = true c.appsec.instrument :sinatra end @@ -132,7 +132,7 @@ You can monitor application security for Ruby apps running in Docker, Kubernetes # enable the APM tracer c.tracing.instrument :rack - # enable ASM for Rack + # enable AAP for Rack c.appsec.enabled = true c.appsec.instrument :rack end @@ -199,7 +199,7 @@ Update your ECS task definition JSON file, by adding this in the environment sec {{% /tab %}} {{% tab "AWS Fargate" %}} -Initialize ASM in your code or set `DD_APPSEC_ENABLED` environment variable to true in your service invocation: +Initialize AAP in your code or set `DD_APPSEC_ENABLED` environment variable to true in your service invocation: ```shell env DD_APPSEC_ENABLED=true rails server ``` diff --git a/content/en/security/application_security/threats/threat-intelligence.md b/content/en/security/application_security/threats/threat-intelligence.md index b5138fc4942a6..012bf45315850 100644 --- a/content/en/security/application_security/threats/threat-intelligence.md +++ b/content/en/security/application_security/threats/threat-intelligence.md @@ -6,16 +6,16 @@ further_reading: text: "Threat Intelligence at Datadog" - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" --- ## Overview -This topic describes [threat intelligence][1] for Application Security Management (ASM). +This topic describes [threat intelligence][1] for App and API Protection (AAP). -Datadog provides built-in threat intelligence [datasets][1] for ASM. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. +Datadog provides built-in threat intelligence [datasets][1] for AAP. This provides additional evidence when acting on security activity and reduces detection thresholds for some business logic detections. -Additionally, ASM supports *bring your own threat intelligence*. This functionality enriches detections with business-specific threat intelligence. +Additionally, AAP supports *bring your own threat intelligence*. This functionality enriches detections with business-specific threat intelligence. ## Best practices @@ -28,7 +28,7 @@ Datadog recommends _against_ the following: 1. Blocking threat intelligence traces without corresponding security activity. IP addresses might have many hosts behind them. Detection of a residential proxy means that the associated activity has been observed by a host behind that IP. It does not guarantee that the host running the malware or proxy is the same host communicating with your services. 2. Blocking on all threat intelligence categories, as this is inclusive of benign traffic from corporate VPNs and blocks unmalicious traffic. -## Filtering on threat intelligence in ASM +## Filtering on threat intelligence in AAP Users can filter threat intelligence on the Signals and Traces explorers using facets and the search bar. @@ -42,7 +42,7 @@ To query for all traces containing threat intelligence from any source, use the ## Bring your own threat intelligence -ASM supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. +AAP supports enriching and searching traces with threat intelligence indicators of compromise stored in Datadog reference tables. [Reference Tables][2] allow you to combine metadata with information already in Datadog. ### Storing indicators of compromise in reference tables @@ -76,12 +76,12 @@ ip_address,additional_data,category,intention,source Datadog supports creating reference tables through a manual upload, or by periodically retrieving the data from [Amazon S3, Azure storage, or Google Cloud storage][10]. Notes: -- It can take 10 to 30 minutes to start enriching ASM traces after creating a table. +- It can take 10 to 30 minutes to start enriching AAP traces after creating a table. - If a primary key is duplicated, it is skipped and an error message about the key is displayed. On a new [references table][4] page: -1. Name the table. The table name is referenced in ASM's **Threat Intel** config. +1. Name the table. The table name is referenced in AAP's **Threat Intel** config. 2. Upload a local CSV or import a CSV from a cloud storage bucket. The file is normalized and validated. 3. Preview the table schema and choose the IP address as the Primary Key. @@ -117,7 +117,7 @@ Other useful cloud import details to remember: ### Filter traces by joining the list with a Reference Table -You can filter ASM traces in Datadog by joining a trace table with a Reference Table. +You can filter AAP traces in Datadog by joining a trace table with a Reference Table. To join a Reference Table with a trace query, you combine rows from the Datadog trace table and a Reference Table based on a related column between them. The traces query returns only those traces where there is a match in both tables. @@ -143,13 +143,13 @@ To join a trace with a Reference Table: ### Enriching traces for detection rules -Enriching traces includes the threat intelligence attributes in ASM traces when the indicator of compromise matches the value of the `http.client_ip` key in the ASM trace. This enables searching for traces with threat intelligence matches using existing facets and using threat intelligence with detection rules. +Enriching traces includes the threat intelligence attributes in AAP traces when the indicator of compromise matches the value of the `http.client_ip` key in the AAP trace. This enables searching for traces with threat intelligence matches using existing facets and using threat intelligence with detection rules. ## Threat intelligence in the user interface -When viewing the traces in the ASM Traces Explorer, you can see threat intelligence data under the `@appsec` attribute. The `category` and `security_activity` attributes are both set. +When viewing the traces in the AAP Traces Explorer, you can see threat intelligence data under the `@appsec` attribute. The `category` and `security_activity` attributes are both set. {{< img src="security/application_security/threats/threat_intel/threat_intel_appsec.png" alt="Example of the appsec attribute containing threat intelligence data">}} diff --git a/content/en/security/application_security/threats/trace_qualification.md b/content/en/security/application_security/threats/trace_qualification.md index 0665e01a8c895..b9942a3260d11 100644 --- a/content/en/security/application_security/threats/trace_qualification.md +++ b/content/en/security/application_security/threats/trace_qualification.md @@ -4,41 +4,41 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Protect against threats with Datadog Application Security Management" + text: "Protect against threats with Datadog App and API Protection" - link: "/security/application_security/how-appsec-works//" tag: "Documentation" - text: "How Application Security Management Works" + text: "How App and API Protection Works" --- ## Overview -Application Security Management (ASM) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. ASM trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. +App and API Protection (AAP) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. AAP trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks. -Filter by the **Qualification** facet in the ASM [Traces Explorer][1] to view the possible qualification results: +Filter by the **Qualification** facet in the AAP [Traces Explorer][1] to view the possible qualification results: -{{< img src="security/application_security/threats/trace_qualification/trace-qualification-traces_2.png" alt="ASM trace list with the qualification facet showing the possible qualification results">}} +{{< img src="security/application_security/threats/trace_qualification/trace-qualification-traces_2.png" alt="AAP trace list with the qualification facet showing the possible qualification results">}} ## Qualification outcomes -ASM runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: +AAP runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu: | Qualification result | Description | |------|-------------| -| Unknown | ASM has qualification rules for this attack, but did not have enough information to make a qualification decision. | -| None successful | ASM determined that attacks in this trace were not harmful. | +| Unknown | AAP has qualification rules for this attack, but did not have enough information to make a qualification decision. | +| None successful | AAP determined that attacks in this trace were not harmful. | | Harmful | At least one attack in the trace was successful. | -| No value | ASM does not have qualification rules for this type of attack. | +| No value | AAP does not have qualification rules for this type of attack. | ### Trace sidepanel The qualification result can also be seen when viewing the details of an individual trace.
-Example of a trace that ASM has qualified as safe: +Example of a trace that AAP has qualified as safe: -{{< img src="security/application_security/threats/trace_qualification/trace-none-successful_3.png" alt="ASM trace qualified as safe">}} +{{< img src="security/application_security/threats/trace_qualification/trace-none-successful_3.png" alt="AAP trace qualified as safe">}} -Example of a trace that ASM has qualified as harmful: +Example of a trace that AAP has qualified as harmful: -{{< img src="security/application_security/threats/trace_qualification/trace-harmful_2.png" alt="ASM trace qualified as harmful">}} +{{< img src="security/application_security/threats/trace_qualification/trace-harmful_2.png" alt="AAP trace qualified as harmful">}} [1]: https://app.datadoghq.com/security/appsec/traces ## Further Reading diff --git a/content/en/security/application_security/threats/waf-integration.md b/content/en/security/application_security/threats/waf-integration.md index c91f28f817cf3..6ce0f426926fb 100644 --- a/content/en/security/application_security/threats/waf-integration.md +++ b/content/en/security/application_security/threats/waf-integration.md @@ -7,11 +7,11 @@ further_reading: text: "Monitor AWS WAF activity with Datadog" --- -Protecting web applications and APIs requires a multi-layered approach that combines in-app monitoring and perimeter defenses. These complementary strategies enable you to have a defense-in-depth application security approach leveraging AWS Web Application Firewall (WAF) as the first line of defense, followed by ASM Threat Management to block attacks that slip by the WAF. +Protecting web applications and APIs requires a multi-layered approach that combines in-app monitoring and perimeter defenses. These complementary strategies enable you to have a defense-in-depth application security approach leveraging AWS Web Application Firewall (WAF) as the first line of defense, followed by AAP Threat Management to block attacks that slip by the WAF. ### In-app monitoring: deep visibility with distributed tracing -At the application level, Datadog ASM Threat Management leverages distributed tracing to monitor microservices in real time. The ASM approach provides detailed, context-rich insights into the behavior of requests as they traverse various services. These insights detect sophisticated threats such as: +At the application level, Datadog AAP Threat Management leverages distributed tracing to monitor microservices in real time. The AAP approach provides detailed, context-rich insights into the behavior of requests as they traverse various services. These insights detect sophisticated threats such as: - SQL Injection (SQLi) and Local File Inclusion (LFI) attempts. - Application logic abuse, such as bypassing business rules or exploiting edge cases. @@ -34,23 +34,23 @@ Depending on the nature of the threat, protection controls should be applied at This layered approach ensures threats are neutralized as early as possible without sacrificing the precision needed to protect legitimate traffic. -## AWS WAF integration with ASM +## AWS WAF integration with AAP There are two main use cases supported with this [integration][1]: -1. Gain visibility of AWS WAF actions in Datadog ASM. For example: +1. Gain visibility of AWS WAF actions in Datadog AAP. For example: 1. Metrics such as total requests allowed vs. blocked by the AWS WAF. 2. Drill down and view individual AWS WAF logs (requires you to [ingest AWS WAF logs into Datadog][2]). 3. How AWS WAF inspected the request: rules that were applied and the decision made (allow, block, or count). -
Note that ASM converts AWS WAF logs into ASM Traces, enabling you to view application activity (traces) and AWS WAF activity (logs converted to ASM traces) in the ASM Trace Explorer.
+
Note that AAP converts AWS WAF logs into AAP Traces, enabling you to view application activity (traces) and AWS WAF activity (logs converted to AAP traces) in the AAP Trace Explorer.
{{< img src="security/application_security/threats/aws-waf-int-asm.png" alt="AWS WAF integration details in Datadog UI" style="width:100%;" >}} 2. Leverage AWS WAF to block attackers: - 1. Connect your AWS WAF IP set(s) with Datadog ASM. You can use an existing set or create a new one. Datadog will add blocked IP addresses to this IP set. You can block attackers from ASM [Signals][3] or [Traces][4] explorers. + 1. Connect your AWS WAF IP set(s) with Datadog AAP. You can use an existing set or create a new one. Datadog will add blocked IP addresses to this IP set. You can block attackers from AAP [Signals][3] or [Traces][4] explorers. - {{< img src="/security/application_security/threats/aws-waf-blocked-ips.png" alt="ASM denylist blocked IPs" style="width:100%;" >}} + {{< img src="/security/application_security/threats/aws-waf-blocked-ips.png" alt="AAP denylist blocked IPs" style="width:100%;" >}} ## Further reading diff --git a/content/en/security/application_security/troubleshooting.md b/content/en/security/application_security/troubleshooting.md index a5e5e1c8c1be9..434a2d944fc7c 100644 --- a/content/en/security/application_security/troubleshooting.md +++ b/content/en/security/application_security/troubleshooting.md @@ -1,44 +1,44 @@ --- -title: Troubleshooting Application Security Management +title: Troubleshooting App and API Protection aliases: - /security_platform/application_security/troubleshooting further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Monitoring Threats with Datadog Application Security Management" + text: "Monitoring Threats with Datadog App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- ## Overview -If you experience unexpected behavior with Datadog Application Security Management (ASM), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. +If you experience unexpected behavior with Datadog App and API Protection (AAP), there are common issues you can investigate, as mentioned below. If you continue to have trouble, reach out to [Datadog support][1] for further assistance. -## ASM rate limits +## AAP rate limits -ASM traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. +AAP traces are rate-limited to 100 traces per second. Traces sent after the limit are not reported. Contact [Datadog support][1] if you need to change the limit. -## No security traces detected by ASM +## No security traces detected by AAP -There are a series of steps that must run successfully for threat information to appear in the ASM [Trace and Signals Explorer][2]. It is important to check each step when investigating this issue. Additional troubleshooting steps for specific languages are in the language tab at the end. +There are a series of steps that must run successfully for threat information to appear in the AAP [Trace and Signals Explorer][2]. It is important to check each step when investigating this issue. Additional troubleshooting steps for specific languages are in the language tab at the end. -### Confirm ASM is enabled +### Confirm AAP is enabled -You can use the metric `datadog.apm.appsec_host` to check if ASM is running. +You can use the metric `datadog.apm.appsec_host` to check if AAP is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Send a test attack to your application - To test your ASM setup, trigger the [Security Scanner Detected][7] rule by running a file that contains the following curl script: + To test your AAP setup, trigger the [Security Scanner Detected][7] rule by running a file that contains the following curl script: {{< programming-lang-wrapper langs="java,.NET,go,ruby,PHP,Node.js,python" >}} {{< programming-lang lang="java" >}} @@ -147,7 +147,7 @@ A few minutes after you enable your application and exercise it, and if it's suc ### Check if required tracer integrations are deactivated -ASM relies on certain tracer integrations. If they are deactivated, ASM won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. +AAP relies on certain tracer integrations. If they are deactivated, AAP won't work. To see if there are deactivated integrations, look for `disabled_integrations` in your [startup logs][8]. The required integrations vary by language. @@ -176,7 +176,7 @@ For Java, if you are using any of the following technologies, the respective int For .NET, the ASP.NET integration is required. -**Note:** If ASP.NET Core is disabled, ASM should still work with this framework. +**Note:** If ASP.NET Core is disabled, AAP should still work with this framework. {{< /programming-lang >}} @@ -250,7 +250,7 @@ framework you're using, such as the Django or Flask integration. ### Check if spans are successfully transmitted to Datadog -ASM data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: +AAP data is sent over [spans][9]. To confirm that spans are successfully transmitted to Datadog, check that your tracer logs contain logs that look similar to this: ``` 2021-11-29 21:19:58 CET | TRACE | INFO | (pkg/trace/info/stats.go:111 in LogStats) | [lang:.NET lang_version:5.0.10 interpreter:.NET tracer_version:1.30.1.0 endpoint_version:v0.4] -> traces received: 2, traces filtered: 0, traces amount: 1230 bytes, events extracted: 0, events sampled: 0 @@ -295,7 +295,7 @@ The log files are available in the following directories: {{< /programming-lang >}} {{< programming-lang lang="PHP" >}} -For PHP, to start troubleshooting issues with the Datadog ASM extension, enable debug logs in the ASM extension's `.ini` file. +For PHP, to start troubleshooting issues with the Datadog AAP extension, enable debug logs in the AAP extension's `.ini` file. The extension's `ini` file is usually found in `/etc/php//xxx/conf.d/98-ddtrace.ini`, but the location may differ depending on your installation. Look at the beginning of the `phpinfo()` output to identify the directory that is scanned for `.ini` files, if any. In the `.ini` file, set the following configuration options with the following: @@ -318,7 +318,7 @@ If the installation script is unable to find the correct PHP version, you can se $ php datadog-setup.php --php-bin /usr/bin/php7.4 --enable-appsec ``` ### Connection to helper failed -If the ASM extension is unable to communicate with the helper process, the following warning occurs: +If the AAP extension is unable to communicate with the helper process, the following warning occurs: ``` PHP Warning: Unknown: [ddappsec] Connection to helper failed and we are not going to attempt to launch it: dd_error @@ -349,11 +349,11 @@ datadog.appsec.helper_runtime_path = // {{< /programming-lang >}} {{< programming-lang lang="go" >}} -#### Confirm ASM is enabled in the running application +#### Confirm AAP is enabled in the running application -[Tracer startup logs][1] show the tracer configuration and whether ASM is enabled or not. If `appsec` is `true`, then ASM is enabled and running. +[Tracer startup logs][1] show the tracer configuration and whether AAP is enabled or not. If `appsec` is `true`, then AAP is enabled and running. -For example, the following startup log shows that ASM is disabled: +For example, the following startup log shows that AAP is disabled: ``` 2022/02/17 14:49:00 Datadog Tracer v1.36.0 INFO: DATADOG TRACER CONFIGURATION {"date":"2022-02-17T14:49:00+01:00","os_name":"Linux (Unknown Distribution)","os_version":"5.13.0","version":"v1.36.0","lang":"Go","lang_version":"go1.17.1","env":"prod","service":"grpcserver","agent_url":"http://localhost:8126/v0.4/traces","debug":false,"analytics_enabled":false,"sample_rate":"NaN","sampling_rules":null,"sampling_rules_error":"","service_mappings":null,"tags":{"runtime-id":"69d99219-b68f-4718-9419-fa173a79351e"},"runtime_metrics_enabled":false,"health_metrics_enabled":false,"profiler_code_hotspots_enabled":false,"profiler_endpoints_enabled":false,"dd_version":"","architecture":"amd64","global_service":"","lambda_mode":"false","appsec":false,"agent_features":{"DropP0s":false,"Stats":false,"StatsdPort":0}} @@ -361,9 +361,9 @@ For example, the following startup log shows that ASM is disabled: #### Enable debug logs -Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The ASM library will log to the standard error output. +Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The AAP library will log to the standard error output. -**Note:** ASM only outputs logs when it is enabled. Use the environment variable `DD_APPSEC_ENABLED=1` to enable ASM. +**Note:** AAP only outputs logs when it is enabled. Use the environment variable `DD_APPSEC_ENABLED=1` to enable AAP. [1]: /tracing/troubleshooting/tracer_startup_logs/ {{< /programming-lang >}} @@ -371,19 +371,19 @@ Enable debug logs with the environment variable `DD_TRACE_DEBUG=1`. The ASM libr Use this [migration guide][1] to assess any breaking changes if you upgraded your Node.js library from 1.x to 2.x. -If you don't see ASM threat information in the [Trace and Signals Explorer][2] for your Node.js application, follow these steps to troubleshoot the issue: +If you don't see AAP threat information in the [Trace and Signals Explorer][2] for your Node.js application, follow these steps to troubleshoot the issue: -1. Confirm the latest version of ASM is running by checking that `appsec_enabled` is `true` in the [startup logs][3] +1. Confirm the latest version of AAP is running by checking that `appsec_enabled` is `true` in the [startup logs][3] a. If you don't see startup logs after a request has been sent, add the environment variable `DD_TRACE_STARTUP_LOGS=true` to enable startup logs. Check the startup logs for `appsec_enabled` is `true`. - b. If `appsec_enabled` is `false`, then ASM was not enabled correctly. See [installation instructions][4]. + b. If `appsec_enabled` is `false`, then AAP was not enabled correctly. See [installation instructions][4]. - c. If `appsec_enabled` is not in the startup logs, the latest ASM version needs to be installed. See [installation instructions][4]. + c. If `appsec_enabled` is not in the startup logs, the latest AAP version needs to be installed. See [installation instructions][4]. 2. Is the tracer working? Can you see relevant traces on the APM dashboard? - ASM relies on the tracer so if you don't see traces, then the tracer might not be working. See [APM Troubleshooting][5]. + AAP relies on the tracer so if you don't see traces, then the tracer might not be working. See [APM Troubleshooting][5]. 3. In your application directory, run the command `npm explore @datadog/native-appsec -- npm run install` and restart your app. @@ -407,9 +407,9 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][2] f {{< /programming-lang >}} {{< programming-lang lang="python" >}} -If you don't see ASM threat information in the [Trace and Signals Explorer][1] for your Python application, check that ASM is running and that your tracer is working. +If you don't see AAP threat information in the [Trace and Signals Explorer][1] for your Python application, check that AAP is running and that your tracer is working. -1. Set your application's log level to `DEBUG` to confirm that ASM is running: +1. Set your application's log level to `DEBUG` to confirm that AAP is running: ```python import logging @@ -422,11 +422,11 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][1] f DEBUG:ddtrace.appsec.processor:[DDAS-001-00] Executing AppSec In-App WAF with parameters: ``` - If this log is not present, ASM is not running. + If this log is not present, AAP is not running. 2. Is the tracer working? Can you see relevant traces on the APM dashboard? - ASM relies on the tracer. If you don't see traces, then the tracer might not be working. See [APM Troubleshooting][2]. + AAP relies on the tracer. If you don't see traces, then the tracer might not be working. See [APM Troubleshooting][2]. [1]: https://app.datadoghq.com/security/appsec/ @@ -434,7 +434,7 @@ If you don't see ASM threat information in the [Trace and Signals Explorer][1] f {{< /programming-lang >}} {{< programming-lang lang="ruby" >}} -For Ruby, if you don't see ASM threat information in the [Trace and Signals Explorer][1] after a few minutes, enable tracer diagnostics for [debug logs][2]. For example: +For Ruby, if you don't see AAP threat information in the [Trace and Signals Explorer][1] after a few minutes, enable tracer diagnostics for [debug logs][2]. For example: ```ruby Datadog.configure do |c| @@ -445,9 +445,9 @@ end Debug logs are verbose but useful. If you open up a ticket with [Datadog support][1], forward the logs with your request. -#### Is ASM correctly enabled? +#### Is AAP correctly enabled? -ASM has been correctly enabled if you see logs such as: +AAP has been correctly enabled if you see logs such as: ``` D, [2021-12-14T11:03:32.167125 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib/datadog/appsec/waf.rb:296:in `block in logger=') {:level=>:ddwaf_log_info, :func=> "ddwaf_set_log_cb", :file=>"PowerWAFInterface.cpp", :message=>"Sending log messages to binding, min level trace"} @@ -456,13 +456,13 @@ D, [2021-12-14T11:03:32.200491 #73127] DEBUG -- ddtrace: [ddtrace] (libddwaf/lib If you do not see those logs, check the following: -- If the correct ASM environment variables are set for your application process. +- If the correct AAP environment variables are set for your application process. - The latest gem version is installed. - The tracer is configured correctly and sending APM traces to your APM dashboard. -#### Is ASM called for each HTTP request? +#### Is AAP called for each HTTP request? -To confirm that ASM is called for each HTTP request, trigger a [test attack](#send-a-test-attack-to-your-application) and look for these logs: +To confirm that AAP is called for each HTTP request, trigger a [test attack](#send-a-test-attack-to-your-application) and look for these logs: ``` D, [2022-01-19T21:25:50.579745 #341792] DEBUG -- ddtrace: [ddtrace] (/home/lloeki/src/github.com/DataDog/dd-trace-rb/lib/datadog/appsec/reactive/operation.rb:14:in `initialize') operation: rack.request initialize @@ -477,7 +477,7 @@ If you don't see those logs, try the following: - Send another [test attack](#send-a-test-attack-to-your-application) using another user agent value in the curl command to see if the threat information is successfully sent. - Look in the application logs for the exact request you ran to confirm the request reached the application, and was not responded to by another upstream system. -If the Rack integration was configured manually, sometimes a known issue prevents ASM from working. For example: +If the Rack integration was configured manually, sometimes a known issue prevents AAP from working. For example: ```ruby Datadog.configure do |c| @@ -488,9 +488,9 @@ Datadog.configure do |c| If `c.tracing.instrument :rack` is present, remove it to see if the check passes. -#### Is ASM detecting HTTP request security threats? +#### Is AAP detecting HTTP request security threats? -To confirm that ASM is detecting security threats, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these logs: +To confirm that AAP is detecting security threats, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these logs: ``` D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib/datadog/appsec/contrib/rack/reactive/request.rb:63:in `block in subscribe') WAF: #{"id"=>"ua0-600-10x", "name"=>"Nessus", "tags"=>{"type"=>"security_scanner", "category"=>"attack_attempt"}}, "rule_matches"=>[{"operator"=>"match_regex", "operator_value"=>"(?i)^Nessus(/|([ :]+SOAP))", "parameters"=>[{"address"=>"server.request.headers.no_cookies", "key_path"=>["user-agent"], "value"=>"Nessus SOAP", "highlight"=>["Nessus SOAP"]}]}]}], perf_data=nil, perf_total_runtime=20519> @@ -498,7 +498,7 @@ D, [2021-12-14T22:39:53.268820 #106051] DEBUG -- ddtrace: [ddtrace] (ddtrace/lib If you don't see those logs, check that another upstream security system is not filtering out the requests or altering them based on the test header value. #### Is the tracer sending traces with security data? -ASM data is sent with APM traces. To confirm that ASM correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: +AAP data is sent with APM traces. To confirm that AAP correctly detects and inserts security data into traces, trigger a [test attack](#send-a-test-attack-to-your-application), and look for these tracer logs: ``` Tags: [ @@ -527,7 +527,7 @@ Metrics: [ _sampling_priority_v1 => 2.0]] ``` -Wait a minute for the agent to forward the traces, then check that the traces show up in the APM dashboard. The security information in the traces may take additional time to be processed by Datadog before showing up as security traces in the ASM [Trace and Signals Explorer][1]. +Wait a minute for the agent to forward the traces, then check that the traces show up in the APM dashboard. The security information in the traces may take additional time to be processed by Datadog before showing up as security traces in the AAP [Trace and Signals Explorer][1]. [1]: https://app.datadoghq.com/security/appsec/ [2]: /tracing/troubleshooting/#tracer-debug-logs @@ -539,17 +539,17 @@ Wait a minute for the agent to forward the traces, then check that the traces sh There are a series of steps that must run successfully for vulnerability information to appear either in the [Software Catalog Security View][16] or in the [Vulnerability Explorer][12]. It is important to check each step when investigating this issue. -### Confirm ASM is enabled +### Confirm AAP is enabled -You can use the metric `datadog.apm.appsec_host` to check if ASM is running. +You can use the metric `datadog.apm.appsec_host` to check if AAP is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. -ASM data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. +AAP data is sent with APM traces. See [APM troubleshooting][4] to [confirm APM setup][5] and check for [connection errors][6]. ### Confirm tracer versions are updated @@ -566,7 +566,7 @@ To disable threat management, remove the `DD_APPSEC_ENABLED=true` environment va If no `DD_APPSEC_ENABLED=true` environment variable is set for your service, do one of the following: * If it's a PHP service: explicitly set the environment variable to `DD_APPSEC_ENABLED=false`, and restart your service. * If threat management was activated using [Remote Configuration][16], do the following: - 1. Go to [Services][15] (**ASM** > **Catalog** > **Services**). + 1. Go to [Services][15] (**AAP** > **Catalog** > **Services**). 2. Select **Threat Management in Monitoring Mode**. 3. In the **Threat Management** facet, enable **Monitoring Only**, **No data**, and **Ready to block**. 4. Click on a service. @@ -586,7 +586,7 @@ To disable [Code Security][13], remove the `DD_IAST_ENABLED=true` environment va ## Need more help? -If you continue to have issues with ASM, contact [Datadog support][1] with the following information: +If you continue to have issues with AAP, contact [Datadog support][1] with the following information: - Confirmation that the [test attack](#send-a-test-attack-to-your-application) was successfully sent - Tracer [startup][8] or [debug][10] logs diff --git a/content/en/security/audit_trail.md b/content/en/security/audit_trail.md index 8b859045548ad..8905803aa59cf 100644 --- a/content/en/security/audit_trail.md +++ b/content/en/security/audit_trail.md @@ -15,7 +15,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ To view audit logs generated by actions taken in Datadog Security, navigate to t {{% audit-trail-security-platform %}} -## Application Security Management +## App and API Protection {{% audit-trail-asm %}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 9e7bdc7971d7a..3520a7fd5b8fd 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -11,7 +11,7 @@ further_reading: text: "Start tracking misconfigurations with CSM Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" - text: "Uncover kernel-level threats with CSM Threats" + text: "Uncover kernel-level threats with Workload Protection" - link: "/security/research_feed" tag: "Documentation" text: "Security Research Feed" diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 7ce4a811022a6..a71e3ac58c9fa 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -12,9 +12,9 @@ aliases: {{< nextlink href="/security/cloud_security_management/guide/agent_variables" >}}Cloud Security Management Agent Variables{{< /nextlink >}} {{< /whatsnext >}} -{{< whatsnext desc="CSM Threats Guides" >}} +{{< whatsnext desc="Workload Protection Guides" >}} {{< nextlink href="/security/cloud_security_management/guide/active-protection" >}}Proactively block crypto mining threats with Active Protection{{< /nextlink >}} - {{< nextlink href="/security/cloud_security_management/guide/tuning-rules" >}}Best Practices for Fine-Tuning CSM Threats Security Signals{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/guide/tuning-rules" >}}Best Practices for Fine-Tuning Workload Protection Security Signals{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/custom-rules-guidelines" >}}Guidelines for Writing Custom Rules{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/ebpf-free-agent" >}}Threat Detection for Linux Without eBPF Support{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/security/cloud_security_management/guide/active-protection.md b/content/en/security/cloud_security_management/guide/active-protection.md index fc5784b3fe736..f43236f4f2b78 100644 --- a/content/en/security/cloud_security_management/guide/active-protection.md +++ b/content/en/security/cloud_security_management/guide/active-protection.md @@ -3,14 +3,14 @@ title: Proactively block crypto mining threats with Active Protection further_reading: - link: "security/threats/workload_security_rules" tag: "Documentation" - text: "CSM Threats Detection Rules" + text: "Workload Protection Detection Rules" ---
Please contact Datadog Support to enable Active Protection.
-
CSM Threats Active Protection is in Preview.
+
Workload Protection Active Protection is in Preview.
-This topic explains how to use the CSM Threats **Active Protection** feature to block crypto mining threats automatically. +This topic explains how to use the Workload Protection **Active Protection** feature to block crypto mining threats automatically. By default, all OOTB Agent [threat detection rules][4] are enabled and actively monitoring for crypto threats. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index 3e31b72a43a8a..8c7164daff9d2 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -1,15 +1,15 @@ --- -title: Guidelines for Writing Custom CSM Threats Rules +title: Guidelines for Writing Custom Workload Protection Rules further_reading: - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Managing CSM Threats Rules" + text: "Managing Workload Protection Rules" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expression Syntax" --- -At some point, you may want to write your own [custom Cloud Security Management Threats (CSM Threats) Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. +At some point, you may want to write your own [custom Workload Protection Agent rules][1]. When writing your own rules, there are a few strategies you can use to optimize for efficiency. ## Attributes diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index 01c3168d475c1..8b85c822ae778 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -3,7 +3,7 @@ title: Threat Detection for Linux Without eBPF Support disable_toc: false --- -This guide describes how to set up the CSM Threats eBPF-less solution for eBPF disabled environments, such as AWS Fargate. The eBPF-less solution uses a ptrace-based Datadog Agent. +This guide describes how to set up the Workload Protection eBPF-less solution for eBPF disabled environments, such as AWS Fargate. The eBPF-less solution uses a ptrace-based Datadog Agent. This guide also describes some advantages of the ptrace solution. diff --git a/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md b/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md index 91294fae96e81..2d296d70e06a2 100644 --- a/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md +++ b/content/en/security/cloud_security_management/guide/identify-unauthorized-anomalous-procs.md @@ -7,11 +7,11 @@ further_reading: text: "Creating Custom Detection Rules" --- -You can use CSM Threats to identify if unauthorized or anomalous processes are running or executed on your IT systems. +You can use Workload Protection to identify if unauthorized or anomalous processes are running or executed on your IT systems. For example, you can create a process allowlist and query for processes running on hosts and containers outside of the allowlist. -In CSM Threats, you can [define custom rules][1] to watch process executions for malicious activity on hosts or containers in real-time. You can define a list of process names and/or arguments that will generate a security signal that can be used to notify users. +In Workload Protection, you can [define custom rules][1] to watch process executions for malicious activity on hosts or containers in real-time. You can define a list of process names and/or arguments that will generate a security signal that can be used to notify users. This guide shows you how to query for unauthorized and anomalous processes using static and dynamic allowlists as examples. diff --git a/content/en/security/cloud_security_management/guide/tuning-rules.md b/content/en/security/cloud_security_management/guide/tuning-rules.md index 46126c39cc0c0..ab38d23db9c83 100644 --- a/content/en/security/cloud_security_management/guide/tuning-rules.md +++ b/content/en/security/cloud_security_management/guide/tuning-rules.md @@ -1,5 +1,5 @@ --- -title: Fine-tuning CSM Threats Security Signals +title: Fine-tuning Workload Protection Security Signals aliases: - /security_platform/cloud_workload_security/guide/tuning-rules/ - /security_platform/cloud_security_management/guide/tuning-rules/ @@ -7,7 +7,7 @@ aliases: ## Overview -Cloud Security Management Threats (CSM Threats) monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. +Workload Protection monitors suspicious activity occurring at the workload level. However, in some cases, benign activities are flagged as malicious because of particular settings in the user's environment. When a benign expected activity is triggering a signal, you can suppress the trigger on the activity to limit noise. This guide provides considerations for best practices and steps for fine-tuning signal suppression. @@ -137,11 +137,11 @@ Additionally you might notice that signals are created even when some of your ma ## Adding a suppression from the signal -When you are in the process of investigating a potential threat reported by CSM Threats detection rules, you can encounter some signals that alert on known benign behaviors that are specific to your environment. +When you are in the process of investigating a potential threat reported by Workload Protection detection rules, you can encounter some signals that alert on known benign behaviors that are specific to your environment. Consider a Java process utility exploitation. An attacker intentionally targets vulnerabilities in your application code that runs Java processes. This kind of attack entails persistent access to your application by spawning its own Java shell utility. -In some cases, CSM Threats rules might also detect expected activity, for example from your security team running a pentest session to evaluate the robustness of your applications. In this case, you can evaluate the accuracy of alerts reported and suppress noise. +In some cases, Workload Protection rules might also detect expected activity, for example from your security team running a pentest session to evaluate the robustness of your applications. In this case, you can evaluate the accuracy of alerts reported and suppress noise. Open the signal details side panel and navigate from one tab to the other to gain context, including key process metadata like command-line arguments and environment variable keys. For containerized workloads, the information includes the relevant image, pod, Kubernetes cluster, and more. @@ -168,7 +168,7 @@ For additional granularity, the following attributes provide information about p Signals surface relevant context within security alerts. Although event data can be leveraged for suppression filters, the observability data that the detection rule is built on may offer a better tuning candidate. -In CSM Threats, the runtime Agent logs are generated from collected kernel events. You can preview the logs from the signal side-panel without context switching. +In Workload Protection, the runtime Agent logs are generated from collected kernel events. You can preview the logs from the signal side-panel without context switching. 1. Go to your chosen signal details side-panel and click the Events tab. 2. Click **View in Log Explorer** to navigate to Log Management, which displays the full list of logs that instigate this signal. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index 3b2db536a18b9..028e6e89907e5 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -22,7 +22,7 @@ The Cloud Security Management Misconfigurations (CSM Misconfigurations) [Explore - Read descriptions and guidelines based on industry resources for remediating a misconfigured resource. - Use the time selector to explore your security configuration posture at any point in the past. -In addition to reviewing and responding to misconfigurations, you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same view as real-time threats generated by [Cloud SIEM][2] and [CSM Threats][3]. This enables you to accelerate investigations, as the root causes for many of today's cloud breaches are misconfigured services that have been exploited by attackers. +In addition to reviewing and responding to misconfigurations, you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same view as real-time threats generated by [Cloud SIEM][2] and [Workload Protection][3]. This enables you to accelerate investigations, as the root causes for many of today's cloud breaches are misconfigured services that have been exploited by attackers. ## Misconfigurations diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index aa25657578a03..2281ac76e9c36 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -20,7 +20,7 @@ further_reading: ## Overview -In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations Explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [CSM Threats][3]. +In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations Explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [Workload Protection][3]. ## Reduce alert fatigue with security posture signals diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 701d2e6197b39..8220c9119eaef 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -10,7 +10,7 @@ further_reading: aliases: - /security/cloud_security_management/workflows products: - - name: CSM Threats + - name: Workload Protection url: /security/threats/ icon: cloud-security-management - name: CSM Misconfigurations diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 007a3731effc9..ed6635cf174e5 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -97,7 +97,7 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to Real time - CSM Threats + Workload Protection {{< X >}} {{< X >}} @@ -139,7 +139,7 @@ Monitor your compliance security coverage and secure your cloud infrastructure a For information on disabling CSM, see the following: - [Disable CSM Vulnerabilities][8] -- [Disable CSM Threats][9] +- [Disable Workload Protection][9] ## Further reading diff --git a/content/en/security/cloud_security_management/setup/supported_deployment_types.md b/content/en/security/cloud_security_management/setup/supported_deployment_types.md index 64b7c5b72d811..08b66de5d5cd2 100644 --- a/content/en/security/cloud_security_management/setup/supported_deployment_types.md +++ b/content/en/security/cloud_security_management/setup/supported_deployment_types.md @@ -6,7 +6,7 @@ title: Cloud Security Supported Deployment Types The following table summarizes the CSM features available relative to each deployment type. -| Deployment type | Agent Required (7.46+) | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless Scanning | +| Deployment type | Agent Required (7.46+) | CSM Misconfigurations | Workload Protection | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless Scanning | |---------------------|------------------------|-----------------------|-------------|------------------------------|--------------------|------------------------| | AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | | Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | @@ -20,7 +20,7 @@ The following table summarizes the CSM features available relative to each deplo | AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | The following table summarizes the scope of coverage available relative to each CSM feature. -| Resources monitored | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless scanning | +| Resources monitored | CSM Misconfigurations | Workload Protection | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless scanning | |---------------------------------|-----------------------|-------------|---------------------|--------------------|------------------------| | Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | | Resources in Azure Subscription | {{< X >}} | | | | | diff --git a/content/en/security/cloud_security_management/troubleshooting/_index.md b/content/en/security/cloud_security_management/troubleshooting/_index.md index 67e997f465fcc..80184f46bc54d 100644 --- a/content/en/security/cloud_security_management/troubleshooting/_index.md +++ b/content/en/security/cloud_security_management/troubleshooting/_index.md @@ -4,7 +4,7 @@ disable_toc: true --- {{< whatsnext desc="Troubleshooting Guides" >}} - {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Cloud Security Management Threats{{< /nextlink >}} + {{< nextlink href="/security/cloud_security_management/troubleshooting/threats" >}}Workload Protection{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/troubleshooting/vulnerabilities" >}}Cloud Security Management Vulnerabilities{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 5a12c0d3f8a42..42e4df64af968 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting Cloud Security Management Threats +title: Troubleshooting Workload Protection aliases: - /security_platform/cloud_workload_security/troubleshooting/ - /security_platform/cloud_security_management/troubleshooting/ @@ -29,7 +29,7 @@ If you don't have a case ID, just enter your email address used to login in Data ## Agent Self tests -In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Cloud Security Management Threats (CSM Threats) is able to detect system events, you can manually trigger self tests by running the following command: +In order to ensure that the communication between the `security-agent` and the `system-probe` is working as expected and that Workload Protection is able to detect system events, you can manually trigger self tests by running the following command: | Platform | Command | | -------- | ------- | @@ -50,18 +50,18 @@ You can now see events coming from the `runtime-security-agent` in the Log Explo ## Compatibility with custom Kubernetes network plugins -The network based detections of CSM Threats rely on the traffic control sub-system of the Linux kernel. This sub-system is known to introduce race conditions if multiple vendors try to insert, replace, or delete filters on the "clsact" ingress qdisc. Follow the checklist below to ensure that CSM Threats is properly configured: +The network based detections of Workload Protection rely on the traffic control sub-system of the Linux kernel. This sub-system is known to introduce race conditions if multiple vendors try to insert, replace, or delete filters on the "clsact" ingress qdisc. Follow the checklist below to ensure that Workload Protection is properly configured: * Check if your vendor leverages eBPF traffic control classifiers. If they do not, you can ignore this paragraph. * Check if your vendor returns TC_ACT_OK or TC_ACT_UNSPEC after granting access to a network packet. If they return TC_ACT_UNSPEC, you can ignore this paragraph. * Check which priority your vendor attaches their eBPF classifiers to: - * If they use priority 1, CSM Threats network detections do not work inside your containers. + * If they use priority 1, Workload Protection network detections do not work inside your containers. * If they use priority 2 to 10, make sure to configure `runtime_security_config.network.classifier_priority` to a number strictly below the priority chosen by your vendor. * If they use priority 11 or higher, you can ignore this paragraph. For example, there is a known race with Cilium 1.9 and lower with the Datadog Agent (version 7.36 to 7.39.1, 7.39.2 excluded) that may happen when a new pod is started. The race can lead to loss of connectivity inside the pod, depending on how Cilium is configured. -Ultimately, if the Datadog Agent or your third party vendors cannot be configured to prevent the issue from happening, you should disable the network based detections of CSM Threats by following the steps below: +Ultimately, if the Datadog Agent or your third party vendors cannot be configured to prevent the issue from happening, you should disable the network based detections of Workload Protection by following the steps below: * Add the following parameter to your `system-probe.yaml` configuration file on host based installations: ```yaml @@ -81,9 +81,9 @@ datadog: ```bash DD_RUNTIME_SECURITY_CONFIG_NETWORK_ENABLED=false ``` -## Disable CSM Threats +## Disable Workload Protection -To disable CSM Threats, follow the steps for your Agent platform. +To disable Workload Protection, follow the steps for your Agent platform. ### Helm diff --git a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md index 5c5128c93a5f5..724924728d96a 100644 --- a/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md +++ b/content/en/security/cloud_siem/detection_rules/signal_correlation_rules.md @@ -24,7 +24,7 @@ As another example, you can create a signal by combining these two rules: And use the `expired account ID` attribute to correlate the two rules. -You can correlate log detection rules, as well as log detection rules with Cloud Security Management Threats and Application Security Management rules. +You can correlate log detection rules, as well as log detection rules with Workload Protection and App and API Protection rules. ## Create a Signal Correlation rule diff --git a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md index 5ba7eb580aac4..b3e93ecdde3c3 100644 --- a/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md +++ b/content/en/security/cloud_siem/guide/how-to-setup-security-filters-using-cloud-siem-api.md @@ -21,7 +21,7 @@ The following examples are covered in this guide: * [Configure the default security filter to exclude certain logs](#add-an-exclusion) * [Create custom security filters to specify which log sources to analyze](#create-a-custom-filter) -**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Cloud Security Management Threats (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. +**Note**: Security Filters are only required to control logs analyzed by the Cloud SIEM product. You do not need to write Security Filters to exclude logs generated by the Datadog Agent as part of the Workload Protection (`source:runtime-security-agent`) and Cloud Security Management Misconfigurations (`source:compliance-agent`) products, as they're not billed as analyzed logs regardless. ## Prerequisites diff --git a/content/en/security/code_security/iast/setup/compatibility/_index.md b/content/en/security/code_security/iast/setup/compatibility/_index.md index 2aa29e071f358..2a3f36b781a67 100644 --- a/content/en/security/code_security/iast/setup/compatibility/_index.md +++ b/content/en/security/code_security/iast/setup/compatibility/_index.md @@ -4,10 +4,10 @@ type: multi-code-lang further_reading: - link: "/security/application_security/troubleshooting" tag: "Documentation" - text: "Troubleshooting Application Security Management" + text: "Troubleshooting App and API Protection" - link: "/security/application_security/how-appsec-works/" tag: "Documentation" - text: "How Application Security Management Works in Datadog" + text: "How App and API Protection Works in Datadog" --- The following capabilities are supported relative to each language's tracing library: diff --git a/content/en/security/code_security/iast/setup/dotnet.md b/content/en/security/code_security/iast/setup/dotnet.md index e72b4395a4b13..db137c99c2d65 100644 --- a/content/en/security/code_security/iast/setup/dotnet.md +++ b/content/en/security/code_security/iast/setup/dotnet.md @@ -95,7 +95,7 @@ ENV DD_IAST_ENABLED=true {{% tab "Kubernetes" %}} -Update your deployment configuration file for APM and add the ASM environment variable: +Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: diff --git a/content/en/security/code_security/iast/setup/nodejs.md b/content/en/security/code_security/iast/setup/nodejs.md index 620ff1a10d167..0f5bdbb621224 100644 --- a/content/en/security/code_security/iast/setup/nodejs.md +++ b/content/en/security/code_security/iast/setup/nodejs.md @@ -37,7 +37,7 @@ Follow these steps to enable Code Security in your service: ```shell node --require dd-trace/init app.js ``` - Then use environment variables to enable ASM: + Then use environment variables to enable AAP: ```shell DD_IAST_ENABLED=true node app.js ``` diff --git a/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md b/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md index 52d97d558e57f..649607501bf52 100644 --- a/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md +++ b/content/en/security/code_security/software_composition_analysis/setup_runtime/_index.md @@ -11,7 +11,7 @@ Before setting up runtime detection, ensure the following prerequisites are met: 1. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. 2. **Datadog Agent Installation:** The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment. 3. **Datadog APM Configuration:** Datadog APM is configured for your application or service, and web traces (`type:web`) are being received by Datadog. -4. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][2] page for each ASM product. +4. **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports Software Composition Analysis capabilities for the language of your application or service. For more details, refer to the [Library Compatibility][2] page for each AAP product. ## Software Composition Analysis enablement types diff --git a/content/en/security/code_security/troubleshooting/_index.md b/content/en/security/code_security/troubleshooting/_index.md index d2c4d9a5cb335..235e408c66579 100644 --- a/content/en/security/code_security/troubleshooting/_index.md +++ b/content/en/security/code_security/troubleshooting/_index.md @@ -168,8 +168,8 @@ There are a series of steps that must run successfully for vulnerability informa If you have enabled runtime vulnerability detection on your services, you can use the metric `datadog.apm.appsec_host` to check if SCA is running. 1. Go to **Metrics > Summary** in Datadog. -2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running ASM. If the metric exists, the services are reported with the metric tags `host` and `service`. -3. Select the metric, and in the **Tags** section, search for `service` to see which services are running ASM. +2. Search for the metric `datadog.apm.appsec_host`. If the metric doesn't exist, then there are no services running AAP. If the metric exists, the services are reported with the metric tags `host` and `service`. +3. Select the metric, and in the **Tags** section, search for `service` to see which services are running AAP. If you are not seeing `datadog.apm.appsec_host`, check the [in-app instructions][3] to confirm that all steps for the initial setup are complete. diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 5bf81efdbc99b..f9eec8a8ccbc0 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -25,7 +25,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -36,16 +36,16 @@ Detection rules define conditional logic that is applied to all ingested logs an ## Out-of-the-box detection rules -Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides [out-of-the-box detection rules][2] to flag attacker techniques and potential misconfigurations. When new detection rules are released, they are automatically imported into your account, your App and API Protection library, and the Agent, depending on your configuration. Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. - Cloud Security Management (CSM): - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. + - [Workload Protection][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. -- [Application Security Management][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. +- [App and API Protection][7] (AAP) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules @@ -53,7 +53,7 @@ Datadog's Security Research team continually adds new OOTB security detection ru ## Custom detection rules -There may be situations where you need to customize a rule based on your environment or workload. For example, if you're using ASM, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. +There may be situations where you need to customize a rule based on your environment or workload. For example, if you're using AAP, you may want to customize a detection rule that detects users performing sensitive actions from a geolocation where your business doesn't operate. To [create custom rules](#create-detection-rules), you can clone the default rules and edit the copies, or create your own rules from scratch. @@ -72,9 +72,9 @@ To create a custom detection rule, click the **New Rule** button in the upper-ri For detailed instructions, see the following articles: - [Cloud SIEM][11] -- [ASM][12] +- [AAP][12] - [CSM Misconfigurations][13] -- [CSM Threats][14] +- [Workload Protection][14] ## Manage detection rules @@ -119,7 +119,7 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - - For ASM: Click **Application Security** and then click **Detection Rules**. + - For AAP: Click **Application Security** and then click **Detection Rules**. - For CSM: Click **Cloud Security Management** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 4340782998f52..165c203eb97b6 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -10,9 +10,9 @@ further_reading: text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" --- -This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. +This guide walks you through configuring [Cloud Security Management (CSM)][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (AAP)][4], and [Cloud SIEM][5] on AWS Fargate. -{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} +{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, AAP, and Cloud SIEM are configured on AWS Fargate" width="90%">}} ## Full stack coverage for AWS Fargate @@ -33,13 +33,13 @@ Datadog Security provides multiple layers of visibility for AWS Fargate. Use the Fargate Application Application Performance Monitoring Software Composition Analysis (SCA) and Code Security - ASM - Threat Detection and Protection + AAP - Threat Detection and Protection Fargate Infrastructure Infrastructure Monitoring Not yet supported - CSM Threats + Workload Protection @@ -260,7 +260,7 @@ Use the following [Agent RBAC deployment instruction][6] before deploying the Ag #### Deploy the Agent as a sidecar -The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with CSM Threats enabled: +The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with Workload Protection enabled: ```yaml apiVersion: apps/v1 @@ -362,7 +362,7 @@ In the task definition, replace the "workload" container with the following: - The Datadog Agent is installed and configured for your application's operating system or container, cloud, or virtual environment - Datadog APM is configured for your application or service -
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with Application Security Management.
+
For additional performance and reliability insights, Datadog recommends enabling Application Performance Monitoring with App and API Protection.
### Installation diff --git a/content/en/security/notifications/_index.md b/content/en/security/notifications/_index.md index f455e717c6583..64b2b7811b3fd 100644 --- a/content/en/security/notifications/_index.md +++ b/content/en/security/notifications/_index.md @@ -19,7 +19,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/rules.md b/content/en/security/notifications/rules.md index 837d1702b3e03..0df0971e64d87 100644 --- a/content/en/security/notifications/rules.md +++ b/content/en/security/notifications/rules.md @@ -18,7 +18,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/notifications/variables.md b/content/en/security/notifications/variables.md index 2bc1b3f587a08..89de0bd03ee67 100644 --- a/content/en/security/notifications/variables.md +++ b/content/en/security/notifications/variables.md @@ -16,7 +16,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -139,7 +139,7 @@ user@domain.com just logged in without MFA from 1.2.3.4. {{% /tab %}} -{{% tab "Application Security Management" %}} +{{% tab "App and API Protection" %}} ```json { diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 1ed00bc4a4720..004f71747ad76 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -3,7 +3,7 @@ title: Security Inbox further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Learn more about Application Security Management" + text: "Learn more about App and API Protection" - link: "/security/cloud_security_management" tag: "Documentation" text: "Learn more about Cloud Security Management" @@ -17,7 +17,7 @@ products: - name: Cloud Security Management url: /security/cloud_security_management/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -30,7 +30,7 @@ Security Inbox provides a consolidated, actionable list of your most important s ## Types of findings in Security Inbox -The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security Management (CSM). By default, these include the following types of findings: +The findings that appear in Security Inbox are generated from App and API Protection (AAP) and Cloud Security Management (CSM). By default, these include the following types of findings: - A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. - A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. diff --git a/content/en/security/suppressions.md b/content/en/security/suppressions.md index 875a2a8fc7629..2d4049650c87c 100644 --- a/content/en/security/suppressions.md +++ b/content/en/security/suppressions.md @@ -9,10 +9,10 @@ products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- diff --git a/content/en/security/threat_intelligence.md b/content/en/security/threat_intelligence.md index 3b2df4261245e..a995cb707aa0a 100644 --- a/content/en/security/threat_intelligence.md +++ b/content/en/security/threat_intelligence.md @@ -6,15 +6,15 @@ description: "Threat Intelligence at Datadog" further_reading: - link: "/security/application_security/threats/threat-intelligence/" tag: "documentation" - text: "ASM Threat Intelligence" + text: "AAP Threat Intelligence" products: - name: Cloud SIEM url: /security/cloud_siem/ icon: siem -- name: CSM Threats +- name: Workload Protection url: /security/threats/ icon: cloud-security-management -- name: Application Security Management +- name: App and API Protection url: /security/application_security/ icon: app-sec --- @@ -66,13 +66,13 @@ Sources, categories, and intents are available as facets and filters on relevant | Source | Category | Source Use Cases | Primary Products | |--------|------------|-----------|------------------| -| Datadog Threat Research| scanners, Redis exploitation, Docker exploitation, malware, bruteforcer | Honeypots focused on software specific threats | ASM, CWS and Cloud SIEM | -| [Datadog ASM](https://docs.datadoghq.com/security/application_security/) | scanner | List of IPs that have been observed attacking multiple ASM customers | ASM | -| [Spur](https://spur.us/) | residential_proxy | Proxies associated credential stuffing and fraud | ASM and Cloud SIEM | +| Datadog Threat Research| scanners, Redis exploitation, Docker exploitation, malware, bruteforcer | Honeypots focused on software specific threats | AAP, CWS and Cloud SIEM | +| [Datadog AAP](https://docs.datadoghq.com/security/application_security/) | scanner | List of IPs that have been observed attacking multiple AAP customers | AAP | +| [Spur](https://spur.us/) | residential_proxy | Proxies associated credential stuffing and fraud | AAP and Cloud SIEM | | [Spur](https://spur.us/) | malware_proxy | Proxies associated with malware command and control | Cloud SIEM | | [Abuse.ch](https://abuse.ch/) Malware Bazaar| malware | Malware on hosts | CWS | | [Minerstat](https://minerstat.com/mining-pool-whitelist.txt) | malware | Coinminer activity with known mining pools| CWS | -| Tor | tor | Policy violations for user activity | ASM, Cloud SIEM, and CWS | +| Tor | tor | Policy violations for user activity | AAP, Cloud SIEM, and CWS | | [Threatfox](https://threatfox.abuse.ch/) | malware | Identify hosts communicating with known malware infrastructure | Cloud SIEM, and CWS | @@ -80,13 +80,13 @@ Sources, categories, and intents are available as facets and filters on relevant | Category | Intention | Entity Types | Product Use Cases | Primary Products | |----------|----------|--------------|----------|------------------| -| residential_proxy | suspicious | IP addresses | Reputation for credential stuffing and fraud | ASM and Cloud SIEM | -| botnet_proxy | suspicious | IP addresses | Reputation for being part of a botnet and contributing to distributed attacks | ASM and Cloud SIEM | +| residential_proxy | suspicious | IP addresses | Reputation for credential stuffing and fraud | AAP and Cloud SIEM | +| botnet_proxy | suspicious | IP addresses | Reputation for being part of a botnet and contributing to distributed attacks | AAP and Cloud SIEM | | malware | malicious | application library versions, file hashes | Malicious packages and communication with mining pools| CWS | -| scanner | suspicious | IP addresses | Reputation for scanners | ASM and Cloud SIEM | -| hosting_proxy | suspicious | IP addresses | Datacenter IPs with a reputation of abuse, such as for distributed credential stuffing attacks | ASM and Cloud SIEM | -| tor | suspicious | IP addresses | Corporate policy violations for user activity | ASM and Cloud SIEM | -| disposable_email | suspicious | Email domain | Detect product usage from disposable email addresses | ASM | +| scanner | suspicious | IP addresses | Reputation for scanners | AAP and Cloud SIEM | +| hosting_proxy | suspicious | IP addresses | Datacenter IPs with a reputation of abuse, such as for distributed credential stuffing attacks | AAP and Cloud SIEM | +| tor | suspicious | IP addresses | Corporate policy violations for user activity | AAP and Cloud SIEM | +| disposable_email | suspicious | Email domain | Detect product usage from disposable email addresses | AAP | ### Threat Intelligence Intents | Intent | Use Case | diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index 4b685d06747e4..5f99196d65fc2 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -1,5 +1,5 @@ --- -title: Cloud Security Management Threats +title: Workload Protection aliases: - /security_platform/cloud_workload_security/ - /security/cloud_workload_security/ @@ -9,13 +9,13 @@ aliases: - /security/threats/runtime_anomaly_detection --- -Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of CSM Threats with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. +Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. ## Detect threats to your production workloads in real-time -Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine CSM Threats with [Cloud Network Monitoring][9] and detect suspicious activity at the network level before a workload is compromised. +Monitor file and process activity at the kernel level to detect threats to your infrastructure, such as Amazon EC2 instances, Docker containers, and Kubernetes clusters. Combine Workload Protection with [Cloud Network Monitoring][9] and detect suspicious activity at the network level before a workload is compromised. -Workload Protection Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for CSM Threats: +Workload Protection Threats uses the Datadog Agent to monitor your environment. If you don't already have the Datadog Agent set up, [start with setting up the Agent][2] on a [supported operating system][1]. There are four types of monitoring that the Datadog Agent uses for Workload Protection: 1. **Process Execution Monitoring** to watch process executions for malicious activity on hosts or containers in real-time. 2. **File Integrity Monitoring** to watch for changes to key files and directories on hosts or containers in real-time. @@ -36,7 +36,7 @@ Workload Protection Threats comes with more than 50 out-of-the-box detection rul Use [Remote Configuration][7] to automatically deploy new and updated rules to the Agent. [Customize the rules][5] by defining how each rule monitors process, network, and file activity, [create custom rules][6], and [set up real-time notifications](#set-up-real-time-notifications) for new signals. -{{< img src="security/cws/threats_detection_rules.png" alt="CSM Threats detection rules in the Datadog app" width="100%">}} +{{< img src="security/cws/threats_detection_rules.png" alt="Workload Protection detection rules in the Datadog app" width="100%">}} ## Set up real-time notifications @@ -59,9 +59,9 @@ Datadog is introducing a new feature called Active Protection to address the cry {{< whatsnext >}} {{< nextlink href="/security/threats/setup">}}Complete setup and configuration{{< /nextlink >}} - {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Threats{{< /nextlink >}} - {{< nextlink href="/security/threats/workload_security_rules">}}Learn about CSM Threats detection rules{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box CSM Threats detection rules{{< /nextlink >}} + {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for Workload Protection{{< /nextlink >}} + {{< nextlink href="/security/threats/workload_security_rules">}}Learn about Workload Protection detection rules{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-workload-security">}}Start using out-of-the-box Workload Protection detection rules{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security Management{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/security/threats/agent.md b/content/en/security/threats/agent.md index 4a990bbba0112..92c3123f0b7de 100644 --- a/content/en/security/threats/agent.md +++ b/content/en/security/threats/agent.md @@ -1,10 +1,10 @@ --- -description: Agent expression attributes and operators for CSM Threats Rules +description: Agent expression attributes and operators for Workload Protection Rules disable_edit: true further_reading: - link: /security/cloud_workload_security/getting_started/ tag: Documentation - text: Get started with Datadog CSM Threats + text: Get started with Datadog Workload Protection title: Creating Agent Rule Expressions --- @@ -17,7 +17,7 @@ The **Assisted rule creator** option helps you create the Agent and dependent de For details, see [Creating Custom Detection Rules][1]. ## Agent expression syntax -Cloud Security Management Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: +Workload Protection first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a Workload Protection rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: {{< code-block lang="javascript" >}} . [ .] ... diff --git a/content/en/security/threats/investigate_agent_events.md b/content/en/security/threats/investigate_agent_events.md index 48032ff3512b2..bc6fc033c5a30 100644 --- a/content/en/security/threats/investigate_agent_events.md +++ b/content/en/security/threats/investigate_agent_events.md @@ -4,10 +4,10 @@ disable_toc: false further_reading: - link: "/security/default_rules/?category=cat-csm-threats#all" tag: "Documentation" - text: "Explore CSM Threats detection rules" + text: "Explore Workload Protection detection rules" - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Learn how to manage CSM Threats detection rules" + text: "Learn how to manage Workload Protection detection rules" - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index f5c7e78af4b90..2c79ab84f30b1 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -4,10 +4,10 @@ disable_toc: false further_reading: - link: "/security/default_rules/?category=cat-csm-threats#all" tag: "Documentation" - text: "Explore CSM Threats detection rules" + text: "Explore Workload Protection detection rules" - link: "/security/threats/workload_security_rules" tag: "Documentation" - text: "Learn how to manage CSM Threats detection rules" + text: "Learn how to manage Workload Protection detection rules" - link: "/security/notifications/" tag: "Documentation" text: "Learn more about security notifications" @@ -16,7 +16,7 @@ further_reading: text: "Secure your Windows workloads with Datadog Cloud Security Management" --- -[Cloud Security Management Threats][9] (CSM Threats) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. +[Workload Protection][9] (Workload Protection) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. diff --git a/content/en/security/threats/supported_linux_distributions.md b/content/en/security/threats/supported_linux_distributions.md index fed1bbb57f1b6..13622d2790b6e 100644 --- a/content/en/security/threats/supported_linux_distributions.md +++ b/content/en/security/threats/supported_linux_distributions.md @@ -1,8 +1,8 @@ --- -title: CSM Threats Supported Linux Distributions +title: Workload Protection Supported Linux Distributions --- -Cloud Security Management Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distributions | Supported Versions | |---------------------------------------------------------------|-------------------------| @@ -19,8 +19,8 @@ Cloud Security Management Threats supports the following Linux distributions: **Notes:** - Custom kernel builds are not supported. -- The [CSM Threats eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. -- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Cloud Security Management Threats][1]. +- The [Workload Protection eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. +- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Workload Protection][1]. - Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported). [1]: /security/cloud_security_management/troubleshooting/threats diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index beb8b04988006..a5e1b3fb16f1e 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -1,24 +1,24 @@ --- -title: CSM Threats Detection Rules +title: Workload Protection Detection Rules aliases: - /security_platform/cloud_workload_security/workload_security_rules - /security/cloud_workload_security/workload_security_rules further_reading: - link: "/security/threats/setup" tag: "Documentation" - text: "Setting Up CSM Threats" + text: "Setting Up Workload Protection" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expressions" - link: "security/threats/backend" tag: "Documentation" - text: "CSM Threats Events" + text: "Workload Protection Events" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" --- -This topic explains how Cloud Security Management Threats (CSM Threats) actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. +This topic explains how Workload Protection actively monitors system activity and evaluates it against a set of out-of-the-box (OOTB) rules to detect suspicious behavior. ## Proactively block threats with Active Protection @@ -26,11 +26,11 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and [Active Protection][12] enables you to proactively block and terminate crypto mining threats identified by the Datadog Agent threat detection rules. -## CSM Threats rules construction +## Workload Protection rules construction Workload Protection Threats rules consist of two different components: Agent rules and threat detection rules. -- **Agent rules:** [Agent rules][9] are evaluated on the Agent host. CSM Threats first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

+- **Agent rules:** [Agent rules][9] are evaluated on the Agent host. Workload Protection first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

For example, here is the *Agent rule* expression `cryptominer_args`: @@ -56,7 +56,7 @@ Workload Protection Threats rules consist of two different components: Agent rul -@process.executable.path:"/usr/bin/grep" ``` -### CSM Threats rules pipeline +### Workload Protection rules pipeline Workload Protection Threats uses the following pipeline when evaluating events: @@ -68,7 +68,7 @@ Workload Protection Threats uses the following pipeline when evaluating events: The following diagram illustrates this pipeline: -{{< img src="security/cws/threat_detection_pipeline_2.png" alt="CSM Threats detection pipeline" style="width:100%;" >}} +{{< img src="security/cws/threat_detection_pipeline_2.png" alt="Workload Protection detection pipeline" style="width:100%;" >}} ### Saving resources by design @@ -87,15 +87,15 @@ There are two use cases: - **Create a threat detection rule using an existing Agent rule:** To create a threat detection rule that uses an existing Agent rule, you only need to create a threat detection rule that references the Agent rule and adds any additional expression parameters you need. - **Create a threat detection rule using a new Agent rule:** To detect an event that the current Agent rules do not support, create a custom Agent rule to detect that event, and then create a custom threat detection rule that uses the custom Agent rule. -For a detailed explanation, see [CSM Threats Detection Rules][11]. +For a detailed explanation, see [Workload Protection Detection Rules][11]. ## Agent rules summary Agent rules contain [Agent expressions](#agent-expressions) that determine which activities the Agent collects. A full set of Agent rules is called a policy. Datadog provides you with several [out-of-the-box Agent rules][6] powered by the default Agent policy. -With [Remote Configuration][7] enabled, you automatically receive new and updated CSM Threats Agent rules when they're released. These bundled Agent rules are used in the [default detection rules][1]. +With [Remote Configuration][7] enabled, you automatically receive new and updated Workload Protection Agent rules when they're released. These bundled Agent rules are used in the [default detection rules][1]. -
Remote Configuration for CSM Threats is in Preview. If you have any feedback or questions, contact Datadog support.
+
Remote Configuration for Workload Protection is in Preview. If you have any feedback or questions, contact Datadog support.
### Agent expressions @@ -105,11 +105,11 @@ Agent expressions use [Datadog's Security Language (SECL)][2] to define behavior To detect when the `passwd` command is executed, there are a few attributes to note. -On most Linux distributions, the `passwd` utility is installed at `/usr/bin/passwd`. Execution events include `exec`, `execve`, `fork`, and other system calls. In the CSM Threats environment, all of these events are identified by the `exec` symbol. +On most Linux distributions, the `passwd` utility is installed at `/usr/bin/passwd`. Execution events include `exec`, `execve`, `fork`, and other system calls. In the Workload Protection environment, all of these events are identified by the `exec` symbol. Putting it all together, the rule expression is `exec.file.path == "/usr/bin/passwd"`. -The `passwd` command rule is already present in the default CSM Threats Agent policy. However, Agent expressions can also be more advanced, and can define rules that match on process ancestors or use wildcards for broader detections. +The `passwd` command rule is already present in the default Workload Protection Agent policy. However, Agent expressions can also be more advanced, and can define rules that match on process ancestors or use wildcards for broader detections. #### Detect when a PHP or Nginx process launches Bash @@ -117,7 +117,7 @@ To detect when a PHP or Nginx process launches Bash, there are a few attributes On most Linux distributions, Bash is installed at `/usr/bin/bash`. As in the previous example, to detect execution, include `exec.file.path == "/usr/bin/bash"` in your rule. This ensures the rule is accounting for the execution of Bash, and also Bash as a child process of PHP or Nginx. -A process ancestor's filename in CSM Threats is an attribute with the symbol `process.ancestors.file.name`. To check if the ancestor is Nginx, add `process.ancestors.file.name == "nginx"`. Since PHP runs as multiple processes, use a wildcard to expand the rule to any process with the prefix `php`. To check if the ancestor is a PHP process, add `process.ancestors.file.name =~ "php*"`. +A process ancestor's filename in Workload Protection is an attribute with the symbol `process.ancestors.file.name`. To check if the ancestor is Nginx, add `process.ancestors.file.name == "nginx"`. Since PHP runs as multiple processes, use a wildcard to expand the rule to any process with the prefix `php`. To check if the ancestor is a PHP process, add `process.ancestors.file.name =~ "php*"`. Putting it all together, the rule expression is `exec.file.path == "/usr/bin/bash" && (process.ancestors.file.name == "nginx" || process.ancestors.file.name =~ "php*")`. diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index 9bb40fbd246b6..25c837cb0b917 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -3,19 +3,19 @@ title: Create Policies and Custom Rules further_reading: - link: "/security/threats/setup" tag: "Documentation" - text: "Setting Up CSM Threats" + text: "Setting Up Workload Protection" - link: "/security/threats/agent_expressions" tag: "Documentation" text: "Agent Expressions" - link: "security/threats/backend" tag: "Documentation" - text: "CSM Threats Events" + text: "Workload Protection Events" - link: "/security/notifications/variables/" tag: "Documentation" text: "Learn more about Security notification variables" --- -This topic explains how to create custom Datadog Agent policies and detection rules for [CSM Threats][8]. +This topic explains how to create custom Datadog Agent policies and detection rules for [Workload Protection][8]. In addition to the out of the box (OOTB) [default Agent and detection rules][7], you can write custom Agent and detection rules. Custom rules help to detect events Datadog is not detecting with its OOTB rules. @@ -92,7 +92,7 @@ There are two use cases: - **Create a detection rule using an existing Agent rule:** To create a threat detection rule that uses an existing Agent rule, you only need to create a threat detection rule that references the Agent rule and adds any additional expression parameters you need. - **Create a threat detection rule using a new Agent rule:** To detect an event that the current Agent rules do not support, you need to create a custom Agent rule to detect that event, and then create a custom threat detection rule that uses the custom Agent rule. -For more information, see [CSM Threats Detection Rules][7]. +For more information, see [Workload Protection Detection Rules][7]. You can create custom rules using these methods: @@ -229,7 +229,7 @@ After you upload the new default policy file to the Agent, navigate to the [**Th 1. In **Detection rule types**, select **Workload Security**. 2. Select a detection method such as **Threshold** or **New Value**. 3. **Define search queries:** - 1. Configure a new CSM Threats rule. A rule can have multiple rule cases combined with Boolean logic, for example `(||, &&)`. You can also set the counter, group by, and roll-up window. + 1. Configure a new Workload Protection rule. A rule can have multiple rule cases combined with Boolean logic, for example `(||, &&)`. You can also set the counter, group by, and roll-up window. {{< img src="security/cws/workload_security_rules/define_runtime_expression2.png" alt="Adding a rule to the search queries field" >}} diff --git a/content/en/serverless/aws_lambda/_index.md b/content/en/serverless/aws_lambda/_index.md index 9ca209721de7a..cc0b4c5cb9a60 100644 --- a/content/en/serverless/aws_lambda/_index.md +++ b/content/en/serverless/aws_lambda/_index.md @@ -86,7 +86,7 @@ Easily correlate serverless code, configuration, and deployment changes with met {{< whatsnext desc=" ">}} {{< nextlink href="/serverless/aws_lambda/profiling" >}}Continuous Profiler: Enable Datadog's Continuous Profiler to find the exact line of code in your Lambda function that is causing bottlenecks.{{< /nextlink >}} - {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use Application Security Management (ASM) to manage threats to your functions.{{< /nextlink >}} + {{< nextlink href="/serverless/aws_lambda/securing_functions" >}}Secure Functions: Use App and API Protection (AAP) to manage threats to your functions.{{< /nextlink >}} {{< nextlink href="/serverless/deployment_tracking" >}}Deployment Tracking: Track deployments to see when a new version of code or a configuration change causes a regression.{{< /nextlink >}} {{< /whatsnext >}} diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md index c32bb442c1a41..1a4593d0e9b31 100644 --- a/content/en/serverless/aws_lambda/configuration.md +++ b/content/en/serverless/aws_lambda/configuration.md @@ -57,13 +57,13 @@ To enable threat monitoring, add the following environment variables to your dep AWS_LAMBDA_EXEC_WRAPPER: /opt/datadog_wrapper ``` -Redeploy the function and invoke it. After a few minutes, it appears in [ASM views][3]. +Redeploy the function and invoke it. After a few minutes, it appears in [AAP views][3]. [3]: https://app.datadoghq.com/security/appsec?column=time&order=desc -To see Application Security Management threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: +To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send an HTTP header with value `acunetix-product` to trigger a [security scanner attack][44] attempt: ```sh - curl -H 'My-ASM-Test-Header: acunetix-product' https:/// + curl -H 'My-AAP-Test-Header: acunetix-product' https:/// ``` A few minutes after you enable your application and send the attack patterns, **threat information appears in the [Application Signals Explorer][41]**. diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/installation/dotnet.md index ce99e9c5c2b05..f075d3c8b6e73 100644 --- a/content/en/serverless/aws_lambda/installation/dotnet.md +++ b/content/en/serverless/aws_lambda/installation/dotnet.md @@ -305,7 +305,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/installation/go.md index 6cf84b71e522d..8772d28bc8a29 100644 --- a/content/en/serverless/aws_lambda/installation/go.md +++ b/content/en/serverless/aws_lambda/installation/go.md @@ -166,7 +166,7 @@ func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, er ## Minimize cold start duration Version 67+ of [the Datadog Extension][5] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/installation/java.md index 2ed5cede85033..a265d5d1fa907 100644 --- a/content/en/serverless/aws_lambda/installation/java.md +++ b/content/en/serverless/aws_lambda/installation/java.md @@ -372,7 +372,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][12] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/installation/nodejs.md index de0e54273478a..631709717c4fa 100644 --- a/content/en/serverless/aws_lambda/installation/nodejs.md +++ b/content/en/serverless/aws_lambda/installation/nodejs.md @@ -389,7 +389,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/installation/python.md index ac1a09ae0c11a..ea8d766fb0678 100644 --- a/content/en/serverless/aws_lambda/installation/python.md +++ b/content/en/serverless/aws_lambda/installation/python.md @@ -408,7 +408,7 @@ module "lambda-datadog" { ## Minimize cold start duration Version 67+ of [the Datadog Extension][7] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/installation/ruby.md index 0d872a443ebd7..adbba9a443096 100644 --- a/content/en/serverless/aws_lambda/installation/ruby.md +++ b/content/en/serverless/aws_lambda/installation/ruby.md @@ -333,7 +333,7 @@ To install and configure the Datadog Serverless Plugin, follow these steps: ## Minimize cold start duration Version 67+ of [the Datadog Extension][10] is optimized to significantly reduce cold start duration. -To use the optimized extension, disable Application Security Management (ASM), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: +To use the optimized extension, disable App and API Protection (AAP), Continuous Profiler for Lambda, and OpenTelemetry based tracing. Set the following environment variables to `false`: - `DD_TRACE_OTEL_ENABLED` - `DD_PROFILING_ENABLED` diff --git a/content/en/serverless/aws_lambda/securing_functions.md b/content/en/serverless/aws_lambda/securing_functions.md index 8a7bae7a2cd73..19489e8c2ea25 100644 --- a/content/en/serverless/aws_lambda/securing_functions.md +++ b/content/en/serverless/aws_lambda/securing_functions.md @@ -3,19 +3,19 @@ title: Securing Functions further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Application Security Management" + text: "App and API Protection" - link: "/security/application_security/how-appsec-works" tag: "Documentation" text: "How Application Security Works" --- -[Datadog Application Security Management (ASM)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. +[Datadog App and API Protection (AAP)][2] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, and into bad actors targeting your systems. -ASM secures functions written in Python, Node, Go, Java, and .NET. Because ASM is built on top of Serverless APM, you can set it up by adding an environment variable. +AAP secures functions written in Python, Node, Go, Java, and .NET. Because AAP is built on top of Serverless APM, you can set it up by adding an environment variable. -ASM supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. +AAP supports over 130 event rules across major threats such as injection attacks, cross-site scripting, security scanner, local file inclusion, and more. -You can [get started managing threats to your functions with ASM][3] today. +You can [get started managing threats to your functions with AAP][3] today. ## Further reading diff --git a/content/en/serverless/azure_app_services/azure_app_services_windows.md b/content/en/serverless/azure_app_services/azure_app_services_windows.md index 716db99f624d6..fbb18b32caabe 100644 --- a/content/en/serverless/azure_app_services/azure_app_services_windows.md +++ b/content/en/serverless/azure_app_services/azure_app_services_windows.md @@ -267,7 +267,7 @@ Datadog's Azure App Service Node.js extension supports Azure App Service Web App - `DD_ENV`: Your environment name - `DD_SERVICE`: Your service name (defaults to your Web App name) - `DD_RUNTIME_METRICS_ENABLED`: `true` to enable runtime metrics - - `DD_APPSEC_ENABLED`: `true` to enable [Application Security Management][11] + - `DD_APPSEC_ENABLED`: `true` to enable [App and API Protection][11] See the full list of [optional configuration settings][5]. 6. Select **Save**. This restarts your application. diff --git a/content/en/serverless/guide/serverless_warnings.md b/content/en/serverless/guide/serverless_warnings.md index d50fcc33dc74f..148f6a5de544d 100644 --- a/content/en/serverless/guide/serverless_warnings.md +++ b/content/en/serverless/guide/serverless_warnings.md @@ -100,7 +100,7 @@ No invocation in the selected time range used more than 10% of the allocated mem Attack attempts were detected targeting the serverless application. -**Resolution:** Investigate the attack attempts in ASM by clicking the **Security Signals** button to determine how to respond. If immediate action is needed, you can block the attacking IP in your WAF through the [Workflows integration][11]. +**Resolution:** Investigate the attack attempts in AAP by clicking the **Security Signals** button to determine how to respond. If immediate action is needed, you can block the attacking IP in your WAF through the [Workflows integration][11]. ### Under provisioned diff --git a/content/en/service_management/incident_management/declare.md b/content/en/service_management/incident_management/declare.md index e90f9f71a2efb..240a1ac5fb714 100644 --- a/content/en/service_management/incident_management/declare.md +++ b/content/en/service_management/incident_management/declare.md @@ -29,10 +29,10 @@ Incidents created from a monitor will inherit [field values][10] from the monito ## From a Security Signal -Declare an incident directly from a Cloud SIEM or Cloud Security Management Threats signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. +Declare an incident directly from a Cloud SIEM or Workload Protection signal side panel, by clicking **Declare incident** or **Escalate Investigation**. For more information, see [Investigate Security Signals][3] for Cloud Security Management. -Declare an incident from an Application Security Management signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. -For more information, see [Investigate Security Signals][4] for Application Security Management. +Declare an incident from an App and API Protection signal through the actions listed in the signal side panel. Click **Show all actions** and click **Declare Incident**. +For more information, see [Investigate Security Signals][4] for App and API Protection. {{< img src="/service_management/incidents/declare/declare_asm.png" alt="Your image description" style="width:90%;" >}} diff --git a/content/en/software_catalog/endpoints/_index.md b/content/en/software_catalog/endpoints/_index.md index 9afe227c21d2f..8fbb80b69d97f 100644 --- a/content/en/software_catalog/endpoints/_index.md +++ b/content/en/software_catalog/endpoints/_index.md @@ -12,7 +12,7 @@ further_reading: text: "Synthetic API Tests" - link: "/security/application_security/how-appsec-works/#api-security" tag: "Documentation" - text: "ASM API Security" + text: "AAP API Security" - link: "https://www.datadoghq.com/blog/primary-risks-to-api-security/" tag: "Blog" text: "Mitigate the primary risks to API security" diff --git a/content/en/software_catalog/navigating.md b/content/en/software_catalog/navigating.md index 54ac70b299655..c8d05ebedf989 100644 --- a/content/en/software_catalog/navigating.md +++ b/content/en/software_catalog/navigating.md @@ -88,7 +88,7 @@ The **Security tab** provides several ways to assess and improve the security po - Are receiving the most attack attempts. - Are targeted by the most attackers. - Have the most severe threats, where the services are impacted by the attacks. -- Are monitored and protected by [Application Security Management][8] +- Are monitored and protected by [App and API Protection][8] To access additional details describing security vulnerabilities and signals, click on the service row to open a detailed side panel. Alternatively, click on the pop-over **View Service Details** button, which opens the service page, and in turn, its security tab. diff --git a/content/en/software_catalog/use_cases/_index.md b/content/en/software_catalog/use_cases/_index.md index 7e95dfb2e1ca8..843e6ac2d90d8 100644 --- a/content/en/software_catalog/use_cases/_index.md +++ b/content/en/software_catalog/use_cases/_index.md @@ -12,7 +12,7 @@ Learn how teams use Datadog Software Catalog to centralize knowledge, streamline {{< whatsnext desc=" " >}} {{< nextlink href="/software_catalog/use_cases/api_management/" >}}API Management{{< /nextlink >}} {{< nextlink href="/software_catalog/use_cases/cloud_cost_management" >}}Cloud Cost Management{{< /nextlink >}} - {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}Application Security Management{{< /nextlink >}} + {{< nextlink href="/tracing/software_catalog/use_cases/appsec_management" >}}App and API Protection{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dev_onboarding" >}}Developer Onboarding{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/dependency_management" >}}Dependency Management{{< /nextlink >}} {{< nextlink href="/tracing/software_catalog/use_cases/production_readiness" >}}Production Readiness{{< /nextlink >}} diff --git a/content/en/software_catalog/use_cases/appsec_management.md b/content/en/software_catalog/use_cases/appsec_management.md index 3adc8eb98c20f..eb1ad9cb0ee64 100644 --- a/content/en/software_catalog/use_cases/appsec_management.md +++ b/content/en/software_catalog/use_cases/appsec_management.md @@ -12,7 +12,7 @@ aliases: further_reading: - link: "/security/application_security/" tag: "Documentation" - text: "Datadog Application Security Management" + text: "Datadog App and API Protection" --- The Software Catalog enables organizations to seamlessly incorporate security into every development stage, ensuring a strong security posture across teams, applications, and systems. diff --git a/content/en/tracing/configure_data_security/_index.md b/content/en/tracing/configure_data_security/_index.md index 48f58d644eecb..81c8d2d925428 100644 --- a/content/en/tracing/configure_data_security/_index.md +++ b/content/en/tracing/configure_data_security/_index.md @@ -226,7 +226,7 @@ The table below describes the default behavior of each language tracing library {{% /tabs %}} -If you use Datadog Application Security Management (ASM), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog ASM automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog ASM [data privacy][13] documentation. +If you use Datadog App and API Protection (AAP), the tracing libraries collect HTTP request data to help you understand the nature of a security trace. Datadog AAP automatically redacts certain data, and you can configure your own detection rules. Learn more about these defaults and configuration options in the Datadog AAP [data privacy][13] documentation. ## Agent diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md index aa7972ce7000d..87be59e1f768b 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/go.md @@ -66,7 +66,7 @@ Refer to the instructions in the section corresponding to your preference below: - Comprehensive tracing coverage: - Instruments your code and all dependencies, including the Go standard library - Instruments your code during compilation, preventing gaps in tracing coverage due to overlooked manual instrumentation -- Exclusive [Application Security Management][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). +- Exclusive [App and API Protection][7] **Exploit Prevention** feature. [Exploit Prevention][15] is a Runtime Application Self-Protection (RASP) implementation and includes RASP methods such as Local File Inclusion (LFI). ### Requirements diff --git a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md index a03a75b2e74c6..64163091bbcff 100644 --- a/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md +++ b/content/en/tracing/trace_collection/automatic_instrumentation/dd_libraries/php.md @@ -56,13 +56,13 @@ apk add libgcc Run the installer: ```shell -# Full installation: APM + ASM + Profiling +# Full installation: APM + AAP + Profiling php datadog-setup.php --php-bin=all --enable-appsec --enable-profiling # APM only php datadog-setup.php --php-bin=all -# APM + ASM +# APM + AAP php datadog-setup.php --php-bin=all --enable-appsec # APM + Profiling diff --git a/content/en/tracing/trace_collection/compatibility/nodejs.md b/content/en/tracing/trace_collection/compatibility/nodejs.md index c4b07ebb68b71..765678681b5fc 100644 --- a/content/en/tracing/trace_collection/compatibility/nodejs.md +++ b/content/en/tracing/trace_collection/compatibility/nodejs.md @@ -49,7 +49,7 @@ For more information about Node.js release, see the [official Node.js documentat ### Operating system support -The following operating systems are officially supported by `dd-trace`. Any operating system not listed is still likely to work, but with some features missing, for example ASM, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported. +The following operating systems are officially supported by `dd-trace`. Any operating system not listed is still likely to work, but with some features missing, for example AAP, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported. | dd-trace Version | Operating System | Architectures | Minimum Versions | | ------------------- | --------------------- | --------------------- | ---------------------------------------- | diff --git a/content/en/tracing/trace_collection/library_config/java.md b/content/en/tracing/trace_collection/library_config/java.md index 20a6beb550507..af44fb44852ae 100644 --- a/content/en/tracing/trace_collection/library_config/java.md +++ b/content/en/tracing/trace_collection/library_config/java.md @@ -293,13 +293,13 @@ When set to `true` db spans get assigned the instance name as the service name **Default**: `false`
When set to `true` db spans get assigned the remote database hostname as the service name -### ASM +### AAP `dd.appsec.enabled` : **Environment Variable**: `DD_APPSEC_ENABLED`
**Default**: `false`
When `true`, enables Datadog Application Security Monitoring. Additionally, this automatically enables client IP collection (`dd.trace.client-ip.enabled`).
-For more information, see [Enabling ASM for Java][19]. +For more information, see [Enabling AAP for Java][19]. ### Errors diff --git a/content/en/tracing/trace_collection/library_config/nodejs.md b/content/en/tracing/trace_collection/library_config/nodejs.md index 88a8fa111fa79..8bd06b56b279a 100644 --- a/content/en/tracing/trace_collection/library_config/nodejs.md +++ b/content/en/tracing/trace_collection/library_config/nodejs.md @@ -213,12 +213,12 @@ The port of the DogStatsD Agent that metrics are submitted to. If the [Agent con **Default**: 5
Remote configuration polling interval in seconds. -### ASM +### AAP `DD_APPSEC_ENABLED` : **Configuration**: `appsec.enabled`
**Default**: `false`
-Enable Application Security Management features. +Enable App and API Protection features. `DD_APPSEC_RULES` : **Configuration**: `appsec.rules`
diff --git a/content/en/tracing/trace_collection/library_config/php.md b/content/en/tracing/trace_collection/library_config/php.md index 589bdd4981a1f..b707f342ddeaf 100644 --- a/content/en/tracing/trace_collection/library_config/php.md +++ b/content/en/tracing/trace_collection/library_config/php.md @@ -322,7 +322,7 @@ Enables IP collection client side. Added in version `0.84.0`. `DD_TRACE_CLIENT_IP_HEADER` : **INI**: `datadog.trace.client_ip_header`
**Default**: `null`
-The IP header to be used for client IP collection, for example: `x-forwarded-for`. Added in version `0.84.0` (`0.76.0` when using ASM). +The IP header to be used for client IP collection, for example: `x-forwarded-for`. Added in version `0.84.0` (`0.76.0` when using AAP). `DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP` : **INI**: `datadog.trace.obfuscation_query_string_regexp`
diff --git a/content/en/tracing/trace_explorer/trace_view.md b/content/en/tracing/trace_explorer/trace_view.md index 5f24ae7dbbc87..ab2c24ee7eea5 100644 --- a/content/en/tracing/trace_explorer/trace_view.md +++ b/content/en/tracing/trace_explorer/trace_view.md @@ -228,7 +228,7 @@ Click on a service's span to see network dependencies of the service making the See attack attempts that target the services of the distributed trace. You can see the pattern used by the attacker, the rule that detects the attack, and whether the attacker found a vulnerability in your service. -Click **View in ASM** to investigate further using [Datadog Application Security Management][1]. +Click **View in AAP** to investigate further using [Datadog App and API Protection][1]. {{< img src="tracing/trace_view/security_tab.png" alt="Security tab" style="width:90%;">}} diff --git a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md index ab9b6dfc2ec24..4ecc49e76795f 100644 --- a/content/en/tracing/trace_pipeline/ingestion_mechanisms.md +++ b/content/en/tracing/trace_pipeline/ingestion_mechanisms.md @@ -849,7 +849,7 @@ Some additional ingestion reasons are attributed to spans that are generated by | Product | Ingestion Reason | Ingestion Mechanism Description | |------------|-------------------------------------|---------------------------------| | Serverless | `lambda` and `xray` | Your traces received from the [Serverless applications][14] traced with Datadog Tracing Libraries or the AWS X-Ray integration. | -| Application Security Management | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [ASM][15] as a threat. | +| App and API Protection | `appsec` | Traces ingested from Datadog tracing libraries and flagged by [AAP][15] as a threat. | | Data Jobs Monitoring | `data_jobs` | Traces ingested from the Datadog Java Tracer Spark integration or the Databricks integration. | ## Ingestion mechanisms in OpenTelemetry diff --git a/content/en/tracing/trace_pipeline/trace_retention.md b/content/en/tracing/trace_pipeline/trace_retention.md index 83065a91e4c3a..65fe0432d4cb2 100644 --- a/content/en/tracing/trace_pipeline/trace_retention.md +++ b/content/en/tracing/trace_pipeline/trace_retention.md @@ -77,7 +77,7 @@ There are two types of retention filters: The following retention filters are enabled by default: - The `Error Default` retention filter indexes error spans with `status:error`. The retention rate and the query are configurable. For example, to capture production errors, set the query to `status:error, env:production`. Disable the retention filter if you do not want to capture the errors by default. -- The `Application Security Monitoring Default` retention filter is enabled if you are using [Application Security Management][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). +- The `Application Security Monitoring Default` retention filter is enabled if you are using [App and API Protection][16]. It ensures the retention of all spans in traces that have been identified as having an application security impact (an attack attempt). - The `Synthetics Default` retention filter is enabled if you are using Synthetic Monitoring. It ensures that traces generated from synthetic API and browser tests remain available by default. See [Synthetic APM][15] for more information, including how to correlate traces with synthetic tests. - The `Dynamic Instrumentation Default` retention filter is enabled if you are using [Dynamic Instrumentation][17]. It ensures spans created dynamically with Dynamic instrumentation remain available in the long term by default. diff --git a/layouts/shortcodes/appsec-getstarted-2-canary.en.md b/layouts/shortcodes/appsec-getstarted-2-canary.en.md index 069a4fd0087c9..d18c7d6a4d2d3 100644 --- a/layouts/shortcodes/appsec-getstarted-2-canary.en.md +++ b/layouts/shortcodes/appsec-getstarted-2-canary.en.md @@ -1,6 +1,6 @@ The library collects security data from your application and sends it to the Agent, which sends it to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -3. **To see Application Security Management threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +3. **To see App and API Protection threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A dd-test-scanner-log;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A dd-test-scanner-log;
done
diff --git a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md index fc52fe61c0da4..fd9c3b9f8a2cd 100644 --- a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md +++ b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md @@ -1,6 +1,6 @@ After this configuration is complete, the library collects security data from your application and sends it to the Agent. The Agent sends the data to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -1. To see Application Security Management threat detection in action, send known attack patterns to your application. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +1. To see App and API Protection threat detection in action, send known attack patterns to your application. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A dd-test-scanner-log;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A dd-test-scanner-log;
done
diff --git a/layouts/shortcodes/appsec-getstarted-2.en.md b/layouts/shortcodes/appsec-getstarted-2.en.md index 30a4d52c2e511..eaa5175c8b0ed 100644 --- a/layouts/shortcodes/appsec-getstarted-2.en.md +++ b/layouts/shortcodes/appsec-getstarted-2.en.md @@ -1,6 +1,6 @@ The library collects security data from your application and sends it to the Agent, which sends it to Datadog, where [out-of-the-box detection rules][202] flag attacker techniques and potential misconfigurations so you can take steps to remediate. -1. **To see Application Security Management threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: +1. **To see App and API Protection threat detection in action, send known attack patterns to your application**. For example, trigger the [Security Scanner Detected][203] rule by running a file that contains the following curl script: 
for ((i=1;i<=250;i++)); 
do
# Target existing service’s routes
curl https://your-application-url/existing-route -A Arachni/v1.0;
# Target non existing service’s routes
curl https://your-application-url/non-existing-route -A Arachni/v1.0;
done
diff --git a/layouts/shortcodes/appsec-getstarted-with-rc.en.md b/layouts/shortcodes/appsec-getstarted-with-rc.en.md index 0852fcd5240bf..27faaef4d41f2 100644 --- a/layouts/shortcodes/appsec-getstarted-with-rc.en.md +++ b/layouts/shortcodes/appsec-getstarted-with-rc.en.md @@ -1,2 +1,2 @@
1-Click Enablement
-If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the ASM Status column and click Enable ASM. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.

+If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the AAP Status column and click Enable AAP. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.

diff --git a/layouts/shortcodes/appsec-getstarted.en.md b/layouts/shortcodes/appsec-getstarted.en.md index 86d44ea225d25..e416d1af4d9a4 100644 --- a/layouts/shortcodes/appsec-getstarted.en.md +++ b/layouts/shortcodes/appsec-getstarted.en.md @@ -2,7 +2,7 @@ ## Prerequisites
1-Click Enablement
-If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the ASM Status column and click Enable ASM. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags.
+If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, hover over the Not Enabled indicator in the AAP Status column and click Enable AAP. There's no need to re-launch the service with the DD_APPSEC_ENABLED=true or --enable-appsec flags. - The [Datadog Agent][101] is installed and configured for your application's operating system or container, cloud, or virtual environment. - [Datadog APM][103] is configured for your application or service, and traces are being received by Datadog. diff --git a/layouts/shortcodes/asm-libraries-capabilities.en.md b/layouts/shortcodes/asm-libraries-capabilities.en.md index d0ab5e6a0f415..e9ab465e776a9 100644 --- a/layouts/shortcodes/asm-libraries-capabilities.en.md +++ b/layouts/shortcodes/asm-libraries-capabilities.en.md @@ -1,7 +1,7 @@ -The following ASM capabilities are supported relative to each language's tracing library: +The following AAP capabilities are supported relative to each language's tracing library: -| ASM capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | +| AAP capability | Java | .NET | Node.js | Python | Go | Ruby | PHP | |----------------------------------------|---------|----------|--------------------------------------------------|---------------|-----------------|---------------|---------------| | Threat Detection | 1.8.0 | 2.23.0 | 4.0.0 | 1.9.0 | 1.47.0 | 1.9.0 | 0.84.0 | | API Security | 1.31.0 | 2.42.0 | 4.30.0 for Node.js 16+, or 5.6.0 for Node.js 18+ | 2.6.0 | 1.59.0 | 1.15.0 | 0.98.0 | diff --git a/layouts/shortcodes/asm-protect.en.md b/layouts/shortcodes/asm-protect.en.md index 0221008879290..d746555444f0f 100644 --- a/layouts/shortcodes/asm-protect.en.md +++ b/layouts/shortcodes/asm-protect.en.md @@ -1,11 +1,11 @@ If your service is running [an Agent with Remote Configuration enabled and a tracing library version that supports it][108], you can block attacks and attackers from the Datadog UI without additional configuration of the Agent or tracing libraries. -ASM Protect goes beyond Threat Detection and enables you to take blocking action to slow down attacks and attackers. Unlike perimeter WAFs that apply a broad range of rules to inspect traffic, ASM uses the full context of your application---its databases, frameworks, and programming language---to narrowly apply the most efficient set of inspection rules. +AAP Protect goes beyond Threat Detection and enables you to take blocking action to slow down attacks and attackers. Unlike perimeter WAFs that apply a broad range of rules to inspect traffic, AAP uses the full context of your application---its databases, frameworks, and programming language---to narrowly apply the most efficient set of inspection rules. -ASM leverages the same [tracing libraries][107] as Application Performance Monitoring (APM) to protect your applications against: +AAP leverages the same [tracing libraries][107] as Application Performance Monitoring (APM) to protect your applications against: -- **Attacks**: ASM's In-App WAF inspects all incoming traffic and uses pattern-matching to detect and block malicious traffic (security traces). +- **Attacks**: AAP's In-App WAF inspects all incoming traffic and uses pattern-matching to detect and block malicious traffic (security traces). - **Attackers**: IP addresses and authenticated users that are launching attacks against your applications are detected from the insights collected by the libraries and flagged in Security Signals. Security traces are blocked in real time by the Datadog tracing libraries. Blocks are saved in Datadog, automatically and securely fetched by the Datadog Agent, deployed in your infrastructure, and applied to your services. For details, read [How Remote Configuration Works][108]. diff --git a/layouts/shortcodes/audit-trail-asm.en.md b/layouts/shortcodes/audit-trail-asm.en.md index 6560350495fba..5a087c623a483 100644 --- a/layouts/shortcodes/audit-trail-asm.en.md +++ b/layouts/shortcodes/audit-trail-asm.en.md @@ -1,7 +1,7 @@ | Name | Description of audit event | Query in audit explorer | |------------------------------|---------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| -| [One-click Activation][1001] | A user activated or de-activated ASM on a service. | `@evt.name:"Application Security" @asset.type:compatible_services` | -| [Protection][1002] | A user enabled or disabled the ASM protection. | `@evt.name:"Application Security" @asset.type:blocking_configuration` | +| [One-click Activation][1001] | A user activated or de-activated AAP on a service. | `@evt.name:"Application Security" @asset.type:compatible_services` | +| [Protection][1002] | A user enabled or disabled the AAP protection. | `@evt.name:"Application Security" @asset.type:blocking_configuration` | | [Denylist][1003] | A user blocked, unblocked, or extended the blocking duration of an IP address or a user ID. | `@evt.name:"Application Security" @asset.type:ip_user_denylist` | | [Passlist][1004] | A user added, modified, or deleted an entry to the passlist. | `@evt.name:"Application Security" @asset.type:passlist_entry` | | [In-App WAF Policy][1005] | A user created, modified, or deleted an In-App WAF policy. | `@evt.name:"Application Security" @asset.type:policy_entry` | diff --git a/layouts/shortcodes/csm-fargate-eks-sidecar.en.md b/layouts/shortcodes/csm-fargate-eks-sidecar.en.md index a209e359103e3..65e5af236af30 100644 --- a/layouts/shortcodes/csm-fargate-eks-sidecar.en.md +++ b/layouts/shortcodes/csm-fargate-eks-sidecar.en.md @@ -1,4 +1,4 @@ -The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with CSM Threats enabled: +The following manifest represents the minimum configuration required to deploy your application with the Datadog Agent as a sidecar with Workload Protection enabled: ```yaml apiVersion: apps/v1 diff --git a/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md b/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md index 6fee4fd3573ee..34de6fb434a02 100644 --- a/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md +++ b/layouts/shortcodes/csm-prereqs-enterprise-ws.en.md @@ -1,5 +1,5 @@ * Datadog Agent 7.44 or later. -* Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. CSM Threats supports the following Linux distributions: +* Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. Workload Protection supports the following Linux distributions: * Ubuntu LTS (18.04, 20.04, and 22.04) * Debian 10 or later * Amazon Linux 2 (kernels 4.15, 5.4, and 5.10) and 2023 diff --git a/layouts/shortcodes/csm-prereqs-workload-security.en.md b/layouts/shortcodes/csm-prereqs-workload-security.en.md index 1168edcd19f9b..7fa0eef4b3ab7 100644 --- a/layouts/shortcodes/csm-prereqs-workload-security.en.md +++ b/layouts/shortcodes/csm-prereqs-workload-security.en.md @@ -1,6 +1,6 @@ Datadog Agent `7.46` or later installed on your hosts or containers. -CSM Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distribution | Supported Versions | | ---------------------------------- | ------------------------------------------------- | | Ubuntu LTS | 18.04, 20.04, 22.04 | @@ -13,7 +13,7 @@ CSM Threats supports the following Linux distributions: **Notes**: -* [CSM Threats on Windows is available in beta][103]. +* [Workload Protection on Windows is available in beta][103]. * Custom kernel builds are not supported. * Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. * For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting page][102]. diff --git a/layouts/shortcodes/csm-prereqs.en.md b/layouts/shortcodes/csm-prereqs.en.md index e52203a0236c3..72cddfef03565 100644 --- a/layouts/shortcodes/csm-prereqs.en.md +++ b/layouts/shortcodes/csm-prereqs.en.md @@ -1,7 +1,7 @@ -### CSM Threats +### Workload Protection -CSM Threats supports the following Linux distributions: +Workload Protection supports the following Linux distributions: | Linux Distributions | Supported Versions | | ---------------------------| --------------------------------------| diff --git a/layouts/shortcodes/product-availability.html b/layouts/shortcodes/product-availability.html index 18a90b4a5c9a2..ee15bd154a6f0 100644 --- a/layouts/shortcodes/product-availability.html +++ b/layouts/shortcodes/product-availability.html @@ -15,7 +15,7 @@ - name: Cloud SIEM url: /security/cloud_siem/ icon: siem - - name: CSM Threats + - name: Workload Protection url: /security/threats/ icon: cloud-security-management */}} From 3dd58547a41be417b7e6a1c687c0d30cb3606e59 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 12:23:17 -0600 Subject: [PATCH 10/28] Hand-edit instances of similar terminology --- content/en/metrics/summary.md | 2 +- .../en/opentelemetry/agent/install_agent_with_collector.md | 4 ++-- content/en/opentelemetry/agent/migration.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/metrics/summary.md b/content/en/metrics/summary.md index f311bcaa2e6ca..c9ac5492ff557 100644 --- a/content/en/metrics/summary.md +++ b/content/en/metrics/summary.md @@ -203,7 +203,7 @@ This table shows the mapping between the metric origin as seen in the facet and | API Catalog | Timeseries sent by the Datadog [Software Catalog][13] product from the APIM Endpoint. | APM | Timeseries sent by the Datadog APM product for metrics generated from traces and span metrics. | Agent | Timeseries sent by the Datadog Agent, collected from [Agent integrations][10], [built-in integrations][9], [DogStatsD][32], or [custom Agent checks][33]. -| CSM | Timeseries sent by the Datadog [Cloud Security Monitoring][14] product. +| CSM | Timeseries sent by the Datadog [Cloud Security][14] product. | Cloud Integrations | Timeseries collected from cloud providers like AWS, Azure, and Google Cloud etc. from their respective integrations. | DBM | Timeseries sent by the Datadog [Database Monitoring][15] product, including insights into MySQL, Oracle, and Postgres activities/queries/locks. | DSM | Timeseries sent by the Datadog [Data Streams Monitoring][16] product, for metrics generated from the DSM spans and traces. diff --git a/content/en/opentelemetry/agent/install_agent_with_collector.md b/content/en/opentelemetry/agent/install_agent_with_collector.md index 831f84dd8cae2..9ee7c15b777b5 100644 --- a/content/en/opentelemetry/agent/install_agent_with_collector.md +++ b/content/en/opentelemetry/agent/install_agent_with_collector.md @@ -164,7 +164,7 @@ To explicitly override the default ports, use `features.otelCollector.ports` par 4. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-agent.yaml" collapsible="true" >}} # Enable Features @@ -312,7 +312,7 @@ If you don't want to expose the port, you can use the Agent service instead: 5. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-values.yaml" collapsible="true" >}} datadog: diff --git a/content/en/opentelemetry/agent/migration.md b/content/en/opentelemetry/agent/migration.md index dff600b177f65..8cb0f70d375a5 100644 --- a/content/en/opentelemetry/agent/migration.md +++ b/content/en/opentelemetry/agent/migration.md @@ -228,7 +228,7 @@ datadog: ``` 1. (Optional) Enable additional Datadog features: -
Enabling these features may incur additional charges. Review the pricing page and talk to your CSM before proceeding.
+
Enabling these features may incur additional charges. Review the pricing page and talk to your Customer Success Manager before proceeding.
{{< code-block lang="yaml" filename="datadog-values.yaml" collapsible="true" >}} datadog: ... From 8d2303b7f5b5aebdf6678c88e690bbcaee97ce8c Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 12:31:59 -0600 Subject: [PATCH 11/28] Replace instances of CSM --- .../billing/product_allotments.md | 2 +- content/en/datadog_cloudcraft/_index.md | 6 ++--- content/en/getting_started/_index.md | 2 +- .../en/getting_started/devsecops/_index.md | 8 +++--- .../en/getting_started/integrations/aws.md | 2 +- .../integrations/google_cloud.md | 2 +- .../security/cloud_security_management.md | 16 ++++++------ .../containers/container_images.md | 6 ++--- .../infrastructure/resource_catalog/_index.md | 2 +- .../infrastructure/resource_catalog/schema.md | 4 +-- .../guide/aws-organizations-setup.md | 4 +-- .../azure-architecture-and-configuration.md | 2 +- content/en/integrations/guide/azure-portal.md | 2 +- content/en/metrics/summary.md | 2 +- content/en/security/_index.md | 4 +-- .../cloud_security_management/_index.md | 12 ++++----- .../cloud_security_management/guide/_index.md | 4 +-- .../guide/active-protection.md | 2 +- .../guide/eBPF-free-agent.md | 2 +- .../guide/public-accessibility-logic.md | 2 +- .../guide/related-logs.md | 2 +- .../guide/resource_evaluation_filters.md | 2 +- .../guide/writing_rego_rules.md | 2 +- .../cloud_security_management/iac_scanning.md | 2 +- .../identity_risks/_index.md | 10 +++---- .../misconfigurations/_index.md | 20 +++++++------- .../misconfigurations/compliance_rules.md | 8 +++--- .../misconfigurations/custom_rules.md | 4 +-- .../misconfigurations/findings/_index.md | 6 ++--- .../findings/export_misconfigurations.md | 2 +- .../frameworks_and_benchmarks/_index.md | 10 +++---- .../custom_frameworks.md | 6 ++--- .../supported_frameworks.md | 8 +++--- .../misconfigurations/kspm.md | 10 +++---- .../review_remediate/jira.md | 14 +++++----- .../review_remediate/mute_issues.md | 6 ++--- .../review_remediate/workflows.md | 4 +-- .../cloud_security_management/setup/_index.md | 16 ++++++------ .../setup/agentless_scanning/_index.md | 4 +-- .../setup/cloud_integrations.md | 2 +- .../setup/cloudtrail_logs.md | 2 +- .../setup/iac_remediation.md | 8 +++--- .../setup/iac_scanning/_index.md | 8 +++--- .../setup/supported_deployment_types.md | 10 +++---- .../without_infrastructure_monitoring.md | 20 +++++++------- .../severity_scoring.md | 16 ++++++------ .../troubleshooting/threats.md | 8 +++--- .../troubleshooting/vulnerabilities.md | 4 +-- .../vulnerabilities/_index.md | 26 +++++++++---------- .../hosts_containers_compatibility.md | 2 +- .../cloud_siem/entities_and_risk_scoring.md | 4 +-- content/en/security/detection_rules/_index.md | 10 +++---- .../guide/aws_fargate_config_guide.md | 10 +++---- content/en/security/security_inbox.md | 4 +-- content/en/security/threats/_index.md | 2 +- .../en/security/threats/security_signals.md | 2 +- .../workload_security_rules/custom_rules.md | 2 +- .../upcoming_changes_notification_rules.md | 16 ++++++------ .../shortcodes/csm-agentless-prereqs.en.md | 2 +- layouts/shortcodes/csm-prereqs-pro.en.md | 4 +-- layouts/shortcodes/csm-prereqs.en.md | 12 ++++----- layouts/shortcodes/csm-setup-aws.en.md | 4 +-- layouts/shortcodes/csm-setup-azure.en.md | 4 +-- .../shortcodes/csm-setup-google-cloud.en.md | 4 +-- layouts/shortcodes/csm-windows-setup.en.md | 16 ++++++------ 65 files changed, 212 insertions(+), 212 deletions(-) diff --git a/content/en/account_management/billing/product_allotments.md b/content/en/account_management/billing/product_allotments.md index 018bd36953dea..4bc0a47b4a908 100644 --- a/content/en/account_management/billing/product_allotments.md +++ b/content/en/account_management/billing/product_allotments.md @@ -139,7 +139,7 @@ Additionally, the organization has a monthly commitment of 0.3 GB of Ingested Sp | Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps, Serverless Invocations, Serverless Functions | Average | Average | | Ingested Custom Metrics | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts, Internet of Things (IoT), Serverless Workload Monitoring - Functions, Serverless Workload Monitoring - Apps | Average | Average | | Custom Events | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | Sum | Sum | -| CSM Enterprise Containers | Cloud Security | N/A | Sum | +| Cloud Security Enterprise Containers | Cloud Security | N/A | Sum | | CWS Containers | Cloud Workload Security (CWS) | N/A | Sum | | Infrastructure Containers | Infrastructure Pro Hosts, Infrastructure Pro Plus Hosts, Infrastructure Enterprise Hosts | N/A | Sum | | Profiled Containers | APM Enterprise, Continuous Profiler | N/A | Sum | diff --git a/content/en/datadog_cloudcraft/_index.md b/content/en/datadog_cloudcraft/_index.md index cf8e241aba0f1..12a0a12ddde86 100644 --- a/content/en/datadog_cloudcraft/_index.md +++ b/content/en/datadog_cloudcraft/_index.md @@ -32,7 +32,7 @@ Cloudcraft's core functionality is its ability to generate detailed architecture - [Resource collection][2] must be enabled for your AWS accounts. - For the best experience, Datadog strongly recommends using the AWS-managed [`SecurityAudit`][5] policy, or the more permissive [`ReadOnlyAccess`][6] policy. -- To view security misconfigurations on the [Security findings overlay](#security-findings), [CSM][3] must be enabled. +- To view security misconfigurations on the [Security findings overlay](#security-findings), [Cloud Security][3] must be enabled. **Note**: Cloudcraft adapts to restrictive permissions by excluding inaccessible resources. For example, if you opt to not grant permission to list S3 buckets, the diagram will simply exclude those buckets. If permissions block certain resources, an alert is displayed in the UI. @@ -125,7 +125,7 @@ Cloudcraft supports overlays that integrate various data sources and display the ### Security findings -The security findings overlay in Cloudcraft provides an overlay from CSM misconfigurations, allowing you to quickly identify CSM findings. This allows you to: +The security findings overlay in Cloudcraft provides an overlay from Cloud Security misconfigurations, allowing you to quickly identify Cloud Security findings. This allows you to: - Identify security issues in infrastructure diagrams. - View misconfigurations in context to analyze their impact and prioritize remediation. @@ -133,7 +133,7 @@ The security findings overlay in Cloudcraft provides an overlay from CSM misconf By default, the security overlay shows Critical, High, and Medium misconfigurations, but can be filtered at the bottom of the screen: -{{< img src="datadog_cloudcraft/csm_misconfigurations.png" alt="Screenshot of the CSM Misconfigurations hover in the Cloudcraft overlay section" width="50%" >}} +{{< img src="datadog_cloudcraft/csm_misconfigurations.png" alt="Screenshot of the Cloud Security Misconfigurations hover in the Cloudcraft overlay section" width="50%" >}} ### Agent Overlay diff --git a/content/en/getting_started/_index.md b/content/en/getting_started/_index.md index c1402f79d23f3..aa79efc238e95 100644 --- a/content/en/getting_started/_index.md +++ b/content/en/getting_started/_index.md @@ -121,7 +121,7 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course] {{< nextlink href="/getting_started/continuous_testing" >}}Continuous Testing: Run end-to-end Synthetic tests in your CI pipelines and IDEs.{{< /nextlink >}} {{< nextlink href="/getting_started/session_replay" >}}Session Replay: Get an in-depth look at how users are interacting with your product with Session Replays.{{< /nextlink >}} {{< nextlink href="/getting_started/application_security" >}}Application Security Management: Discover best practices for getting your team up and running with ASM.{{< /nextlink >}} -{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security: Discover best practices for getting your team up and running with CSM.{{< /nextlink >}} +{{< nextlink href="/getting_started/cloud_security_management" >}}Cloud Security: Discover best practices for getting your team up and running with Cloud Security.{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_siem" >}}Cloud SIEM: Discover best practices for getting your team up and running with Cloud SIEM.{{< /nextlink >}} {{< nextlink href="/getting_started/logs" >}}Logs: Send your first logs and use log processing to enrich them.{{< /nextlink >}} {{< nextlink href="/getting_started/ci_visibility" >}}CI Visibility: Collect CI pipeline data by setting up integrations with your CI providers.{{< /nextlink >}} diff --git a/content/en/getting_started/devsecops/_index.md b/content/en/getting_started/devsecops/_index.md index 201607b1ea2bc..78ab4db870c42 100644 --- a/content/en/getting_started/devsecops/_index.md +++ b/content/en/getting_started/devsecops/_index.md @@ -11,7 +11,7 @@ The Infrastructure DevSecOps bundles combine infrastructure monitoring with the {{< tabs >}} {{% tab "Infrastructure DevSecOps Pro" %}} -Infrastructure DevSecOps Pro includes [Containers][1], [Serverless][2], and [CSM Pro][3]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][4]. +Infrastructure DevSecOps Pro includes [Containers][1], [Serverless][2], and [Cloud Security Pro][3]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][4]. ### Setup @@ -21,7 +21,7 @@ To get started with Infrastructure DevSecOps Pro, [install and configure the Dat - [Serverless][2] - [Integrations][4] -After you install the Agent, configure CSM Pro for your environment. +After you install the Agent, configure Cloud Security Pro for your environment. - [Cloud Security Pro][6] @@ -51,7 +51,7 @@ Learn more about the features included with Infrastructure DevSecOps Pro: {{% /tab %}} {{% tab "Infrastructure DevSecOps Enterprise" %}} -Infrastructure DevSecOps Enterprise includes [Containers][1], [Serverless][2], [Live Processes][3], and [CSM Enterprise][4]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][5]. +Infrastructure DevSecOps Enterprise includes [Containers][1], [Serverless][2], [Live Processes][3], and [Cloud Security Enterprise][4]. It also includes more than {{< translate key="integration_count" >}} [out-of-the-box integrations][5]. ### Setup @@ -62,7 +62,7 @@ To get started with Infrastructure DevSecOps Enterprise, [install and configure - [Live Processes][7] - [Integrations][5] -After you install the Agent, configure CSM Enterprise for your environment. +After you install the Agent, configure Cloud Security Enterprise for your environment. - [Cloud Security Enterprise][8] diff --git a/content/en/getting_started/integrations/aws.md b/content/en/getting_started/integrations/aws.md index d74888d0962e9..27a85d78ecf93 100644 --- a/content/en/getting_started/integrations/aws.md +++ b/content/en/getting_started/integrations/aws.md @@ -210,7 +210,7 @@ Review [Getting Started with Cloud SIEM][50] to evaluate your logs against the o #### Cloud Security Misconfigurations -Use the [Setting Up CSM Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. +Use the [Setting Up Cloud Security Misconfigurations][54] guide to learn about detecting and assessing misconfigurations in your cloud environment. Resource configuration data is evaluated against the out-of-the-box [Cloud][55] and [Infrastructure][56] compliance rules to flag attacker techniques and potential misconfigurations, allowing for fast response and remediation. ### Troubleshooting diff --git a/content/en/getting_started/integrations/google_cloud.md b/content/en/getting_started/integrations/google_cloud.md index 8429653a7157e..49096c9e80fc4 100644 --- a/content/en/getting_started/integrations/google_cloud.md +++ b/content/en/getting_started/integrations/google_cloud.md @@ -277,7 +277,7 @@ To view security findings from [Google Cloud Security Command Center][47] in Clo Datadog Cloud Security delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. Check out the [Setting up Cloud Security guide][49] to get started. -After setting up CSM, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and CSM. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. +After setting up Cloud Security, toggle the **Enable Resource Collection** option under the **Resource Collection** tab to start collecting configuration data for the [Resource Catalog][50] and Cloud Security. Then, follow these instructions to enable [Misconfigurations and Identity Risks (CIEM)][51] on Google Cloud. {{< img src="integrations/google_cloud_platform/resource_collection.png" alt="The resource collection tab in the Google Cloud integration tile" style="width:100%;" >}} diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 9cae0349cd409..50c3c749bdd02 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -27,18 +27,18 @@ further_reading: [Datadog Cloud Security][1] delivers deep visibility, continuous configuration audits, identity risk assessments, vulnerability detection, and real-time threat detection across your entire cloud infrastructure—all in a unified platform for seamless collaboration and faster remediation. -With CSM, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with CSM. +With Cloud Security, Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. This guide walks you through best practices for getting your team up and running with Cloud Security. ## Phase 1: Deployment -1. Using [Agentless][34] and/or the [Datadog Agent (version 7.46 or above)][4], [enable CSM for your cloud resources and infrastructure][5]: +1. Using [Agentless][34] and/or the [Datadog Agent (version 7.46 or above)][4], [enable Cloud Security for your cloud resources and infrastructure][5]: - **[Threats][3]**: Kubernetes, Docker, and host-based installations. - **[Misconfigurations][2]**: AWS, Azure, GCP, Kubernetes, and Docker instructions. - **[Identity Risks][28]**: Enable AWS resource collection and Cloudtrail logs forwarding. - **[Vulnerabilities][6]**: Container image scanning and host scanning instructions for AWS, Azure, Kubernetes, ECS EC2 instances, and host-based installations. -1. Check out the [CSM homepage][13] to get an overview of your organization's risks and threats. +1. Check out the [Cloud Security homepage][13] to get an overview of your organization's risks and threats. 1. Review [500+ out-of-the-box Threats and Misconfigurations detection rules][14]. -1. Explore [security signals][15] and review [CSM Misconfigurations findings][16]. +1. Explore [security signals][15] and review [Cloud Security Misconfigurations findings][16]. 1. Review and remediate identity risks on the [Identity Risks][29] page. 1. Review container vulnerabilities on the [Container Images][25] page, and a consolidated list of vulnerabilities on the [Infrastructure Vulnerability][30] page. 1. Set up [notification rules][17] and receive alerts using Slack, Jira, email, and more. @@ -46,7 +46,7 @@ With CSM, Security and DevOps teams can act on the shared context of observabili ## Phase 2: Customization 1. Set up [CSM Threats suppression rules][18] to reduce noise. -2. Create custom detection rules for [CSM Misconfigurations][19] and [CSM Threats][20]. +2. Create custom detection rules for [Cloud Security Misconfigurations][19] and [CSM Threats][20]. ## Phase 3: Reports and dashboards @@ -54,11 +54,11 @@ With CSM, Security and DevOps teams can act on the shared context of observabili 2. Use out-of-the-box dashboards or [create your own][22] for faster investigations, reporting, and monitoring. 3. Subscribe to the weekly [security digest][31] reports to begin investigation and remediation of the most important new security issues discovered in the last seven days. -## Disable CSM +## Disable Cloud Security -For information on disabling CSM, see the following: +For information on disabling Cloud Security, see the following: -- [Disable CSM Vulnerabilities][32] +- [Disable Cloud Security Vulnerabilities][32] - [Disable CSM Threats][33] ## Further reading diff --git a/content/en/infrastructure/containers/container_images.md b/content/en/infrastructure/containers/container_images.md index ed3ee333f8bb8..d2af777771bf8 100644 --- a/content/en/infrastructure/containers/container_images.md +++ b/content/en/infrastructure/containers/container_images.md @@ -9,7 +9,7 @@ further_reading: text: "Cloud Security Vulnerabilities" - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities/" tag: "Documentation" text: "Troubleshooting Cloud Security Vulnerabilities" @@ -101,10 +101,10 @@ container_image: #### Enable SBOM collection -The following instructions turn on [Software Bill of Materials][5] (SBOM) collection for CSM Vulnerabilities. SBOM collection enables automatic detection of container image vulnerabilities. Vulnerabilities are evaluated and scanned against your containers every hour. Vulnerability management for container images is included in [CSM Pro and Enterprise plans][10]. +The following instructions turn on [Software Bill of Materials][5] (SBOM) collection for Cloud Security Vulnerabilities. SBOM collection enables automatic detection of container image vulnerabilities. Vulnerabilities are evaluated and scanned against your containers every hour. Vulnerability management for container images is included in [Cloud Security Pro and Enterprise plans][10]. **Notes**: -- The CSM Vulnerabilities feature is not available for AWS Fargate or Windows environments. +- The Cloud Security Vulnerabilities feature is not available for AWS Fargate or Windows environments. - SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the [Disable Image streaming][11] section of the GKE docs. {{< tabs >}} diff --git a/content/en/infrastructure/resource_catalog/_index.md b/content/en/infrastructure/resource_catalog/_index.md index 8c61e69872227..ee357a5e39b7b 100644 --- a/content/en/infrastructure/resource_catalog/_index.md +++ b/content/en/infrastructure/resource_catalog/_index.md @@ -60,7 +60,7 @@ By default, when you navigate to the Resource Catalog, you are able to see Datad **Note**: - Extending resource collection does _not_ incur additional costs. The Resource Catalog is a free product for Infrastructure Monitoring customers. -- Enabling Cloud Security automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the CSM product. +- Enabling Cloud Security automatically enables resource collection for the Resource Catalog Inventory tab. Enabling resource collection for the Resource Catalog does _not_ enable the Cloud Security product. ## Browse the Resource Catalog diff --git a/content/en/infrastructure/resource_catalog/schema.md b/content/en/infrastructure/resource_catalog/schema.md index 1b2cc3d0b0bf9..ed700fab56a5b 100644 --- a/content/en/infrastructure/resource_catalog/schema.md +++ b/content/en/infrastructure/resource_catalog/schema.md @@ -14,12 +14,12 @@ list_section: {{< site-region region="gov" >}}
-CSM Misconfigurations is not available in the selected site. +Cloud Security Misconfigurations is not available in the selected site.
{{< /site-region >}} The following resource types are available within [Resource catalog][2] for filtering. -See [custom rules in CSM Misconfigurations][1] for more information. +See [custom rules in Cloud Security Misconfigurations][1] for more information. [1]: /security/cloud_security_management/misconfigurations/custom_rules/ [2]: /infrastructure/resource_catalog diff --git a/content/en/integrations/guide/aws-organizations-setup.md b/content/en/integrations/guide/aws-organizations-setup.md index b7a2f9486659b..8cada2cd2470c 100644 --- a/content/en/integrations/guide/aws-organizations-setup.md +++ b/content/en/integrations/guide/aws-organizations-setup.md @@ -33,7 +33,7 @@ The Datadog CloudFormation StackSet performs the following steps: 2. Automatically creates the necessary IAM role and policies in the target accounts. 3. Automatically initiates ingestion of AWS CloudWatch metrics and events from the AWS resources in the accounts. 4. Optionally disables metric collection for the AWS infrastructure. This is useful for Cloud Cost Management (CCM) or Cloud Security Misconfigurations specific use cases. -5. Optionally configures CSM Misconfigurations to monitor resource misconfigurations in your AWS accounts. +5. Optionally configures Cloud Security Misconfigurations to monitor resource misconfigurations in your AWS accounts. **Note**: The StackSet does not set up log forwarding in the AWS accounts. To set up logs, follow the steps in the [Log Collection][2] guide. @@ -61,7 +61,7 @@ Copy the Template URL from the Datadog AWS integration configuration page to use - *Optionally:* a. Enable [Cloud Security Misconfigurations][5] to scan your cloud environment, hosts, and containers for misconfigurations and security risks. - b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [CSM Misconfigurations][5] specific use cases. + b. Disable metric collection if you do not want to monitor your AWS infrastructure. This is recommended only for [Cloud Cost Management][6] (CCM) or [Cloud Security Misconfigurations][5] specific use cases. 3. **Configure StackSet options** Keep the **Execution configuration** option as `Inactive` so the StackSet performs one operation at a time. diff --git a/content/en/integrations/guide/azure-architecture-and-configuration.md b/content/en/integrations/guide/azure-architecture-and-configuration.md index 6241845f029bd..d378d69037ec6 100644 --- a/content/en/integrations/guide/azure-architecture-and-configuration.md +++ b/content/en/integrations/guide/azure-architecture-and-configuration.md @@ -122,7 +122,7 @@ The implications of restricting access below the Monitoring Reader role are: The implications of restricting or omitting the Azure AD roles are: - - Partial or total loss of metadata for Azure AD resources in CSM Misconfigurations + - Partial or total loss of metadata for Azure AD resources in Cloud Security Misconfigurations - Partial or total loss of credential expiration monitoring for Azure AD resources [1]: /getting_started/site/ diff --git a/content/en/integrations/guide/azure-portal.md b/content/en/integrations/guide/azure-portal.md index edc23a40879c4..09408c4ef846e 100644 --- a/content/en/integrations/guide/azure-portal.md +++ b/content/en/integrations/guide/azure-portal.md @@ -302,7 +302,7 @@ The Azure Datadog integration allows you to install the Datadog Agent on a VM or Select `Cloud Security Posture Management` in the left sidebar to configure [Cloud Security Misconfigurations][8]. -By default, CSM Misconfigurations is not enabled. To enable CSM Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog CSM Misconfigurations for any subscriptions associated with the Datadog resource. +By default, Cloud Security Misconfigurations is not enabled. To enable Cloud Security Misconfigurations, select `Enable Datadog Cloud Security Posture Management` and click **Save**. This enables Datadog Cloud Security Misconfigurations for any subscriptions associated with the Datadog resource. To disable, uncheck the box and click **Save**. diff --git a/content/en/metrics/summary.md b/content/en/metrics/summary.md index c9ac5492ff557..5285918f5196c 100644 --- a/content/en/metrics/summary.md +++ b/content/en/metrics/summary.md @@ -203,7 +203,7 @@ This table shows the mapping between the metric origin as seen in the facet and | API Catalog | Timeseries sent by the Datadog [Software Catalog][13] product from the APIM Endpoint. | APM | Timeseries sent by the Datadog APM product for metrics generated from traces and span metrics. | Agent | Timeseries sent by the Datadog Agent, collected from [Agent integrations][10], [built-in integrations][9], [DogStatsD][32], or [custom Agent checks][33]. -| CSM | Timeseries sent by the Datadog [Cloud Security][14] product. +| Cloud Security | Timeseries sent by the Datadog [Cloud Security][14] product. | Cloud Integrations | Timeseries collected from cloud providers like AWS, Azure, and Google Cloud etc. from their respective integrations. | DBM | Timeseries sent by the Datadog [Database Monitoring][15] product, including insights into MySQL, Oracle, and Postgres activities/queries/locks. | DSM | Timeseries sent by the Datadog [Data Streams Monitoring][16] product, for metrics generated from the DSM spans and traces. diff --git a/content/en/security/_index.md b/content/en/security/_index.md index a018e36a91ce6..7fcf2f31442b5 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -23,7 +23,7 @@ further_reading: text: "Begin detecting threats with Cloud SIEM" - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" text: "Uncover kernel-level threats with CSM Threats" @@ -110,7 +110,7 @@ In addition to threat detection, Datadog provides end-to-end code and library vu [Cloud Security][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. -CSM includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. +Cloud Security includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues" width="100%">}} diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index da1463c0018b4..af49d73821a75 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -8,7 +8,7 @@ further_reading: text: "See What's New in Datadog Security Compliance" - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/threats/setup" tag: "Documentation" text: "Uncover kernel-level threats with CSM Threats" @@ -57,7 +57,7 @@ Datadog Cloud Security delivers deep visibility, continuous configuration audits Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. -CSM leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: +Cloud Security leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: - [**Threats**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. - [**Misconfigurations**][2]: Tracks the security hygiene and compliance posture of your production environment, automates audit evidence collection, and enables you to remediate misconfigurations that leave your organization vulnerable to attacks. @@ -70,11 +70,11 @@ CSM leverages both the Datadog Agent and Agentless. It includes a variety of fea ## Track your organization's health -Available for [CSM Misconfigurations][2], the [security posture score][5] helps you track your organization's overall health. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure compliance rules. +Available for [Cloud Security Misconfigurations][2], the [security posture score][5] helps you track your organization's overall health. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure compliance rules. Improve your organization's score by remediating misconfigurations, either by resolving the underlying issue or by muting the misconfiguration. -{{< img src="security/csm/health_scores.png" alt="The posture score on the CSM overview page tracks your organization's overall health" width="100%">}} +{{< img src="security/csm/health_scores.png" alt="The posture score on the Cloud Security overview page tracks your organization's overall health" width="100%">}} ## Explore and remediate issues @@ -82,7 +82,7 @@ For an overview of your Cloud Security and Application Security findings, sorted To get more detail, use the [Explorers][7] to review and remediate your organization's security findings concerning misconfigurations, vulnerabilities, and identity risks. View detailed information about a finding, including guidelines and remediation steps. [Send real-time notifications][6] when a threat is detected in your environment, and use tags to identify the owner of an impacted resource. -{{< img src="security/csm/explorers_page.png" alt="CSM Explorers page" width="100%">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Explorers page" width="100%">}} ## Investigate resources @@ -104,7 +104,7 @@ Use the [Security Research Feed][15] to stay current with the latest security de ## Next steps -To get started with CSM, navigate to the [**Cloud Security Setup**][3] page in Datadog, which has detailed steps on how to set up and configure CSM. For more information, see [Setting Up Cloud Security][10]. +To get started with Cloud Security, navigate to the [**Cloud Security Setup**][3] page in Datadog, which has detailed steps on how to set up and configure Cloud Security. For more information, see [Setting Up Cloud Security][10]. ## Further reading diff --git a/content/en/security/cloud_security_management/guide/_index.md b/content/en/security/cloud_security_management/guide/_index.md index 1a158548cac04..03ef8e0db469b 100644 --- a/content/en/security/cloud_security_management/guide/_index.md +++ b/content/en/security/cloud_security_management/guide/_index.md @@ -19,8 +19,8 @@ aliases: {{< nextlink href="/security/cloud_security_management/guide/ebpf-free-agent" >}}Threat Detection for Linux Without eBPF Support{{< /nextlink >}} {{< /whatsnext >}} -{{< whatsnext desc="CSM Misconfigurations Guides" >}} - {{< nextlink href="/security/cloud_security_management/guide/writing_rego_rules" >}}Writing Custom CSM Misconfigurations Rules with Rego{{< /nextlink >}} +{{< whatsnext desc="Cloud Security Misconfigurations Guides" >}} + {{< nextlink href="/security/cloud_security_management/guide/writing_rego_rules" >}}Writing Custom Cloud Security Misconfigurations Rules with Rego{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/public-accessibility-logic" >}}How Datadog Determines if Resources are Publicly Accessible{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/resource_evaluation_filters" >}}Use Filters to Exclude Resources from Evaluation{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/guide/related-logs" >}}View a Misconfiguration's Related Logs{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/guide/active-protection.md b/content/en/security/cloud_security_management/guide/active-protection.md index fc5784b3fe736..6488a78ae87ae 100644 --- a/content/en/security/cloud_security_management/guide/active-protection.md +++ b/content/en/security/cloud_security_management/guide/active-protection.md @@ -79,7 +79,7 @@ Consequently, you do not need to worry that enabling Active Protection immediate To enable Active Protection: -1. Go to CSM [Agent Configuration][2] rules. +1. Go to Cloud Security [Agent Configuration][2] rules. 2. Select **Enable Active Protection**. {{< img src="security/cws/guide/enable-active-protection.png" alt="Enable Active Protection button" style="width:100%;" >}} diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index 22d8372032c17..0ee4f0edd0642 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -152,7 +152,7 @@ runtime_security_config: Ensure you perform the following configuration requirements before deploying the Agent: 1. Customize the [Agent Installation Instructions][5] before proceeding with the installation. -2. Install/update the Agent with CSM enabled. For steps, see [Setting up Cloud Security on the Agent][4]. +2. Install/update the Agent with Cloud Security enabled. For steps, see [Setting up Cloud Security on the Agent][4]. 3. Specify additional configurations from the previous **eBPF-less agent setup** sections to install the custom version and enable eBPF-less mode. diff --git a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md index 9b0d7d12722f2..abdea81d926d6 100644 --- a/content/en/security/cloud_security_management/guide/public-accessibility-logic.md +++ b/content/en/security/cloud_security_management/guide/public-accessibility-logic.md @@ -3,7 +3,7 @@ title: How Datadog Determines if Resources are Publicly Accessible further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/default_rules/#cat-cloud-security-management" tag: "Documentation" text: "Out-of-the-box Detection Rules" diff --git a/content/en/security/cloud_security_management/guide/related-logs.md b/content/en/security/cloud_security_management/guide/related-logs.md index 90b918c182d87..3f9a8661b2600 100644 --- a/content/en/security/cloud_security_management/guide/related-logs.md +++ b/content/en/security/cloud_security_management/guide/related-logs.md @@ -2,7 +2,7 @@ title: View a misconfiguration's related logs --- -Datadog CSM's Related Logs feature allows you to quickly identify cloud audit logs that relate to a specific cloud resource. When investigating a misconfiguration, this can help you understand: +Datadog Cloud Security's Related Logs feature allows you to quickly identify cloud audit logs that relate to a specific cloud resource. When investigating a misconfiguration, this can help you understand: - Who created the resource - Who last modified the resource, possibly introducing the misconfiguration diff --git a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md index 48853eafe2907..afa4ea27bbec2 100644 --- a/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md +++ b/content/en/security/cloud_security_management/guide/resource_evaluation_filters.md @@ -23,7 +23,7 @@ You can use resource tags to create filters that include or exclude resources fr | Single character wildcard | `?` | | Multiple characters wildcard | `*` | -The allowlist enables you to specify tags that must be applied to a resource in order for CSM to evaluate it. Allowlist tags are evaluated as OR statements. In other words, at least one of the allowlist tags must be present in order for a resource to be evaluated. In contrast, blocklisted tags are evaluated as AND statements and take precedence over allowlist tags. +The allowlist enables you to specify tags that must be applied to a resource in order for Cloud Security to evaluate it. Allowlist tags are evaluated as OR statements. In other words, at least one of the allowlist tags must be present in order for a resource to be evaluated. In contrast, blocklisted tags are evaluated as AND statements and take precedence over allowlist tags. **Examples**: diff --git a/content/en/security/cloud_security_management/guide/writing_rego_rules.md b/content/en/security/cloud_security_management/guide/writing_rego_rules.md index 55cb5cb80379e..598a54c52f02d 100644 --- a/content/en/security/cloud_security_management/guide/writing_rego_rules.md +++ b/content/en/security/cloud_security_management/guide/writing_rego_rules.md @@ -18,7 +18,7 @@ Open Policy Agent (OPA) provides [Rego][1], an open source policy language with ## The template module -Defining a rule starts with a Rego [policy][2], defined inside a [module][3]. CSM Misconfigurations uses a module template like the one below to simplify writing rules: +Defining a rule starts with a Rego [policy][2], defined inside a [module][3]. Cloud Security Misconfigurations uses a module template like the one below to simplify writing rules: ```python package datadog diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index 658fec7e692d7..2ca20f1705d60 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -14,7 +14,7 @@ Static Infrastructure as Code (IaC) scanning integrates with version control sys
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
-{{< img src="security/csm/iac_scanning_explorer2.png" alt="CSM Explorers page displaying detected misconfigurations in cloud resources" width="100%">}} +{{< img src="security/csm/iac_scanning_explorer2.png" alt="Cloud Security Explorers page displaying detected misconfigurations in cloud resources" width="100%">}} When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code. diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 7f9ad4a2a4853..2e2933fb3ac23 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -28,15 +28,15 @@ further_reading: Cloud Security Identity Risks is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests [downsized policies][4], [Datadog Workflows][3] based remediations, and deep links to cloud consoles. -
CSM Identity Risks is available for AWS, Azure, and GCP.
+
Cloud Security Identity Risks is available for AWS, Azure, and GCP.
## Review identity risks Review your organization's active identity risks on the [Identity Risks Explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. -CSM Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. +Cloud Security Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. -{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="CSM Identity Risks Explorers page" width="100%">}} +{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="Cloud Security Identity Risks Explorers page" width="100%">}} ## Remediate identity risks @@ -76,9 +76,9 @@ Datadog CIEM is integrated with [AWS IAM Access Analyzer][5] to further improve ## Video walkthrough -The following video provides an overview of how to enable and use CSM Identity Risks: +The following video provides an overview of how to enable and use Cloud Security Identity Risks: -{{< img src="security/csm/how-to-use-csm-identity-risks.mp4" alt="Video that provides an overview of how to install and use CSM Identity Risks" video=true >}} +{{< img src="security/csm/how-to-use-csm-identity-risks.mp4" alt="Video that provides an overview of how to install and use Cloud Security Identity Risks" video=true >}} ## Further Reading diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index b6fb4f5a2fb7c..cb6b9f22d018a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -17,23 +17,23 @@ Strengthen your security posture and achieve continuous compliance by detecting, View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations Explorer][2]. -CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. +Cloud Security Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. +Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. [View compliance reports][3] to see how well you're doing against each control in a compliance framework. The reports include details such as resources with the most failed misconfigurations, a comprehensive breakdown of the number of resources with pass/fail misconfigurations, and the top three high-severity rule failures. -{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_2.png" alt="CSM Misconfigurations compliance frameworks" width="100%">}} +{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_2.png" alt="Cloud Security Misconfigurations compliance frameworks" width="100%">}} ## Manage out-of-the-box and custom compliance rules [Out-of-the-box compliance rules][4] surface the most important risks so that you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account. [Customize the rules][5] by defining how each rule scans your environment, [create custom rules][6], and [set up real-time notifications for failed misconfigurations](#set-up-real-time-notifications). -{{< img src="security/cspm/compliance_rules.png" alt="CSM Misconfigurations compliance rules" width="100%">}} +{{< img src="security/cspm/compliance_rules.png" alt="Cloud Security Misconfigurations compliance rules" width="100%">}} ## Set up real-time notifications @@ -47,20 +47,20 @@ Investigate details using the [Misconfigurations Explorer][10]. View detailed in You can also [create a Jira issue][15] and assign it to a team, use Terraform remediation to generate a pull request in GitHub with code changes that fix the underlying misconfiguration, and leverage [Workflow Automation][14] to create automated workflows (with or without human involvement). -{{< img src="security/cspm/misconfigurations_explorer.png" alt="CSM Misconfigurations Explorer page" width="100%">}} +{{< img src="security/cspm/misconfigurations_explorer.png" alt="Cloud Security Misconfigurations Explorer page" width="100%">}} ## Get started -{{< learning-center-callout header="Try Detect, Prioritize, and Remediate Cloud Security Risks with Datadog CSM in the Learning Center" btn_title="Enroll Now" btn_url="https://learn.datadoghq.com/courses/csm-misconfigurations">}} - The Datadog Learning Center is full of hands-on courses to help you learn about this topic. Enroll at no cost to learn how to secure your cloud environments with CSM misconfigurations. +{{< learning-center-callout header="Try Detect, Prioritize, and Remediate Cloud Security Risks with Datadog Cloud Security in the Learning Center" btn_title="Enroll Now" btn_url="https://learn.datadoghq.com/courses/csm-misconfigurations">}} + The Datadog Learning Center is full of hands-on courses to help you learn about this topic. Enroll at no cost to learn how to secure your cloud environments with Cloud Security misconfigurations. {{< /learning-center-callout >}} {{< whatsnext >}} {{< nextlink href="/security/cloud_security_management/setup">}}Complete setup and configuration{{< /nextlink >}} {{< nextlink href="/getting_started/cloud_security_management">}}Getting Started with Cloud Security{{< /nextlink >}} - {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for CSM Misconfigurations{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for CSM Misconfigurations{{< /nextlink >}} - {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for CSM Misconfigurations{{< /nextlink >}} + {{< nextlink href="/account_management/rbac/permissions/#cloud-security-platform">}}Datadog role permissions for Cloud Security Misconfigurations{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-posture-management-cloud">}}Out-of-the-box cloud detection rules for Cloud Security Misconfigurations{{< /nextlink >}} + {{< nextlink href="/security/default_rules/#cat-posture-management-infra">}}Out-of-the-box infrastructure detection rules for Cloud Security Misconfigurations{{< /nextlink >}} {{< nextlink href="/security/cloud_security_management/misconfigurations/findings">}} Learn more about misconfigurations{{< /nextlink >}} {{< nextlink href="https://www.datadoghq.com/blog/cspm-for-azure-with-datadog/">}} Monitor the security and compliance posture of your Azure environment{{< /nextlink >}} {{< nextlink href="https://www.datadoghq.com/blog/cspm-for-gcp-with-datadog/">}} Improve the compliance and security posture of your Google Cloud environment{{< /nextlink >}} diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index 00c87cd5b3c92..67c76f9c8a00a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -1,5 +1,5 @@ --- -title: Manage CSM Misconfigurations Compliance Rules +title: Manage Cloud Security Misconfigurations Compliance Rules aliases: - /security_platform/cspm/configuration_rules - /security/cspm/configuration_rules @@ -9,7 +9,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: Getting Started with CSM Misconfigurations + text: Getting Started with Cloud Security Misconfigurations - link: "/security/cloud_security_management/misconfigurations/custom_rules/" tag: "Documentation" text: Custom Rules @@ -20,9 +20,9 @@ further_reading: Cloud Security Misconfigurations [out-of-the-box compliance rules][1] evaluate the configuration of your cloud resources and identify potential misconfigurations so you can immediately take steps to remediate. -The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. +The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For Cloud Security Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. -CSM Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: +Cloud Security Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: - [**Cloud configuration**][1]: These compliance rules analyze the configuration of resources within your cloud environment. For example, the [CloudFront distribution should be encrypted][3] rule assesses whether an Amazon CloudFront distribution enforces HTTPS to secure communications. - [**Infrastructure configuration**][5]: These checks evaluate containers and Kubernetes clusters using rules from CIS compliance benchmarks for Docker and Kubernetes, as well as Linux workloads against CIS host benchmarks for Ubuntu, Red Hat, and Amazon Linux. diff --git a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md index 11e0cd445f1d6..db2c2be2dbaff 100644 --- a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md @@ -9,7 +9,7 @@ further_reading: text: "Start writing your own Rego rules" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/misconfigurations/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" @@ -59,7 +59,7 @@ To create a rule from scratch: ## Tagging misconfigurations -When you create, clone, or modify CSM Misconfigurations compliance rules, you can specify tags to apply to misconfigurations so that you can group, filter, and search misconfigurations by those tags. When you clone a rule, some tags are carried forward into the new rule, and others are not (see table below). +When you create, clone, or modify Cloud Security Misconfigurations compliance rules, you can specify tags to apply to misconfigurations so that you can group, filter, and search misconfigurations by those tags. When you clone a rule, some tags are carried forward into the new rule, and others are not (see table below). You can assign almost any key-value as a tag. The following table shows tags that are useful in common security scenarios. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index f1e2bea81955c..de8725a28b4b8 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -8,7 +8,7 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" @@ -17,7 +17,7 @@ further_reading: The Cloud Security Misconfigurations [Explorer][1] allows you to: - Review the detailed configuration of a resource. -- Review the compliance rules applied to your resources by CSM Misconfigurations. +- Review the compliance rules applied to your resources by Cloud Security Misconfigurations. - Review tags for more context about who owns the resource and where it resides in your environment. - Read descriptions and guidelines based on industry resources for remediating a misconfigured resource. - Use the time selector to explore your security configuration posture at any point in the past. @@ -32,7 +32,7 @@ A misconfiguration is the primary primitive for a rule evaluation against a reso Misconfigurations are displayed on the [Misconfigurations Explorer][1]. Aggregate misconfigurations by rule using the **Group by** filters and query search bar. For example, filtering by `evaluation:fail` narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation. -{{< img src="security/csm/explorers_page.png" alt="CSM Misconfigurations Explorer page" style="width:100%;">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Misconfigurations Explorer page" style="width:100%;">}} Select a misconfiguration to view the resources that have been evaluated by the rule, the rule description, its framework or industry benchmark mappings, and suggested remediation steps. diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md index 0e03039299733..cee66dc9b35d5 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/frameworks_and_benchmarks" tag: "Documentation" text: "Learn about frameworks and industry benchmarks" diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md index 03fd8b9e4c86f..fb12e695f76c2 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md @@ -7,20 +7,20 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" --- -CSM Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. +Cloud Security Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. ## View your compliance posture -View a high-level overview of your compliance posture for each framework on the CSM Misconfigurations [Compliance][20] page. Click a framework to see a [detailed report](#explore-compliance-framework-reports) that gives you insight into how your configuration scores against the framework's requirements and rules. +View a high-level overview of your compliance posture for each framework on the Cloud Security Misconfigurations [Compliance][20] page. Click a framework to see a [detailed report](#explore-compliance-framework-reports) that gives you insight into how your configuration scores against the framework's requirements and rules. - **Star**: Pin a framework to the top of your table. - **Score**: The [posture score][3] for the rules in the given framework. @@ -31,7 +31,7 @@ View a high-level overview of your compliance posture for each framework on the - **Explore Resources**: A filtered view of the **Misconfigurations** page that shows resources with misconfigurations for the selected framework. - **Configure Rules**: Customize how your environment is scanned and set notification targets by modifying the compliance rules for each framework. -{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_3.png" alt="The compliance reports section of the CSM Misconfigurations Compliance page provides a high-level overview of your compliance posture" style="width:100%;">}} +{{< img src="security/cspm/frameworks_and_benchmarks/compliance_reports_3.png" alt="The compliance reports section of the Cloud Security Misconfigurations Compliance page provides a high-level overview of your compliance posture" style="width:100%;">}} ## Explore compliance framework reports diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md index e7401ab42e0ec..1b3cf0c1eb5e5 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/custom_frameworks.md @@ -5,10 +5,10 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" @@ -19,7 +19,7 @@ further_reading: With custom frameworks, you can define and measure compliance against your own cloud security baseline. Custom frameworks are listed on the Cloud Security [Compliance][6] page, have their own real-time report and [security posture score][7], and are queryable within explorers and dashboards. -1. On the [CSM Compliance page][6], click **Create Framework**. +1. On the [Cloud Security Compliance page][6], click **Create Framework**. 1. Enter the following details: - **Framework name**: The name of your framework. Can include characters, numbers, and spaces. Must be at least five characters long. - **Handle**: The tag name for the custom framework. Can include lowercase letters, numbers, dashes, underscores, and periods. This value is used to query the framework in the explorer or in dashboards. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 581b717c73d9e..2a54cb832e58a 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -6,10 +6,10 @@ aliases: further_reading: - link: "security/cspm/setup" tag: "Documentation" - text: "Getting started with CSM Misconfigurations" + text: "Getting started with Cloud Security Misconfigurations" - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration compliance rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration compliance rules" - link: "security/cspm/findings" tag: "Documentation" text: "Search and explore misconfigurations" @@ -18,7 +18,7 @@ further_reading: text: "Datadog Security extends compliance and threat protection capabilities for Google Cloud" --- -CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: +Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|------------------------|-------------------------------------|--------------------------| @@ -55,7 +55,7 @@ CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules **Notes**: -- CSM Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). CSM Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use CSM Misconfigurations in consultation with your legal counsel or compliance experts. +- Cloud Security Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). Cloud Security Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use Cloud Security Misconfigurations in consultation with your legal counsel or compliance experts. - The compliance rules for the CIS benchmarks follow the CIS automated recommendations. If you're obtaining CIS certification, Datadog recommends also reviewing the manual recommendations as part of your overall security assessment. - Datadog also provides Essential Cloud Security Controls, a set of recommendations developed by Datadog internal security experts. Based on common cloud security risks observed by Datadog, this ruleset aims to help users that are new to cloud security remediate high-impact misconfigurations across their cloud environments. diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index 02b954a14d7a6..c08b1b4cfdea4 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "security/default_rules" tag: "Documentation" - text: "Explore default CSM Misconfigurations cloud configuration detection rules" + text: "Explore default Cloud Security Misconfigurations cloud configuration detection rules" - link: "/security/misconfigurations/custom_rules" tag: "Documentation" text: "Create Custom Rules" @@ -17,8 +17,8 @@ Kubernetes Security Posture Management (KSPM) for Cloud Security helps you proac To take full advantage of KSPM, you must install both the Datadog Agent and cloud integrations. For detailed instructions, see the following articles: -- CSM Enterprise ([Agent][14] and [cloud integrations][15]) -- CSM Pro ([Agent][12] and [cloud integrations][13]) +- Cloud Security Enterprise ([Agent][14] and [cloud integrations][15]) +- Cloud Security Pro ([Agent][12] and [cloud integrations][13]) This allows Datadog to detect risks in your Kubernetes deployments for each of the following resource types: @@ -38,7 +38,7 @@ This allows Datadog to detect risks in your Kubernetes deployments for each of t With KSPM, Datadog scans your environment for risks defined by more than 50+ out-of-the-box Kubernetes detection rules. When at least one case defined in a rule is matched over a given period of time, [a notification alert is sent][6], and a finding is generated in the [Misconfigurations Explorer][11]. -Each finding contains the context you need to identify the issue's impact, such as the full resource configuration, resource-level tags, and a map of the resource's relationships with other components of your infrastructure. After you understand the problem and its impact, you can start remediating the issue by [creating a Jira ticket][7] from within CSM or by [executing a pre-defined workflow][8]. +Each finding contains the context you need to identify the issue's impact, such as the full resource configuration, resource-level tags, and a map of the resource's relationships with other components of your infrastructure. After you understand the problem and its impact, you can start remediating the issue by [creating a Jira ticket][7] from within Cloud Security or by [executing a pre-defined workflow][8]. **Note**: You can also use the [API to programmatically interact with findings][10]. @@ -46,7 +46,7 @@ Each finding contains the context you need to identify the issue's impact, such ## Assess your Kubernetes security posture against industry-standard frameworks -CSM provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. +Cloud Security provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. For an in-depth explanation on how the security posture score works, see [Security posture score][3]. diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index 5ae3178c01b86..2df76f414eae5 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -10,31 +10,31 @@ further_reading: aliases: - /security/cloud_security_management/guide/jira products: - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- {{< product-availability >}} -Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security security issue. Jira for Cloud Security is available for [CSM Misconfigurations][3] and [CSM Identity Risks][4]. +Use the [Jira integration][1] to create Jira issues for resources that are impacted by a Cloud Security security issue. Jira for Cloud Security is available for [Cloud Security Misconfigurations][3] and [Cloud Security Identity Risks][4]. **Notes**: -- To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for CSM. +- To create Jira issues, you must have the `security_monitoring_findings_write` permission. See [Role Based Access Control][2] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security. - At this time, you can create only one Jira issue per finding. ## Configure the Jira integration -To create Jira issues for CSM security issues, you must configure the [Jira integration][5]. For detailed instructions, see the [Jira][1] integration docs. +To create Jira issues for Cloud Security security issues, you must configure the [Jira integration][5]. For detailed instructions, see the [Jira][1] integration docs. ## Create a Jira issue for impacted resources {{< tabs >}} -{{% tab "CSM Misconfigurations" %}} +{{% tab "Cloud Security Misconfigurations" %}} To create a Jira issue for one or more resources impacted by a misconfiguration: @@ -64,7 +64,7 @@ After you create the issue, a link to the Jira issue is displayed on the side pa {{% /tab %}} -{{% tab "CSM Identity Risks" %}} +{{% tab "Cloud Security Identity Risks" %}} To create a Jira issue for one or more resources impacted by an identity risk: diff --git a/content/en/security/cloud_security_management/review_remediate/mute_issues.md b/content/en/security/cloud_security_management/review_remediate/mute_issues.md index d540ca5438359..ab641aa90e2fc 100644 --- a/content/en/security/cloud_security_management/review_remediate/mute_issues.md +++ b/content/en/security/cloud_security_management/review_remediate/mute_issues.md @@ -7,10 +7,10 @@ further_reading: aliases: - /security/cloud_security_management/mute_issues products: - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- @@ -19,7 +19,7 @@ products: There may be times when a misconfiguration, issue, or identity risk doesn't match the use case for your business, or you choose to accept it as a known risk. To ignore them, you can mute the underlying misconfiguration, issue, or identity risk for the impacted resources. -For example, the CSM Misconfigurations rule ['Block Public Access' feature is enabled for S3 bucket][1] evaluates whether an S3 bucket is publicly accessible. If you have an S3 bucket with static assets that are meant to be publicly shared, you can mute the misconfiguration for the S3 bucket. +For example, the Cloud Security Misconfigurations rule ['Block Public Access' feature is enabled for S3 bucket][1] evaluates whether an S3 bucket is publicly accessible. If you have an S3 bucket with static assets that are meant to be publicly shared, you can mute the misconfiguration for the S3 bucket. **Note**: Muting a misconfiguration removes it from the calculation of your posture score. diff --git a/content/en/security/cloud_security_management/review_remediate/workflows.md b/content/en/security/cloud_security_management/review_remediate/workflows.md index 3bc5aff126467..480c5e0108bc7 100644 --- a/content/en/security/cloud_security_management/review_remediate/workflows.md +++ b/content/en/security/cloud_security_management/review_remediate/workflows.md @@ -13,10 +13,10 @@ products: - name: CSM Threats url: /security/threats/ icon: cloud-security-management - - name: CSM Misconfigurations + - name: Cloud Security Misconfigurations url: /security/cloud_security_management/misconfigurations/ icon: cloud-security-management - - name: CSM Identity Risks + - name: Cloud Security Identity Risks url: /security/cloud_security_management/identity_risks/ icon: cloud-security-management --- diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index f0932a45ef81d..2f492c6d29570 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -38,7 +38,7 @@ To get started with Cloud Security, review the following: - [IaC scanning](#iac-scanning) - [IaC remediation](#iac-remediation) - [Deploy via cloud integrations](#deploy-via-cloud-integrations) -- [Disable CSM](#disable-csm) +- [Disable Cloud Security](#disable-csm) - [Further reading](#further-reading) ## Enable Agentless Scanning @@ -61,13 +61,13 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to - CSM Identity Risks + Cloud Security Identity Risks {{< X >}} {{< X >}} - CSM Misconfigurations + Cloud Security Misconfigurations {{< X >}} {{< X >}} {{< X >}} @@ -79,7 +79,7 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to {{< X >}} - CSM Vulnerabilities + Cloud Security Vulnerabilities {{< X >}} {{< X >}} {{< X >}} @@ -120,7 +120,7 @@ For broader coverage and additional functionalities, deploy the Datadog Agent to ### AWS CloudTrail Logs -Maximize the benefits of [CSM Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security][4]. +Maximize the benefits of [Cloud Security Identity Risks][6] with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out [Setting up AWS CloudTrail Logs for Cloud Security][4]. ### IaC scanning @@ -134,11 +134,11 @@ Use IaC remediation with Terraform to create pull requests in GitHub, applying c Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security via Cloud Integrations][7]. -## Disable CSM +## Disable Cloud Security -For information on disabling CSM, see the following: +For information on disabling Cloud Security, see the following: -- [Disable CSM Vulnerabilities][8] +- [Disable Cloud Security Vulnerabilities][8] - [Disable CSM Threats][9] ## Further reading diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md index a8c93c2a5be95..54fd2a9819219 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/_index.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/vulnerabilities" tag: "Documentation" - text: "Read more about CSM Vulnerabilities" + text: "Read more about Cloud Security Vulnerabilities" --- {{< site-region region="gov" >}} @@ -71,7 +71,7 @@ As a result, Agentless Scanning excludes resources from its scans that have the The following diagram illustrates how Agentless scanning works with existing Agent installations: -{{< img src="/security/agentless_scanning/agentless_existing.png" alt="Diagram showing how Agentless scanning works when the Agent is already installed with CSM vulnerability management" width="90%" >}} +{{< img src="/security/agentless_scanning/agentless_existing.png" alt="Diagram showing how Agentless scanning works when the Agent is already installed with Cloud Security vulnerability management" width="90%" >}} ## Cloud Storage scanning diff --git a/content/en/security/cloud_security_management/setup/cloud_integrations.md b/content/en/security/cloud_security_management/setup/cloud_integrations.md index 97757d7c46186..8298075a8a544 100644 --- a/content/en/security/cloud_security_management/setup/cloud_integrations.md +++ b/content/en/security/cloud_security_management/setup/cloud_integrations.md @@ -10,7 +10,7 @@ Use the following instructions to enable Misconfigurations and Identity Risks (C ## Enable resource scanning -To enable resource scanning for your cloud accounts, you must first set up the integration and then enable CSM for each AWS account, Azure subscription, and Google Cloud project. +To enable resource scanning for your cloud accounts, you must first set up the integration and then enable Cloud Security for each AWS account, Azure subscription, and Google Cloud project. {{< partial name="security-platform/CSW-billing-note.html" >}} diff --git a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md index f34788abc4860..c52a7bb623712 100644 --- a/content/en/security/cloud_security_management/setup/cloudtrail_logs.md +++ b/content/en/security/cloud_security_management/setup/cloudtrail_logs.md @@ -2,7 +2,7 @@ title: Setting up AWS CloudTrail Logs for Cloud Security --- -Set up AWS CloudTrail Logs to get the most out of [CSM Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. +Set up AWS CloudTrail Logs to get the most out of [Cloud Security Identity Risks][1]. AWS CloudTrail Logs provides additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. ## Set up AWS integration using CloudFormation diff --git a/content/en/security/cloud_security_management/setup/iac_remediation.md b/content/en/security/cloud_security_management/setup/iac_remediation.md index a868a2e6a5772..9cb05981a86a5 100644 --- a/content/en/security/cloud_security_management/setup/iac_remediation.md +++ b/content/en/security/cloud_security_management/setup/iac_remediation.md @@ -8,13 +8,13 @@ further_reading: text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: "CSM Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks" tag: "Guide" - text: "CSM Identity Risks" + text: "Cloud Security Identity Risks" --- -Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security. IaC remediation is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security. IaC remediation is available for [Cloud Security Misconfigurations][1] and [Cloud Security Identity Risks][2].
Static IaC remediation supports GitHub for version control and Terraform for infrastructure as code.
@@ -29,7 +29,7 @@ Follow [the instructions][3] for creating a GitHub app for your organization. After you set up the GitHub integration, enable IaC remediation for the repositories in your GitHub account. -1. On the [CSM Setup page][4], expand the **Source Code Integrations** section. +1. On the [Cloud Security Setup page][4], expand the **Source Code Integrations** section. 2. Click **Configure** for the GitHub account you want to configure. 3. To enable IaC: - All repositories: Toggle **Enable Infrastructure as Code (IaC) Remediation** to the on position. diff --git a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md index 534927c58bb79..4ff44cb7de5a2 100644 --- a/content/en/security/cloud_security_management/setup/iac_scanning/_index.md +++ b/content/en/security/cloud_security_management/setup/iac_scanning/_index.md @@ -6,17 +6,17 @@ further_reading: text: "Setting up Cloud Security" - link: "/security/cloud_security_management/misconfigurations" tag: "Documentation" - text: "CSM Misconfigurations" + text: "Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks" tag: "Guide" - text: "CSM Identity Risks" + text: "Cloud Security Identity Risks" --- {{< callout url="https://www.datadoghq.com/product-preview/iac-security/" >}} Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security. IaC scanning is available for [CSM Misconfigurations][1] and [CSM Identity Risks][2]. +Use the following instructions to enable Infrastructure as Code (IaC) scanning for Cloud Security. IaC scanning is available for [Cloud Security Misconfigurations][1] and [Cloud Security Identity Risks][2].
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
@@ -31,7 +31,7 @@ Follow [the instructions][3] for creating a GitHub app for your organization. After you set up the GitHub integration, enable IaC scanning for the repositories in your GitHub account. -1. On the [CSM Setup page][4], expand the **Source Code Integrations** section. +1. On the [Cloud Security Setup page][4], expand the **Source Code Integrations** section. 2. Click **Configure** for the GitHub account you want to configure. 3. To enable IaC: - All repositories: Toggle **Enable Infrastructure as Code (IaC) Scanning** to the on position. diff --git a/content/en/security/cloud_security_management/setup/supported_deployment_types.md b/content/en/security/cloud_security_management/setup/supported_deployment_types.md index 64b7c5b72d811..5549997e7805d 100644 --- a/content/en/security/cloud_security_management/setup/supported_deployment_types.md +++ b/content/en/security/cloud_security_management/setup/supported_deployment_types.md @@ -4,9 +4,9 @@ title: Cloud Security Supported Deployment Types {{< partial name="security-platform/CSW-billing-note.html" >}} -The following table summarizes the CSM features available relative to each deployment type. +The following table summarizes the Cloud Security features available relative to each deployment type. -| Deployment type | Agent Required (7.46+) | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless Scanning | +| Deployment type | Agent Required (7.46+) | Cloud Security Misconfigurations | CSM Threats | Cloud Security Vulnerabilities | Cloud Security Identity Risks | Cloud Security Agentless Scanning | |---------------------|------------------------|-----------------------|-------------|------------------------------|--------------------|------------------------| | AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | | Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | @@ -19,8 +19,8 @@ The following table summarizes the CSM features available relative to each deplo | Windows | {{< X >}} | | {{< X >}} | {{< X >}} | | | | AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | -The following table summarizes the scope of coverage available relative to each CSM feature. -| Resources monitored | CSM Misconfigurations | CSM Threats | CSM Vulnerabilities | CSM Identity Risks | CSM Agentless scanning | +The following table summarizes the scope of coverage available relative to each Cloud Security feature. +| Resources monitored | Cloud Security Misconfigurations | CSM Threats | Cloud Security Vulnerabilities | Cloud Security Identity Risks | Cloud Security Agentless scanning | |---------------------------------|-----------------------|-------------|---------------------|--------------------|------------------------| | Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | | Resources in Azure Subscription | {{< X >}} | | | | | @@ -33,7 +33,7 @@ The following table summarizes the scope of coverage available relative to each | Container Image | | | {{< X >}} | | {{< X >}} | | IAM in AWS Account | | | | {{< X >}} | | -**Note**: CSM Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. +**Note**: Cloud Security Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. [1]: /security/cloud_security_management/setup/#csm-threats [2]: /security/cloud_security_management/setup/#csm-vulnerabilities diff --git a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md index 822b19b212ba7..30b689df1fed2 100644 --- a/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md +++ b/content/en/security/cloud_security_management/setup/without_infrastructure_monitoring.md @@ -1,13 +1,13 @@ --- -title: Setting Up CSM without Infrastructure Monitoring +title: Setting Up Cloud Security without Infrastructure Monitoring --- In addition to setting up Cloud Security with or without an Agent, you can also set it up without Infrastructure Monitoring. -## Set up CSM on your AWS account +## Set up Cloud Security on your AWS account 1. Navigate to the [AWS Integration configuration page][2] in Datadog. -1. On the **Configuration** tab, select the account you want to enable CSM on. +1. On the **Configuration** tab, select the account you want to enable Cloud Security on. If you don't see the required account, add it by clicking **Add AWS Account(s)** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account number, navigate to the **Metric Collection** tab, then click the **disable metric collection** link. Then, click **Disable Metric Collection** to confirm. @@ -15,12 +15,12 @@ In addition to setting up Cloud Security with or without an Agent, you can also 1. On the setup dialog, switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. -## Set up CSM on your Azure subscription +## Set up Cloud Security on your Azure subscription 1. Navigate to the [Azure Integration configuration page][3] in Datadog. -1. Select the client ID or subscription you want to enable CSM on. +1. Select the client ID or subscription you want to enable Cloud Security on. If you don't see the required client ID, add it by clicking **Add New App Registration** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the client ID, navigate to the **Metric Collection** tab, then turn off the **Enable Metric Collection** toggle. @@ -28,12 +28,12 @@ In addition to setting up Cloud Security with or without an Agent, you can also 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. -## Set up CSM on your Google Cloud Platform account +## Set up Cloud Security on your Google Cloud Platform account 1. Navigate to the [Google Cloud Platform configuration page][4] in Datadog. -1. Select the service account you want to enable CSM on. +1. Select the service account you want to enable Cloud Security on. If you don't see the required account, add it by clicking **Add GCP Account** and following the onscreen prompts. 1. To turn off infrastructure monitoring on the selected account, under the account name, navigate to the **Metric Collection** tab. Then, above the Metric Collection table, click **Disable All**. @@ -41,7 +41,7 @@ In addition to setting up Cloud Security with or without an Agent, you can also 1. Switch the **Resource Scanning** toggle to the on position. 1. Click **Done** to complete the setup. -**Note**: In your CSM settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. +**Note**: In your Cloud Security settings, set up [resource evaluation filters][1] to limit the number of hosts you need security on. [1]: /security/cloud_security_management/guide/resource_evaluation_filters/ [2]: https://app.datadoghq.com/integrations/amazon-web-services diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 641eb2326719d..a9217e6e5ac82 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -3,20 +3,20 @@ title: Severity Scoring further_reading: - link: "/security/cloud_security_management/misconfigurations/" tag: "Documentation" - text: "Start tracking misconfigurations with CSM Misconfigurations" + text: "Start tracking misconfigurations with Cloud Security Misconfigurations" - link: "/security/cloud_security_management/identity_risks/" tag: "Documentation" - text: "Understand your identity landscape with CSM Identity Risks" + text: "Understand your identity landscape with Cloud Security Identity Risks" - link: "/security/cloud_security_management/vulnerabilities/" tag: "Documentation" - text: "Learn more about CSM Vulnerabilities" + text: "Learn more about Cloud Security Vulnerabilities" --- Accurate severity scores help security teams understand the risks that vulnerabilities pose to their environment. This guide explains how Cloud Security uses different measures of severity to calculate the scores. -## CSM severity scoring framework +## Cloud Security severity scoring framework -CSM Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. +Cloud Security Misconfigurations, Cloud Security Identity Risks, and Security Inbox misconfigurations use the Cloud Security severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. ### Likelihood @@ -86,7 +86,7 @@ To explain how the framework is used here are a few examples. The detection rule for [SNS Topic should have access restrictions set for subscription][1] checks if the SNS topic has a resource-based policy that contains a `Principal` of `*`, and an `Action` with the `sns:Subscribe` permission. This combination gives anyone the ability to subscribe to the SNS topic and receive its notifications. -Using the CSM severity scoring framework, the rule would be scored as follows: +Using the Cloud Security severity scoring framework, the rule would be scored as follows: - **Likelihood score**: Highly Probable - **Attack vector**: No Authorization @@ -102,7 +102,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: The detection rule for [EC2 instances should enforce IMDSv2][2] checks if an EC2 instance is using the Instance Metadata Service Version 1 ([IMDSv1][3]), which is vulnerable to common web application attacks. If exploited, an adversary can obtain access to the IAM credentials stored in the IMDS and use them to access resources in the AWS account. -Using the CSM severity scoring framework, the rule would be scored as follows: +Using the Cloud Security severity scoring framework, the rule would be scored as follows: - **Likelihood score**: Possible - **Attack vector**: Vulnerability @@ -116,7 +116,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: ## CVSS 3.1 -CSM Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: +Cloud Security Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: - Whether the underlying infrastructure is running and how wide-spread the impact is. - The environment in which the underlying infrastructure is running. For example, if the environment is not production, the severity is downgraded. diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 5668fc67ad03b..c40a79e48c831 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/security/cloud_security_management/troubleshooting/vulnerabilities" tag: "Documentation" - text: "Troubleshooting CSM Vulnerabilities" + text: "Troubleshooting Cloud Security Vulnerabilities" --- If you experience issues with Cloud Security Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. @@ -113,7 +113,7 @@ DD_RUNTIME_SECURITY_CONFIG_ENABLED=false Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime config: -1. Disable CSM in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +1. Disable Cloud Security in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="system-probe.yaml" disable_copy="false" collapsible="true" >}} ########################################## @@ -126,7 +126,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime runtime_security_config: ## @param enabled - boolean - optional - default: false - ## Set to true to enable full CSM. + ## Set to true to enable full Cloud Security. # enabled: false @@ -139,7 +139,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime # # socket: /opt/datadog-agent/run/runtime-security.sock {{< /code-block >}} -2. Disable CSM in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +2. Disable Cloud Security in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="security-agent.yaml" disable_copy="false" collapsible="true" >}} ########################################## diff --git a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md index 35f6b5452b393..ead4f8d5da118 100644 --- a/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md +++ b/content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md @@ -5,7 +5,7 @@ aliases: further_reading: - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/setup/csm_enterprise/?tab=aws#hosts" tag: "Documentation" text: "Setting up host vulnerabilities" @@ -61,7 +61,7 @@ unable to mount containerd image, err: unable to scan image named: {image-name}, The workaround for this issue is to disable image streaming in GKE. For more information, see the [Disable Image streaming][5] section of the GKE docs. -## Disable CSM Vulnerabilities +## Disable Cloud Security Vulnerabilities In the `datadog-values.yaml` file for the Agent, set the following configuration settings to `false`: diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index bd3f24ecd863e..b9bc48511bced 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -6,7 +6,7 @@ aliases: further_reading: - link: "/infrastructure/containers/container_images/#enable-sbom-collection" tag: "Documentation" - text: "Enable SBOM collection in CSM Vulnerabilities" + text: "Enable SBOM collection in Cloud Security Vulnerabilities" - link: "/security/cloud_security_management/setup/csm_enterprise/?tab=aws#hosts" tag: "Documentation" text: "Setting up host vulnerabilities" @@ -15,7 +15,7 @@ further_reading: text: "Viewing Container Images" - link: "/security/cloud_security_management/troubleshooting/vulnerabilities" tag: "Documentation" - text: "Troubleshooting CSM Vulnerabilities" + text: "Troubleshooting Cloud Security Vulnerabilities" - link: "https://www.datadoghq.com/blog/datadog-container-image-view/" tag: "Blog" text: "Enhance your troubleshooting workflow with Container Images in Datadog Container Monitoring" @@ -31,7 +31,7 @@ Request access by }} +{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerability Explorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} ## Automation and Jira integration -Make CSM Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: +Make Cloud Security Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: - Get alerted upon detection of an exploitable vulnerability for your scope - Automatically create Jira tickets - Configure SLAs to remediate vulnerabilities @@ -108,9 +108,9 @@ Make CSM Vulnerabilities part of your daily workflow by setting up [security not {{< img src="security/vulnerabilities/csm-notifications.png" alt="The notification rule setup screen" width="100%">}} ## Tracking and reporting -Use the out-of-the-box [CSM Vulnerabilities dashboard][18] to track and report progress to stakeholders. Clone and modify it as needed to fit your unique needs. +Use the out-of-the-box [Cloud Security Vulnerabilities dashboard][18] to track and report progress to stakeholders. Clone and modify it as needed to fit your unique needs. -{{< img src="security/vulnerabilities/csm-vm-reporting.png" alt="The CSM Vulnerabilities dashboard" width="100%">}} +{{< img src="security/vulnerabilities/csm-vm-reporting.png" alt="The Cloud Security Vulnerabilities dashboard" width="100%">}} ## Explore infrastructure packages @@ -122,9 +122,9 @@ Quickly assess the impact of a critical emerging vulnerability by searching for ## Video walkthrough -The following video provides an overview of how to enable and use CSM Vulnerabilities: +The following video provides an overview of how to enable and use Cloud Security Vulnerabilities: -{{< img src="security/csm/how-to-use-csm-vulnerabilities.mp4" alt="Video that provides an overview of how to install and use CSM Vulnerabilities" video=true >}} +{{< img src="security/csm/how-to-use-csm-vulnerabilities.mp4" alt="Video that provides an overview of how to install and use Cloud Security Vulnerabilities" video=true >}} [1]: https://app.datadoghq.com/security/csm/vm [2]: https://app.datadoghq.com/containers/images diff --git a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md index ac1d5dfcae114..47c28074abed3 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md +++ b/content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md @@ -1,5 +1,5 @@ --- -title: CSM Vulnerabilities Hosts and Containers Compatibility +title: Cloud Security Vulnerabilities Hosts and Containers Compatibility --- ## Operating systems diff --git a/content/en/security/cloud_siem/entities_and_risk_scoring.md b/content/en/security/cloud_siem/entities_and_risk_scoring.md index 3021878db3e9a..da9f73e95c421 100644 --- a/content/en/security/cloud_siem/entities_and_risk_scoring.md +++ b/content/en/security/cloud_siem/entities_and_risk_scoring.md @@ -8,7 +8,7 @@ further_reading: ## Overview -[Cloud SIEM's Risk Insights][4] consolidates multiple data sources, such as SIEM threats and CSM insights, into a profile representing a single security entity, such as an IAM user. +[Cloud SIEM's Risk Insights][4] consolidates multiple data sources, such as SIEM threats and Cloud Security insights, into a profile representing a single security entity, such as an IAM user. With Risk Insights, you can: @@ -20,7 +20,7 @@ With Risk Insights, you can: ## Prerequisites - For Risk Insights coverage, either [GCP][5] or [AWS must be configured for Cloud SIEM][1]. -- (Optional) To view associated Cloud Security insights in the entity panel, [CSM must be configured][2]. +- (Optional) To view associated Cloud Security insights in the entity panel, [Cloud Security must be configured][2]. ## Explore risk insights diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 9203cc2708a8b..055ca5a82914d 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -42,9 +42,9 @@ Out-of-the box rules are available for the following security products: - [Cloud SIEM][3] uses log detection to analyze ingested logs in real-time. - Cloud Security: - - [CSM Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. + - [Cloud Security Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [CSM Threats][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - - [CSM Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. + - [Cloud Security Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. - [Application Security Management][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules @@ -73,7 +73,7 @@ For detailed instructions, see the following articles: - [Cloud SIEM][11] - [ASM][12] -- [CSM Misconfigurations][13] +- [Cloud Security Misconfigurations][13] - [CSM Threats][14] ## Manage detection rules @@ -120,7 +120,7 @@ Use Rule Version History to: To see the version history of a rule: 1. Navigate to the [Security Settings][15] page. In the left navigation panel: - For ASM: Click **Application Security** and then click **Detection Rules**. - - For CSM: Click **Cloud Security** and then click **Threat Detection Rules**. + - For Cloud Security: Click **Cloud Security** and then click **Threat Detection Rules**. - For Cloud SIEM: Click **Cloud SIEM** and then click **Detection Rules**. 1. Click on the rule you are interested in. 1. In the rule editor, click **Version History** to see past changes. @@ -151,7 +151,7 @@ The rule deprecation process is as follows: 1. There is a warning with the deprecation date on the rule. In the UI, the warning is shown in the: - Signal side panel's **Rule Details > Playbook** section - - Misconfigurations side panel (CSM Misconfigurations only) + - Misconfigurations side panel (Cloud Security Misconfigurations only) - [Rule editor][10] for that specific rule 2. Once the rule is deprecated, there is a 15 month period before the rule is deleted. This is due to the signal retention period of 15 months. During this time, you can re-enable the rule by [cloning the rule](#clone-a-rule) in the UI. 3. Once the rule is deleted, you can no longer clone and re-enable it. diff --git a/content/en/security/guide/aws_fargate_config_guide.md b/content/en/security/guide/aws_fargate_config_guide.md index 2bbca58f54fa8..e323ca2ed06a6 100644 --- a/content/en/security/guide/aws_fargate_config_guide.md +++ b/content/en/security/guide/aws_fargate_config_guide.md @@ -7,12 +7,12 @@ aliases: further_reading: - link: "https://www.datadoghq.com/blog/threat-detection-fargate/" tag: "Blog" - text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog CSM" + text: "Get real-time threat detection for AWS Fargate ECS and EKS environments with Datadog Cloud Security" --- This guide walks you through configuring [Cloud Security][3], [Software Composition Analysis (SCA)][22], [Threat Detection and Protection (ASM)][4], and [Cloud SIEM][5] on AWS Fargate. -{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how CSM, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} +{{< img src="security/datadog_security_coverage_aws_fargate.png" alt="Flow chart showing how Cloud Security, ASM, and Cloud SIEM are configured on AWS Fargate" width="90%">}} ## Full stack coverage for AWS Fargate @@ -333,11 +333,11 @@ spec: {{% /tab %}} {{< /tabs >}} -### Verify that the Agent is sending events to CSM +### Verify that the Agent is sending events to Cloud Security -When you enable CSM on AWS Fargate ECS or EKS, the Agent sends an agent event to Datadog to confirm that the default ruleset has been successfully deployed. To view the agent event, navigate to the [Agent Events][9] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. +When you enable Cloud Security on AWS Fargate ECS or EKS, the Agent sends an agent event to Datadog to confirm that the default ruleset has been successfully deployed. To view the agent event, navigate to the [Agent Events][9] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. -
You can also verify the Agent is sending events to CSM by manually triggering an AWS Fargate security signal.
+
You can also verify the Agent is sending events to Cloud Security by manually triggering an AWS Fargate security signal.
In the task definition, replace the "workload" container with the following: diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 140b468edfba6..7e92baa1382a1 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -32,8 +32,8 @@ Security Inbox provides a consolidated, actionable list of your most important s The findings that appear in Security Inbox are generated from Application Security Management (ASM) and Cloud Security. By default, these include the following types of findings: -- A curated set of [misconfigurations][1] for [CSM Misconfigurations][2], compiled by Datadog Security Research. -- A curated set of [identity risks][1] for [CSM Identity Risks][3], compiled by Datadog Security Research. +- A curated set of [misconfigurations][1] for [Cloud Security Misconfigurations][2], compiled by Datadog Security Research. +- A curated set of [identity risks][1] for [Cloud Security Identity Risks][3], compiled by Datadog Security Research. - Application library vulnerabilities for [Software Composition Analysis(SCA)][4]. All high and critical application library vulnerabilities on production services under attack appear in the inbox. - Application code vulnerabilities for [Code Security vulnerabilities][5]. All high and critical application code vulnerabilities appear in the inbox. - [Attack Paths][1]. An attack path outlines a series of interconnected misconfigurations, container image, host, and application vulnerabilities that malicious actors could leverage to gain unauthorized access, escalate privileges, or compromise sensitive data in your cloud environment. All attack paths are listed in Security Inbox by default. diff --git a/content/en/security/threats/_index.md b/content/en/security/threats/_index.md index 3cc24fbbc9bc2..0cc44405b60a5 100644 --- a/content/en/security/threats/_index.md +++ b/content/en/security/threats/_index.md @@ -48,7 +48,7 @@ Use template variables and Markdown to [customize notification messages][5]. Edi Investigate and triage security signals in the [Signals Explorer][8]. View detailed information about the impacted files or processes, related signals and logs, and remediation steps. -{{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} +{{< img src="security/cws/signals_explorer.png" alt="Cloud Security Signals Explorer page" width="100%">}} {{< callout url="https://docs.google.com/forms/d/e/1FAIpQLSfzQARsTPr3tiJDnS_4bGx7w35LDfAbGUggaUzHYoL0dIUMWQ/viewform" btn_hidden="false" header="Active Protection">}} diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index 7b77b78fe8279..aefe7cbfd79da 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -17,7 +17,7 @@ further_reading: To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security. -{{< img src="security/cws/signals_explorer.png" alt="CSM Signals Explorer page" width="100%">}} +{{< img src="security/cws/signals_explorer.png" alt="Cloud Security Signals Explorer page" width="100%">}} ## Filter security signals diff --git a/content/en/security/threats/workload_security_rules/custom_rules.md b/content/en/security/threats/workload_security_rules/custom_rules.md index 9ff1cd0446049..656a401df9e73 100644 --- a/content/en/security/threats/workload_security_rules/custom_rules.md +++ b/content/en/security/threats/workload_security_rules/custom_rules.md @@ -103,7 +103,7 @@ You can create custom rules using these methods: ## Create the custom Agent and detection rules together -CSM custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. +Cloud Security custom Agent rules are grouped into policies. Policies group Agent rules to help you apply multiple rules more efficiently. ## Create the custom Agent and detection rules together diff --git a/content/en/security/upcoming_changes_notification_rules.md b/content/en/security/upcoming_changes_notification_rules.md index 60d688c575562..8117f0b65477d 100644 --- a/content/en/security/upcoming_changes_notification_rules.md +++ b/content/en/security/upcoming_changes_notification_rules.md @@ -14,26 +14,26 @@ This article outlines upcoming changes to how [notification rules][1] are config Note that for the time being, the changes will only affect how you get notified after manually upgrading a notification rule, or after the final deprecation date is reached (early 2025). -## Signals deprecation for CSM Misconfigurations +## Signals deprecation for Cloud Security Misconfigurations -Until today, notifications for [CSM Misconfigurations][2] would only be sent out for detection rules that have signals enabled, as shown in the following diagram: +Until today, notifications for [Cloud Security Misconfigurations][2] would only be sent out for detection rules that have signals enabled, as shown in the following diagram: **Previous workflow**: -{{< img src="security/csm/notification_rules_old_workflow.png" alt="Diagram that shows the current workflow for enabling notifications for CSM Misconfigurations" width="80%">}} +{{< img src="security/csm/notification_rules_old_workflow.png" alt="Diagram that shows the current workflow for enabling notifications for Cloud Security Misconfigurations" width="80%">}} As part of the upcoming changes to notification rules, you are no longer required to enable signals in order to generate notifications. The new workflow is shown in the following diagram: **New workflow**: -{{< img src="security/csm/notification_rules_new_workflow.png" alt="Diagram that shows the new workflow for enabling notifications for CSM Misconfigurations" width="100%">}} +{{< img src="security/csm/notification_rules_new_workflow.png" alt="Diagram that shows the new workflow for enabling notifications for Cloud Security Misconfigurations" width="100%">}} -This change has the following impact on how notifications are generated for CSM Misconfigurations: +This change has the following impact on how notifications are generated for Cloud Security Misconfigurations: 1. You will now be able to specify misconfiguration as a source type when creating notification rules. 2. You will now be able to choose whether you want to get notified for every new issue matching your query, or if you want to receive periodic notifications that summarize the new findings. -3. Signals are no longer generated for CSM Misconfigurations. This also means that notifications can no longer be enabled and configured at the detection rule level. -4. Support for CSM Misconfigurations signals will be deprecated in early 2025. Legacy signals will be retained for 15 months from their trigger date (free of charge). +3. Signals are no longer generated for Cloud Security Misconfigurations. This also means that notifications can no longer be enabled and configured at the detection rule level. +4. Support for Cloud Security Misconfigurations signals will be deprecated in early 2025. Legacy signals will be retained for 15 months from their trigger date (free of charge).
While there will be no immediate change in behavior, depending on how you configure your new notification rules, you may notice an increase in the number of notifications generated. If the conditions set in a notification rule results in a high number of notifications, a warning message is displayed in the Preview of Matching Results panel. To help control noise, you can refine your query and use the new time aggregation mechanism. At this time, this feature is only available for vulnerabilities.
@@ -49,7 +49,7 @@ When you create a notification rule, you are now required to choose between two ## Additional changes - Notification rules can now be configured for identity risks and attack paths, as well as container image vulnerabilities. -- CSM Misconfigurations notifications now contain the full finding metadata. Previously, the notification contained only limited signal metadata. +- Cloud Security Misconfigurations notifications now contain the full finding metadata. Previously, the notification contained only limited signal metadata. - Terraformed custom detection rules using the legacy notifications attribute will no longer be supported after the final deprecation date (early 2025). Terraform support for Notification Rules will be available in late 2024. ## How to migrate existing notifications diff --git a/layouts/shortcodes/csm-agentless-prereqs.en.md b/layouts/shortcodes/csm-agentless-prereqs.en.md index 99cbae983bf3f..5009236e50c65 100644 --- a/layouts/shortcodes/csm-agentless-prereqs.en.md +++ b/layouts/shortcodes/csm-agentless-prereqs.en.md @@ -7,7 +7,7 @@ To deploy Agentless scanning in your AWS environment, in addition to having [Clo [Remote Configuration][1] (enabled by [default][2] as of **April 8th, 2024**) is required to allow Datadog to send information to Agentless scanners, such as which cloud resources should be scanned. If Remote Configuration has not been enabled for your organization, navigate to your [Organization Settings in Datadog][4] and follow [steps 1-4][2] in the Remote Configuration docs. -**Note**: CSM-enabled AWS accounts that have scanners deployed require Remote-config enabled API keys. +**Note**: Cloud Security-enabled AWS accounts that have scanners deployed require Remote-config enabled API keys. ### Permissions diff --git a/layouts/shortcodes/csm-prereqs-pro.en.md b/layouts/shortcodes/csm-prereqs-pro.en.md index e7bbc5d4dc19c..f38c225814be8 100644 --- a/layouts/shortcodes/csm-prereqs-pro.en.md +++ b/layouts/shortcodes/csm-prereqs-pro.en.md @@ -1,13 +1,13 @@ Datadog Agent `7.46` or later installed on your hosts or containers. -### CSM Vulnerabilities +### Cloud Security Vulnerabilities | Component | Version/Requirement | | ------------------------ | ----------------------------------------| | [Helm Chart][102] | v3.49.6 or later (Kubernetes only) | | [containerd][103] | v1.5.6 or later (Kubernetes and hosts only)| -**Note**: CSM Vulnerabilities is **not** available for the following environments: +**Note**: Cloud Security Vulnerabilities is **not** available for the following environments: - Windows - AWS Fargate diff --git a/layouts/shortcodes/csm-prereqs.en.md b/layouts/shortcodes/csm-prereqs.en.md index e52203a0236c3..1b69861cae181 100644 --- a/layouts/shortcodes/csm-prereqs.en.md +++ b/layouts/shortcodes/csm-prereqs.en.md @@ -19,27 +19,27 @@ CSM Threats supports the following Linux distributions: - For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting page][102]. - Data collection is done using eBPF, so Datadog minimally requires platforms that have underlying Linux kernel versions of 4.15.0+ or have eBPF features backported. -### CSM Vulnerabilities +### Cloud Security Vulnerabilities | Component | Version/Requirement | | ------------------------ | ----------------------------------------| | [Helm Chart][103] | v3.49.6 or later (Kubernetes only) | | [containerd][104] | v1.5.6 or later (Kubernetes and hosts only)| -**Note**: CSM Vulnerabilities is **not** available for the following container runtimes: +**Note**: Cloud Security Vulnerabilities is **not** available for the following container runtimes: - CRI-O runtime - podman runtime -### CSM Identity Risks +### Cloud Security Identity Risks -
Note: At this time, CSM Identity Risks is available for AWS only.
+
Note: At this time, Cloud Security Identity Risks is available for AWS only.
-To use CSM Identity Risks, you must [enable resource collection for AWS][105]. If you've already done this, no additional setup is required. +To use Cloud Security Identity Risks, you must [enable resource collection for AWS][105]. If you've already done this, no additional setup is required. **Notes**: -- If you've [enabled CSM Misconfigurations for your AWS accounts][106], you already have cloud resource collection enabled. +- If you've [enabled Cloud Security Misconfigurations for your AWS accounts][106], you already have cloud resource collection enabled. - Although not required, when you [enable CloudTrail logs forwarding][107], you get additional insights based on the actual usage (or non-usage) of resources in your infrastructure, for example, users and roles with significant gaps between provisioned and used permissions. [102]: /security/cloud_security_management/troubleshooting diff --git a/layouts/shortcodes/csm-setup-aws.en.md b/layouts/shortcodes/csm-setup-aws.en.md index e311b54e58038..12cb1511cd844 100644 --- a/layouts/shortcodes/csm-setup-aws.en.md +++ b/layouts/shortcodes/csm-setup-aws.en.md @@ -2,13 +2,13 @@ If you haven't already, set up the [Amazon Web Services integration][1]. You must also [enable resource collection][2] by attaching the AWS-managed SecurityAudit Policy to the Datadog IAM role in your AWS account. -### Enable CSM for your AWS accounts +### Enable Cloud Security for your AWS accounts 1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 1. Expand the **AWS** section. 1. To enable resource scanning for an account, click the **Plus** button, then switch the **Enable Resource Scanning** toggle to the on position. 1. Click **Done**. -1. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][5]. +1. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][5]. 1. Click **Done**. [1]: https://docs.datadoghq.com/integrations/amazon_web_services/ diff --git a/layouts/shortcodes/csm-setup-azure.en.md b/layouts/shortcodes/csm-setup-azure.en.md index 7eb47f01629e4..0597aef9add54 100644 --- a/layouts/shortcodes/csm-setup-azure.en.md +++ b/layouts/shortcodes/csm-setup-azure.en.md @@ -4,12 +4,12 @@ If you haven't already, set up the [Microsoft Azure integration][1]. **Note**: To access the full set of Azure compliance rules—including [Identity Risks][5]—you must enable the `Application.Read.All`, `Directory.Read.All`, `Group.Read.All`, `Policy.Read.All`, and `User.Read.All` permissions for the [Microsoft Graph API][2]. -### Enable CSM for your Azure subscriptions +### Enable Cloud Security for your Azure subscriptions 1. On the [**Cloud Security Setup**][3] page, click **Cloud Integrations**. 2. Expand the **Azure** section. 3. To enable resource scanning for a subscription, switch the **Resource Scanning** toggle to the on position. -4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][4]. +4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][4]. 5. Click **Done**. [1]: https://docs.datadoghq.com/integrations/azure diff --git a/layouts/shortcodes/csm-setup-google-cloud.en.md b/layouts/shortcodes/csm-setup-google-cloud.en.md index 62fa46734783c..a9831ccba624d 100644 --- a/layouts/shortcodes/csm-setup-google-cloud.en.md +++ b/layouts/shortcodes/csm-setup-google-cloud.en.md @@ -13,12 +13,12 @@ The Datadog Google Cloud Platform integration uses service accounts to create an - Repeat the process above to use multiple service accounts. - Use the same service account by updating the `project_id` in the downloaded JSON file. Then, upload the file to Datadog as described in steps 1-3. -### Enable CSM for your Google Cloud projects +### Enable Cloud Security for your Google Cloud projects 1. On the [**Cloud Security Setup**][2] page, click **Cloud Integrations**. 2. Expand the **GCP** section. 3. To enable resource scanning for a project, switch the **Resource Scanning** toggle to the on position. -4. To create a filter that excludes certain resources from being evaluated by CSM, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][11]. +4. To create a filter that excludes certain resources from being evaluated by Cloud Security, click the **Plus** (+) icon under **Resource Evaluation Filters (Optional)**. For more information, see [Use Filters to Exclude Resources from Evaluation][11]. 5. Click **Done**. [1]: https://docs.datadoghq.com/integrations/google_cloud_platform diff --git a/layouts/shortcodes/csm-windows-setup.en.md b/layouts/shortcodes/csm-windows-setup.en.md index 7dddef39cc201..6cd8e58e9116a 100644 --- a/layouts/shortcodes/csm-windows-setup.en.md +++ b/layouts/shortcodes/csm-windows-setup.en.md @@ -43,7 +43,7 @@ It can take up to 15 minutes to complete the installation. In certain cases, Mic ## Configuration -### Enable CSM +### Enable Cloud Security 1. Ensure you have access to `C:\ProgramData`, which is a hidden folder. - In **File Explorer**, click the **View** tab, and clear the **Hidden items** checkbox. The **ProgramData** folder should now be visible when navigating to the `C:` drive. The transparent icon indicates it is a hidden folder. @@ -57,16 +57,16 @@ It can take up to 15 minutes to complete the installation. In certain cases, Mic runtime_security_config: enabled: true ``` -4. [Restart the Datadog Agent][6] to enable CSM. +4. [Restart the Datadog Agent][6] to enable Cloud Security. -### Verify that the Agent is sending events to CSM +### Verify that the Agent is sending events to Cloud Security -When you enable CSM on Windows, the Agent sends a log to Datadog to confirm that the Windows default ruleset has been successfully deployed. To view the log, navigate to the [**Logs**][7] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. +When you enable Cloud Security on Windows, the Agent sends a log to Datadog to confirm that the Windows default ruleset has been successfully deployed. To view the log, navigate to the [**Logs**][7] page in Datadog and search for `@agent.rule_id:ruleset_loaded`. -Another method to verify that the Agent is sending events to CSM is to manually trigger a Windows security signal. +Another method to verify that the Agent is sending events to Cloud Security is to manually trigger a Windows security signal. 1. In Windows, open a command prompt as Administrator and run the command `schtasks /create /?`. -2. In Datadog, navigate to the [CSM Signals Explorer][8] to view the generated Windows signals. +2. In Datadog, navigate to the [Cloud Security Signals Explorer][8] to view the generated Windows signals. - To view signals originating from configured Windows hosts, filter the signals by hostname using the **Hosts** > **Hostnames** facet. - To filter by Windows rules, use the **Workflow** > **Rule Name** facet. @@ -86,7 +86,7 @@ To get alerts whenever a Windows signal is created, create a [Notification Rule] runtime_security_config: fim_enabled: true ``` -1. [Restart the Datadog Agent][6] to enable CSM. +1. [Restart the Datadog Agent][6] to enable Cloud Security. ### Enable Vulnerability scanning @@ -101,7 +101,7 @@ To get alerts whenever a Windows signal is created, create a [Notification Rule] enabled: true ``` -4. [Restart the Datadog Agent][6] to enable CSM Vulnerability Management. +4. [Restart the Datadog Agent][6] to enable Cloud Security Vulnerability Management. [1]: /security/cloud_security_management/ [2]: /network_monitoring/performance/setup/?tab=agentwindows#setup From b58cc1c88840e8a855e75d2501f2cbeb53f837e9 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 12:43:18 -0600 Subject: [PATCH 12/28] Fix anchors --- .../getting_started/security/cloud_security_management.md | 4 ++-- content/en/security/_index.md | 2 +- .../en/security/cloud_security_management/setup/_index.md | 6 +++--- .../setup/supported_deployment_types.md | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 50c3c749bdd02..70e58b65e4082 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -88,6 +88,6 @@ For information on disabling Cloud Security, see the following: [29]: https://app.datadoghq.com/security/identities [30]: https://app.datadoghq.com/security/infra-vulnerability [31]: https://app.datadoghq.com/security/configuration/reports -[32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities -[33]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats +[32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities +[33]: /security/cloud_security_management/troubleshooting/threats/#disable-cloud-security-threats [34]: /security/cloud_security_management/setup/cloud_integrations \ No newline at end of file diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 7fcf2f31442b5..c7ee618cbd22a 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -87,7 +87,7 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security). To learn more, check out the [30-second Product Guided Tour][14]. ## Application Security diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 2f492c6d29570..16abc1435edfd 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -38,7 +38,7 @@ To get started with Cloud Security, review the following: - [IaC scanning](#iac-scanning) - [IaC remediation](#iac-remediation) - [Deploy via cloud integrations](#deploy-via-cloud-integrations) -- [Disable Cloud Security](#disable-csm) +- [Disable Cloud Security](#disable-cloud-security) - [Further reading](#further-reading) ## Enable Agentless Scanning @@ -152,6 +152,6 @@ For information on disabling Cloud Security, see the following: [5]: /security/cloud_security_management/setup/iac_remediation [6]: /security/cloud_security_management/identity_risks [7]: /security/cloud_security_management/setup/cloud_accounts -[8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities -[9]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats +[8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities +[9]: /security/cloud_security_management/troubleshooting/threats/#disable-cloud-security-threats [10]: /security/cloud_security_management/setup/iac_scanning \ No newline at end of file diff --git a/content/en/security/cloud_security_management/setup/supported_deployment_types.md b/content/en/security/cloud_security_management/setup/supported_deployment_types.md index 5549997e7805d..dfe803d6a930c 100644 --- a/content/en/security/cloud_security_management/setup/supported_deployment_types.md +++ b/content/en/security/cloud_security_management/setup/supported_deployment_types.md @@ -35,6 +35,6 @@ The following table summarizes the scope of coverage available relative to each **Note**: Cloud Security Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. -[1]: /security/cloud_security_management/setup/#csm-threats -[2]: /security/cloud_security_management/setup/#csm-vulnerabilities -[3]: /security/cloud_security_management/setup/#csm-identity-risks +[1]: /security/cloud_security_management/setup/#cloud-security-threats +[2]: /security/cloud_security_management/setup/#cloud-security-vulnerabilities +[3]: /security/cloud_security_management/setup/#cloud-security-identity-risks From 6ba23606299c6c1c1b65b4854647d402863ce6fd Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 12:44:18 -0600 Subject: [PATCH 13/28] One more anchor --- content/en/security/security_inbox.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/security_inbox.md b/content/en/security/security_inbox.md index 7e92baa1382a1..1a613b5d7eb61 100644 --- a/content/en/security/security_inbox.md +++ b/content/en/security/security_inbox.md @@ -94,6 +94,6 @@ For more information, see [Automation Pipelines][11] and [Add to Security Inbox [7]: https://www.cisa.gov/ [8]: https://www.exploit-db.com/ [9]: https://nvd.nist.gov/ -[10]: /security/cloud_security_management/severity_scoring/#csm-severity-scoring-framework +[10]: /security/cloud_security_management/severity_scoring/#cloud-security-severity-scoring-framework [11]: /security/automation_pipelines/ [12]: /security/automation_pipelines/security_inbox \ No newline at end of file From ae46d79d2bb6b0456a2fc563d15c1082663a075f Mon Sep 17 00:00:00 2001 From: DeForest Richards <56796055+drichards-87@users.noreply.github.com> Date: Thu, 10 Apr 2025 14:08:55 -0600 Subject: [PATCH 14/28] Apply suggestions from code review --- config/_default/menus/main.en.yaml | 2 +- content/en/account_management/audit_trail/events.md | 2 +- content/en/agent/remote_config/_index.md | 2 +- content/en/database_monitoring/setup_oracle/rds.md | 2 +- content/en/getting_started/security/application_security.md | 4 ++-- content/en/infrastructure/resource_catalog/schema.md | 2 +- .../en/integrations/guide/oracle-check-upgrade-7.50.1.md | 2 +- content/en/security/_index.md | 6 +++--- content/en/security/account_takeover_protection.md | 2 +- content/en/security/cloud_security_management/_index.md | 4 ++-- .../guide/custom-rules-guidelines.md | 2 +- .../cloud_security_management/guide/eBPF-free-agent.md | 2 +- .../cloud_security_management/identity_risks/_index.md | 2 +- .../cloud_security_management/misconfigurations/_index.md | 4 ++-- .../misconfigurations/compliance_rules.md | 2 +- .../misconfigurations/frameworks_and_benchmarks/_index.md | 2 +- .../frameworks_and_benchmarks/supported_frameworks.md | 2 +- .../cloud_security_management/misconfigurations/kspm.md | 2 +- .../security/cloud_security_management/severity_scoring.md | 4 ++-- content/en/security/threats/agent.md | 6 +++--- content/en/security/threats/security_signals.md | 2 +- .../en/security/threats/supported_linux_distributions.md | 2 +- .../en/security/threats/workload_security_rules/_index.md | 6 +++--- 23 files changed, 33 insertions(+), 33 deletions(-) diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index f3dc7218019bb..bebb9c3448d9c 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -160,7 +160,7 @@ menu: url: getting_started/security/application_security parent: getting_started_security weight: 1701 - - name: Workload Protection + - name: Cloud Security Management identifier: getting_started_cloud_security_management url: getting_started/security/cloud_security_management/ parent: getting_started_security diff --git a/content/en/account_management/audit_trail/events.md b/content/en/account_management/audit_trail/events.md index 2810f584605dc..166a1745ff11f 100644 --- a/content/en/account_management/audit_trail/events.md +++ b/content/en/account_management/audit_trail/events.md @@ -29,7 +29,7 @@ further_reading: #### Product-Specific Events - [App Builder](#app-builder-events) - [Application Performance Monitoring (APM)](#application-performance-monitoring-apm-events) -- [App and API Protection (AAP)](#application-security-management) +- [App and API Protection (AAP)](#app-and-api-protection) - [Audit Trail](#audit-trail-events) - [CI Visibility](#ci-visibility-events) - [Quality Gates](#quality-gates-events) diff --git a/content/en/agent/remote_config/_index.md b/content/en/agent/remote_config/_index.md index 95933eb28ee83..441c74b2927b4 100644 --- a/content/en/agent/remote_config/_index.md +++ b/content/en/agent/remote_config/_index.md @@ -174,7 +174,7 @@ To enable Remote Configuration: 6. Restart your Agent for the changes to take effect. After you perform these steps, your Agent requests its configuration from Datadog, and the features that use remote configuration are enabled: -- [Workload Protection default agent rules][9] update automatically as released. +- [Workload Protection default Agent rules][9] update automatically as released. - [APM Agent-level sampling rates][10] are applied. - [Dynamic Instrumentation][11] is enabled. - [AAP 1-Click enablement, IP blocking, and attack pattern updates][12] are enabled. diff --git a/content/en/database_monitoring/setup_oracle/rds.md b/content/en/database_monitoring/setup_oracle/rds.md index d755953ea43db..29a441a0f7393 100644 --- a/content/en/database_monitoring/setup_oracle/rds.md +++ b/content/en/database_monitoring/setup_oracle/rds.md @@ -69,7 +69,7 @@ exec rdsadmin.rdsadmin_util.grant_sys_object('V_$OSSTAT','DATADOG','SELECT',p_gr exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PARAMETER','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PGASTAT','DATADOG','SELECT',p_grant_option => false); -exec rdsadmin.rdsadmin_util.grant_sys_object('V_$AAP_DISKGROUP','DATADOG','SELECT',p_grant_option => false); +exec rdsadmin.rdsadmin_util.grant_sys_object('V_$ASM_DISKGROUP','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$RSRCMGRMETRIC','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_CONFIG','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_STATS','DATADOG','SELECT',p_grant_option => false); diff --git a/content/en/getting_started/security/application_security.md b/content/en/getting_started/security/application_security.md index d3877e0cdea1f..42ab607f37d4a 100644 --- a/content/en/getting_started/security/application_security.md +++ b/content/en/getting_started/security/application_security.md @@ -31,14 +31,14 @@ This guide walks you through best practices for getting your team up and running **Identify services vulnerable or exposed to attacks** that would benefit from AAP. On the [**Software Catalog > Security page**,][1] view and select the services you wish to enable. -{{< img src="getting_started/appsec/AAP_activation_service_selection_v2.png" alt="AAP Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} +{{< img src="getting_started/appsec/ASM_activation_service_selection_v2.png" alt="AAP Services page view, showing Vulnerabilities and sorted by Suspicious requests column." style="width:100%;" >}} These security insights are detected from data reported by APM. The insights help prioritize your security efforts. AAP identifies, prioritizes, and helps remediate all security risks on your services. **Note**: If no vulnerabilities or suspicious requests are reported, ensure your services are using a recent Datadog tracing library version. From the [Security Software Catalog][2], open any service's side panel and look at its **Tracing Configuration**. -{{< img src="getting_started/appsec/AAP_Tracing_Configuration.png" alt="Tracer Configuration tab in APM Software Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services." style="width:100%;" >}} +{{< img src="getting_started/appsec/ASM_Tracing_Configuration.png" alt="Tracer Configuration tab in APM Software Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services." style="width:100%;" >}} ## Enable AAP diff --git a/content/en/infrastructure/resource_catalog/schema.md b/content/en/infrastructure/resource_catalog/schema.md index 46b47e14cf54a..1b2cc3d0b0bf9 100644 --- a/content/en/infrastructure/resource_catalog/schema.md +++ b/content/en/infrastructure/resource_catalog/schema.md @@ -14,7 +14,7 @@ list_section: {{< site-region region="gov" >}}
-Workload Protection Misconfigurations is not available in the selected site. +CSM Misconfigurations is not available in the selected site.
{{< /site-region >}} diff --git a/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md b/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md index 20c22701559e3..9e93b53bffc77 100644 --- a/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md +++ b/content/en/integrations/guide/oracle-check-upgrade-7.50.1.md @@ -140,7 +140,7 @@ exec rdsadmin.rdsadmin_util.grant_sys_object('V_$CONTAINERS','DATADOG','SELECT', exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL_PLAN_STATISTICS_ALL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$SQL','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$PGASTAT','DATADOG','SELECT',p_grant_option => false); -exec rdsadmin.rdsadmin_util.grant_sys_object('V_$AAP_DISKGROUP','DATADOG','SELECT',p_grant_option => false); +exec rdsadmin.rdsadmin_util.grant_sys_object('V_$ASM_DISKGROUP','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$RSRCMGRMETRIC','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_CONFIG','DATADOG','SELECT',p_grant_option => false); exec rdsadmin.rdsadmin_util.grant_sys_object('V_$DATAGUARD_STATS','DATADOG','SELECT',p_grant_option => false); diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 0d7d3c58ca895..5cde3546becdb 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -89,9 +89,9 @@ Bring speed and scale to your production security operations. Datadog Security d Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security Management](#cloud-security-management). To learn more, check out the [30-second Product Guided Tour][14]. -## Application Security +## App and API Protection -Datadog [Application Security][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. +Datadog [App and API Protection (AAP)][1] provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages [Datadog APM][2], the [Datadog Agent][3], and in-app detection rules to detect threats in your application environment. Check out the product [Guided Tour](https://www.datadoghq.com/guided-tour/security/application-security-management/) to see more. In addition to threat detection, Datadog provides end-to-end code and library vulnerability detection from development to production with [Code Security][20], which includes the following capabilities: - [Static Code Analysis (SAST)][21] for identifying security and quality issues in your first-party code @@ -110,7 +110,7 @@ In addition to threat detection, Datadog provides end-to-end code and library vu [Cloud Security Management (CSM)][10] delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered. -Workload Protection includes [Threats][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. +CSM includes [Workload Protection][12], [Misconfigurations][11], [Identity Risks][15], and [Vulnerabilities][16]. To learn more, check out the dedicated [Guided Tour][13]. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues" width="100%">}} diff --git a/content/en/security/account_takeover_protection.md b/content/en/security/account_takeover_protection.md index 43e375d8b9ed3..de764501b0ff6 100644 --- a/content/en/security/account_takeover_protection.md +++ b/content/en/security/account_takeover_protection.md @@ -13,7 +13,7 @@ further_reading: text: "App and API Protection Guides" --- -AAP provides account takeover (ATO) protection to detect and mitigate account takeover attacks. +App and API Protection (AAP) provides account takeover (ATO) protection to detect and mitigate account takeover attacks. ATO protection has the following benefits: diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index 3520a7fd5b8fd..74b0af2cdfdfc 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -69,9 +69,9 @@ Datadog Cloud Security Management (CSM) delivers deep visibility, continuous con Security and DevOps teams can act on the shared context of observability and security data to quickly prioritize and remediate issues. -Workload Protection leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: +CSM leverages both the Datadog Agent and Agentless. It includes a variety of features you can enable to manage different facets of your organization's security: -- [**Threats**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. +- [**Workload Protection**][1]: Monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. - [**Misconfigurations**][2]: Tracks the security hygiene and compliance posture of your production environment, automates audit evidence collection, and enables you to remediate misconfigurations that leave your organization vulnerable to attacks. - [**Identity Risks**][8]: Provides in-depth visibility into your organization's AWS IAM, Azure, and GCP risks, and enables you to detect and resolve identity risks on an ongoing basis. - [**Vulnerabilities**][9]: Continuously detect, prioritize, and remediate exploitable vulnerabilities in your container images, host images, and hosts running in your infrastructure. diff --git a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md index 8c7164daff9d2..1fb87cc471a5c 100644 --- a/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md +++ b/content/en/security/cloud_security_management/guide/custom-rules-guidelines.md @@ -31,7 +31,7 @@ Use wildcards (`*`) carefully. For example, never use `open.file.path =~ "*/myfi ## Approvers and discarders -Workload Protection Threats uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. +Workload Protection uses the concept of approvers and discarders to filter out events that should not trigger any rules in a policy. Approvers and discarders allow or deny events at the policy level only. They do not act on individual rules. Approvers act as an allow-list at the kernel level in the Datadog Agent. For example, the opening of a specific file could be an approver on the event `open`, whereas `open` events on files without approvers would be filtered out. Similarly, discarders act as a deny-list in the Agent. Discarders intentionally filter out events that can never match a rule. The Agent learns which events to filter out with discarders during runtime. diff --git a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md index 8b85c822ae778..a03a1e424882a 100644 --- a/content/en/security/cloud_security_management/guide/eBPF-free-agent.md +++ b/content/en/security/cloud_security_management/guide/eBPF-free-agent.md @@ -12,7 +12,7 @@ This guide also describes some advantages of the ptrace solution. ## Summary of Agent options -Workload Protection Threats includes two Agent options for threat detection and response: +Workload Protection includes two Agent options for threat detection and response: - eBPF solution - eBPF-less solution with ptrace: This version is only available where eBPF is not (Linux kernel versions 3.4 to 4.14). diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index b436079b260a1..84165c8f31223 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -34,7 +34,7 @@ Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrast Review your organization's active identity risks on the [Identity Risks Explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. -Workload Protection Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. +CSM Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. {{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="CSM Identity Risks Explorers page" width="100%">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index 32e6cdb09c77d..729264e474a67 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -17,13 +17,13 @@ Strengthen your security posture and achieve continuous compliance by detecting, View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations Explorer][2]. -Workload Protection Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. +CSM Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. {{< img src="security/csm/csm_overview_2.png" alt="The Security Inbox on the Cloud Security Management overview shows a list of prioritized security issues to remediate" width="100%">}} ## Maintain compliance with industry frameworks and benchmarks -Workload Protection Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. +CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that are maintained by a team of security experts. The rules map to controls and requirements within compliance standards and industry benchmarks, such as PCI and SOC2 compliance frameworks. [View compliance reports][3] to see how well you're doing against each control in a compliance framework. The reports include details such as resources with the most failed misconfigurations, a comprehensive breakdown of the number of resources with pass/fail misconfigurations, and the top three high-severity rule failures. diff --git a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md index d29babf4c0a3a..4b65a14a2046e 100644 --- a/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/compliance_rules.md @@ -22,7 +22,7 @@ Cloud Security Management Misconfigurations (CSM Misconfigurations) [out-of-the- The compliance rules follow the same [conditional logic][2] as all Datadog Security compliance rules. For CSM Misconfigurations, each rule maps to controls within one or more [compliance frameworks or industry benchmarks][4]. -Workload Protection Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: +CSM Misconfigurations uses the following rule types to validate the configuration of your cloud infrastructure: - [**Cloud configuration**][1]: These compliance rules analyze the configuration of resources within your cloud environment. For example, the [CloudFront distribution should be encrypted][3] rule assesses whether an Amazon CloudFront distribution enforces HTTPS to secure communications. - [**Infrastructure configuration**][5]: These checks evaluate containers and Kubernetes clusters using rules from CIS compliance benchmarks for Docker and Kubernetes, as well as Linux workloads against CIS host benchmarks for Ubuntu, Red Hat, and Amazon Linux. diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md index ad967cb04e83b..03fd8b9e4c86f 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/_index.md @@ -16,7 +16,7 @@ further_reading: text: "Search and explore misconfigurations" --- -Workload Protection Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. +CSM Misconfigurations comes with more than 1,300 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within a [compliance standard or industry benchmark][2]. You can also [create custom frameworks][30] to define and measure compliance against your own cloud security baseline. ## View your compliance posture diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 6ee2162cc2fc4..581b717c73d9e 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -18,7 +18,7 @@ further_reading: text: "Datadog Security extends compliance and threat protection capabilities for Google Cloud" --- -Workload Protection Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: +CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each [compliance rule][1] maps to one or more controls within the following compliance standards and industry benchmarks: | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|------------------------|-------------------------------------|--------------------------| diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index 1dfcda198475c..b4060bfc9e4bb 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -46,7 +46,7 @@ Each finding contains the context you need to identify the issue's impact, such ## Assess your Kubernetes security posture against industry-standard frameworks -Workload Protection provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. +CSM provides a [security posture score][2] that helps you understand your security and compliance status using a single metric. The score represents the percentage of your environment that satisfies all of your active out-of-the-box cloud and infrastructure detection rules. You can obtain the score for your entire organization, or for specific teams, accounts, and environments, including Kubernetes deployments. For an in-depth explanation on how the security posture score works, see [Security posture score][3]. diff --git a/content/en/security/cloud_security_management/severity_scoring.md b/content/en/security/cloud_security_management/severity_scoring.md index 6d3e778859731..7ff68a05fe476 100644 --- a/content/en/security/cloud_security_management/severity_scoring.md +++ b/content/en/security/cloud_security_management/severity_scoring.md @@ -16,7 +16,7 @@ Accurate severity scores help security teams understand the risks that vulnerabi ## CSM severity scoring framework -Workload Protection Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. +CSM Misconfigurations, CSM Identity Risks, and Security Inbox misconfigurations use the CSM severity scoring framework to determine the severity of a finding. The framework compares the likelihood that an adversary would take advantage of a misconfiguration to the risk posed to your environment. By weighting both of these aspects, findings can be prioritized more accurately by real-world risks. The matrices below show how a misconfiguration's severity score is computed based on its likelihood of abuse and impact. ### Likelihood @@ -116,7 +116,7 @@ Using the CSM severity scoring framework, the rule would be scored as follows: ## CVSS 3.1 -Workload Protection Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: +CSM Vulnerabilities uses Common Vulnerability Scoring System version 3.1 ([CVSS 3.1][5]) to determine a base score for a vulnerability. It then modifies the base score to take into account the following: - Whether the underlying infrastructure is running and how wide-spread the impact is. - The environment in which the underlying infrastructure is running. For example, if the environment is not production, the severity is downgraded. diff --git a/content/en/security/threats/agent.md b/content/en/security/threats/agent.md index 92c3123f0b7de..e8493f7f90385 100644 --- a/content/en/security/threats/agent.md +++ b/content/en/security/threats/agent.md @@ -1,10 +1,10 @@ --- -description: Agent expression attributes and operators for Workload Protection Rules +description: Agent expression attributes and operators for CSM Threat Rules disable_edit: true further_reading: - link: /security/cloud_workload_security/getting_started/ tag: Documentation - text: Get started with Datadog Workload Protection + text: Get started with Datadog CSM Threats title: Creating Agent Rule Expressions --- @@ -17,7 +17,7 @@ The **Assisted rule creator** option helps you create the Agent and dependent de For details, see [Creating Custom Detection Rules][1]. ## Agent expression syntax -Workload Protection first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a Workload Protection rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: +Cloud Security Management Threats (CSM Threats) first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. This portion of a CSM Threats rule is called the Agent expression. Agent expressions use Datadog's Security Language (SECL). The standard format of a SECL expression is as follows: {{< code-block lang="javascript" >}} . [ .] ... diff --git a/content/en/security/threats/security_signals.md b/content/en/security/threats/security_signals.md index 2c79ab84f30b1..d1f62d9c5f8a9 100644 --- a/content/en/security/threats/security_signals.md +++ b/content/en/security/threats/security_signals.md @@ -16,7 +16,7 @@ further_reading: text: "Secure your Windows workloads with Datadog Cloud Security Management" --- -[Workload Protection][9] (Workload Protection) security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. +[Workload Protection][9] security signals are created when Datadog detects a threat based on a security rule. View, search, filter, and investigate security signals in the [Signals Explorer][4], or configure [Notification Rules][1] to send signals to third-party tools. To modify security signals, you must have the `security_monitoring_signals_write` permission. See [Role Based Access Control][3] for more information about Datadog's default roles and granular role-based access control permissions available for Cloud Security Management. diff --git a/content/en/security/threats/supported_linux_distributions.md b/content/en/security/threats/supported_linux_distributions.md index 13622d2790b6e..b994074c5203e 100644 --- a/content/en/security/threats/supported_linux_distributions.md +++ b/content/en/security/threats/supported_linux_distributions.md @@ -20,7 +20,7 @@ Workload Protection supports the following Linux distributions: - Custom kernel builds are not supported. - The [Workload Protection eBPF-less solution for eBPF disabled environments][2] uses a ptrace-based Datadog Agent. The ptrace-based Datadog Agent supports Linux kernel versions from 3.4.43 to 4.9.85. -- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see the [Troubleshooting Workload Protection][1]. +- For compatibility with a custom Kubernetes network plugin like Cilium or Calico, see [Troubleshooting Workload Protection][1]. - Data collection is done using eBPF, so Datadog requires, at minimum, platforms that have underlying Linux kernel versions of 4.14.0+ or have eBPF features backported (for example, Centos/RHEL 7 with kernel 3.10 has eBPF features backported, so it is supported). [1]: /security/cloud_security_management/troubleshooting/threats diff --git a/content/en/security/threats/workload_security_rules/_index.md b/content/en/security/threats/workload_security_rules/_index.md index a5e1b3fb16f1e..383ce1475520c 100644 --- a/content/en/security/threats/workload_security_rules/_index.md +++ b/content/en/security/threats/workload_security_rules/_index.md @@ -28,7 +28,7 @@ By default, all OOTB Agent crypto mining threat detection rules are enabled and ## Workload Protection rules construction -Workload Protection Threats rules consist of two different components: Agent rules and threat detection rules. +Workload Protection rules consist of two different components: Agent rules and threat detection rules. - **Agent rules:** [Agent rules][9] are evaluated on the Agent host. Workload Protection first evaluates activity within the Datadog Agent against Agent expressions to decide what activity to collect. Agent expressions use Datadog's [Security Language (SECL)][2].

@@ -58,7 +58,7 @@ Workload Protection Threats rules consist of two different components: Agent rul ### Workload Protection rules pipeline -Workload Protection Threats uses the following pipeline when evaluating events: +Workload Protection uses the following pipeline when evaluating events: 1. The Agent rules evaluate system activity on the Agent host. 2. When activity matches an Agent rule expression, the Agent generates a detection event and passes it to the Datadog backend. @@ -72,7 +72,7 @@ The following diagram illustrates this pipeline: ### Saving resources by design -Workload Protection Threats detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. +Workload Protection detection rules are complex, correlating several datapoints, sometimes across different hosts, and including third party data. This complexity would result in considerable compute resource demands on the Agent host if all rules were evaluated there. Datadog solves this problem by keeping the Agent lightweight with only a few rules, and processes most rules using the threat detection rules on the Datadog backend. From 1ef899924d72a9152b451a5112c821cab3c4b2c6 Mon Sep 17 00:00:00 2001 From: DeForest Richards <56796055+drichards-87@users.noreply.github.com> Date: Thu, 10 Apr 2025 14:09:31 -0600 Subject: [PATCH 15/28] Update content/en/security/application_security/guide/manage_account_theft_appsec.md --- .../application_security/guide/manage_account_theft_appsec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md index 50a81fc188c75..e6f4f8746509e 100644 --- a/content/en/security/application_security/guide/manage_account_theft_appsec.md +++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md @@ -44,7 +44,7 @@ This step describes how to set up your service to use AAP. - To set up AAP, move to [Step 1.2: Enabling AAP on login service](#step-12-enabling-asm-on-your-login-service). + To set up AAP, move to [Step 1.2: Enabling AAP on login service](#step-12-enabling-aap-on-your-login-service). ### Step 1.2: Enabling AAP on your login service From c4d3cf50ea2501dde0777e27217453d26a58a742 Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Thu, 10 Apr 2025 16:10:48 -0600 Subject: [PATCH 16/28] Update product names --- .../data_security/data_retention_periods.md | 4 +- .../guide/data-collection-resolution.md | 108 +++++++++--------- content/en/security/default_rules/_index.md | 4 +- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/content/en/data_security/data_retention_periods.md b/content/en/data_security/data_retention_periods.md index 80c6999f6a245..263a8d2ac7fcf 100644 --- a/content/en/data_security/data_retention_periods.md +++ b/content/en/data_security/data_retention_periods.md @@ -18,7 +18,7 @@ attributes: - **Indexed spans**: 15 or 30 days, determined by customer plan - **Services/resources statistics**: 30 days - **Viewed traces**: 15 months - - product: Application Security Management + - product: App and API Protection data_type: | - **Security signals**: 15 months - **Spans**: 90 days @@ -47,7 +47,7 @@ attributes: data_type: | - **Signals**: 15 months - **Detections, notifications, suppressions**: Retained for the duration of the account - - product: Cloud Workload Security + - product: Workload Protection data_type: | - **Events**: 90 days - **Security signals**: 15 months diff --git a/content/en/developers/guide/data-collection-resolution.md b/content/en/developers/guide/data-collection-resolution.md index b148595e8dc82..32c64922b2af0 100644 --- a/content/en/developers/guide/data-collection-resolution.md +++ b/content/en/developers/guide/data-collection-resolution.md @@ -11,60 +11,60 @@ algolia: Find below a summary of Datadog data [collection][1] and [resolution][2]. See information on [Data Retention Periods][8]. -| Product category | Source | Collection Methods | Collection interval | Minimum Resolution | -|------------------------|-------------------------|--------------------------|------------------------------|----------------------| -| APM | Profiles | Datadog Agent + tracing library | 60 seconds | 60 seconds | -| APM | Profile metrics | Datadog Agent + tracing library | 60 seconds | 60 seconds | -| APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | -| APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | -| APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | -| ASM | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | -| Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | -| CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | -| CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | -| Cloud | Alibaba | API crawler | 10 minutes ([default][4]) | 1 minute | -| Cloud | AWS | API crawler | 10 minutes ([default][4]) | 1 minute | -| Cloud | Azure | API crawler | 2 minutes ([default][4]) | 1 minute | -| Cloud | Google Cloud | API crawler | 5 minutes ([default][4]) | 1 minute | -| Cloud | Oracle Cloud Infrastructure | Metric collector | Real-time | 1 minute | -| Cloud Cost Management | AWS | Cost and Usage Report | 1 hour | 1 day | -| Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | -| Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | -| Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | -| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | -| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 millisecond | -| Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | -| Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | -| DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | -| DORA Metrics | Deployment Frequency, Change Lead Time, Change Failure Rate, Mean time to restore | API, Datadog products | Data source-dependent | 1 millisecond | -| Error Tracking | Error Tracking | Datadog products | Data source-dependent | 1 millisecond | -| Incident Management | Incident Management | Incident data | n/a | n/a | ∞ | -| Infrastructure | Agent integrations | Datadog Agent + enabled integrations | 15 seconds | 1 second | -| Infrastructure | Custom metrics (Agent check) | Datadog Agent + custom Agent check | 15 seconds | 1 second | -| Infrastructure | Custom metrics (API) | POST directly to Datadog's API | Real time | 1 second | -| Infrastructure | Custom metrics (StatsD) | Datadog Agent (built-in statsD collector) | 15 seconds | 1 second | -| Infrastructure | Events | Datadog Agent, integrations, or API | Real time | 1 second | -| Infrastructure | Orchestrator Explorer (Kubernetes) | Datadog Agent | 15 seconds | 15 seconds | 15 minutes | -| Infrastructure | Live containers | Datadog Agent + enabled Docker integration or Datadog container Agent | 2 seconds | 1 second | 36 hours | -| Infrastructure | Live processes | Datadog Agent + Process Agent | 2 seconds | 1 second | 36 hours | -| Infrastructure | Cloud Network Monitoring | System Probe | 30 seconds | 1 minute | -| Infrastructure | Network Device Monitoring | Datadog Agent | 15 seconds | 1 second | -| Infrastructure | NetFlow Monitoring | Datadog Agent | Real time | Aggregated over 5-minute interval | -| Infrastructure | System metrics | Datadog Agent | 15 seconds | 1 second | -| Logs | Logs | Datadog Agent + Logs, third-party log collectors, or API | Real time | 1 millisecond | Plan | -| Real User Monitoring | Real User Monitoring | RUM SDK | Real time | 1 millisecond | -| Real User Monitoring | Session Replays | RUM SDK | Real time | 1 millisecond | -| Service Management | Workflow Automation | Workflow executions | User-defined | n/a | -| Service Management | Service Level Objectives | Datadog monitors, Datadog Synthetic monitoring, or metrics (infrastructure, APM trace, custom) | Data source-dependent | Data source-dependent | -| Software Composition Analysis (SCA) | GitHub App | Source code | n/a | n/a | -| Synthetic Monitoring | API Test metrics | Datadog Synthetic Monitoring application | User-defined | 1 minute | -| Synthetic Monitoring | API Test results | Datadog Synthetic Monitoring application | User-defined | 1 minute | -| Synthetic Monitoring | Browser Test metrics | Datadog Synthetic Monitoring application | User-defined | 5 minutes | | -| Synthetic Monitoring | Browser Test results | Datadog Synthetic Monitoring application | User-defined | 5 minutes | -| Synthetic Monitoring | Batches | Datadog Synthetic Monitoring application (through calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7]) | Depending on calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7] | n/a | -| Test Optimization | Flaky test | Test Optimization Test spans | Data source-dependent | 1 millisecond | -| Test Optimization | Test span | Datadog Agent + tracing library | 60 seconds | 1 millisecond | -| USM | RED metrics | Datadog Agent | 30 seconds | 30 second | +| Product category | Source | Collection Methods | Collection interval | Minimum Resolution | +|-------------------------------------|-----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|-----------------------------------| +| APM | Profiles | Datadog Agent + tracing library | 60 seconds | 60 seconds | +| APM | Profile metrics | Datadog Agent + tracing library | 60 seconds | 60 seconds | +| APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | +| APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | +| APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | +| ASM | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | +| Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | +| CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | +| CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | +| Cloud | Alibaba | API crawler | 10 minutes ([default][4]) | 1 minute | +| Cloud | AWS | API crawler | 10 minutes ([default][4]) | 1 minute | +| Cloud | Azure | API crawler | 2 minutes ([default][4]) | 1 minute | +| Cloud | Google Cloud | API crawler | 5 minutes ([default][4]) | 1 minute | +| Cloud | Oracle Cloud Infrastructure | Metric collector | Real-time | 1 minute | +| Cloud Cost Management | AWS | Cost and Usage Report | 1 hour | 1 day | +| Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | +| Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | +| Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | +| Cloud Security Management | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | +| Workload Protection | Signals | Datadog Cloud Security Management Threats | Real time | 1 millisecond | +| Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | +| Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | +| DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | +| DORA Metrics | Deployment Frequency, Change Lead Time, Change Failure Rate, Mean time to restore | API, Datadog products | Data source-dependent | 1 millisecond | +| Error Tracking | Error Tracking | Datadog products | Data source-dependent | 1 millisecond | +| Incident Management | Incident Management | Incident data | n/a | n/a | +| Infrastructure | Agent integrations | Datadog Agent + enabled integrations | 15 seconds | 1 second | +| Infrastructure | Custom metrics (Agent check) | Datadog Agent + custom Agent check | 15 seconds | 1 second | +| Infrastructure | Custom metrics (API) | POST directly to Datadog's API | Real time | 1 second | +| Infrastructure | Custom metrics (StatsD) | Datadog Agent (built-in statsD collector) | 15 seconds | 1 second | +| Infrastructure | Events | Datadog Agent, integrations, or API | Real time | 1 second | +| Infrastructure | Orchestrator Explorer (Kubernetes) | Datadog Agent | 15 seconds | 15 seconds | +| Infrastructure | Live containers | Datadog Agent + enabled Docker integration or Datadog container Agent | 2 seconds | 1 second | +| Infrastructure | Live processes | Datadog Agent + Process Agent | 2 seconds | 1 second | +| Infrastructure | Cloud Network Monitoring | System Probe | 30 seconds | 1 minute | +| Infrastructure | Network Device Monitoring | Datadog Agent | 15 seconds | 1 second | +| Infrastructure | NetFlow Monitoring | Datadog Agent | Real time | Aggregated over 5-minute interval | +| Infrastructure | System metrics | Datadog Agent | 15 seconds | 1 second | +| Logs | Logs | Datadog Agent + Logs, third-party log collectors, or API | Real time | 1 millisecond | +| Real User Monitoring | Real User Monitoring | RUM SDK | Real time | 1 millisecond | +| Real User Monitoring | Session Replays | RUM SDK | Real time | 1 millisecond | +| Service Management | Workflow Automation | Workflow executions | User-defined | n/a | +| Service Management | Service Level Objectives | Datadog monitors, Datadog Synthetic monitoring, or metrics (infrastructure, APM trace, custom) | Data source-dependent | Data source-dependent | +| Software Composition Analysis (SCA) | GitHub App | Source code | n/a | n/a | +| Synthetic Monitoring | API Test metrics | Datadog Synthetic Monitoring application | User-defined | 1 minute | +| Synthetic Monitoring | API Test results | Datadog Synthetic Monitoring application | User-defined | 1 minute | +| Synthetic Monitoring | Browser Test metrics | Datadog Synthetic Monitoring application | User-defined | 5 minutes | +| Synthetic Monitoring | Browser Test results | Datadog Synthetic Monitoring application | User-defined | 5 minutes | +| Synthetic Monitoring | Batches | Datadog Synthetic Monitoring application (through calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7]) | Depending on calls to the [Synthetics trigger API endpoint][6] or to the [Synthetics CI CLI][7] | n/a | +| Test Optimization | Flaky test | Test Optimization Test spans | Data source-dependent | 1 millisecond | +| Test Optimization | Test span | Datadog Agent + tracing library | 60 seconds | 1 millisecond | +| USM | RED metrics | Datadog Agent | 30 seconds | 30 second | ## Further reading diff --git a/content/en/security/default_rules/_index.md b/content/en/security/default_rules/_index.md index 522c2d6f25ed1..dc9afaabea063 100644 --- a/content/en/security/default_rules/_index.md +++ b/content/en/security/default_rules/_index.md @@ -34,11 +34,11 @@ cascade: subcategory: Security Detection Rules --- -Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your Application Security Management library, and the Agent, depending on your configuration. +Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker techniques and potential misconfigurations so you can immediately take steps to remediate. Datadog continuously develops new default rules, which are automatically imported into your account, your App and API Protection library, and the Agent, depending on your configuration.
Datadog's Security Research team continuously adds new OOTB security detection rules. While the aim is to deliver high-quality detections with the release of integrations or other new features, the performance of these detections at scale often needs to be observed before making the rule generally available. These rules contain a Beta tag. This gives Datadog's Security Research team time to either refine or deprecate detection opportunities that do not meet Datadog's standards.
-Click the following buttons to filter the detection rules. Security detection rules are available for [Application Security Management][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [CSM Threats][4], [CSM Identity Risks][6], and [Attack Paths][7]. +Click the following buttons to filter the detection rules. Security detection rules are available for [App and API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [Workload Protection][4], [CSM Identity Risks][6], and [Attack Paths][7]. [1]: /security/detection_rules/ [2]: /security/cloud_siem/ From eb4194b20522dfef18383ee0f1ce3768937ccc8b Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Thu, 10 Apr 2025 18:25:34 -0600 Subject: [PATCH 17/28] Demoting the word "explorer" --- content/en/security/cloud_security_management/_index.md | 4 ++-- .../cloud_security_management/guide/related-logs.md | 2 +- .../en/security/cloud_security_management/iac_scanning.md | 4 ++-- .../cloud_security_management/identity_risks/_index.md | 4 ++-- .../cloud_security_management/misconfigurations/_index.md | 6 +++--- .../misconfigurations/custom_rules.md | 4 ++-- .../misconfigurations/findings/_index.md | 8 ++++---- .../findings/export_misconfigurations.md | 2 +- .../cloud_security_management/misconfigurations/kspm.md | 2 +- .../misconfigurations/signals_explorer.md | 2 +- .../cloud_security_management/review_remediate/jira.md | 8 ++++---- .../cloud_security_management/vulnerabilities/_index.md | 8 ++++---- layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md | 2 +- 13 files changed, 28 insertions(+), 28 deletions(-) diff --git a/content/en/security/cloud_security_management/_index.md b/content/en/security/cloud_security_management/_index.md index af49d73821a75..a7c1f6e7bdba2 100644 --- a/content/en/security/cloud_security_management/_index.md +++ b/content/en/security/cloud_security_management/_index.md @@ -80,9 +80,9 @@ Improve your organization's score by remediating misconfigurations, either by re For an overview of your Cloud Security and Application Security findings, sorted by importance, use the [Security Inbox][14]. -To get more detail, use the [Explorers][7] to review and remediate your organization's security findings concerning misconfigurations, vulnerabilities, and identity risks. View detailed information about a finding, including guidelines and remediation steps. [Send real-time notifications][6] when a threat is detected in your environment, and use tags to identify the owner of an impacted resource. +To get more detail, use [Findings][7] to review and remediate your organization's security findings concerning misconfigurations, vulnerabilities, and identity risks. View detailed information about a finding, including guidelines and remediation steps. [Send real-time notifications][6] when a threat is detected in your environment, and use tags to identify the owner of an impacted resource. -{{< img src="security/csm/explorers_page.png" alt="Cloud Security Explorers page" width="100%">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Findings page" width="100%">}} ## Investigate resources diff --git a/content/en/security/cloud_security_management/guide/related-logs.md b/content/en/security/cloud_security_management/guide/related-logs.md index 3f9a8661b2600..fca5a2bc0ccab 100644 --- a/content/en/security/cloud_security_management/guide/related-logs.md +++ b/content/en/security/cloud_security_management/guide/related-logs.md @@ -24,7 +24,7 @@ source:cloudtrail @recipientAccountId:172597598159 @awsRegion:us-east-1 @readOnl ## View related logs -1. In the [Misconfigurations Explorer][2], open a misconfiguration for a supported resource type. +1. On the **Findings** page, in the [Misconfigurations explorer][2], open a misconfiguration for a supported resource type. 1. Click the **Related Logs** tab. Datadog queries your CloudTrail logs for events related to the cloud resource. ## Search through a larger timeframe diff --git a/content/en/security/cloud_security_management/iac_scanning.md b/content/en/security/cloud_security_management/iac_scanning.md index 2ca20f1705d60..b48f1d302cc95 100644 --- a/content/en/security/cloud_security_management/iac_scanning.md +++ b/content/en/security/cloud_security_management/iac_scanning.md @@ -10,11 +10,11 @@ further_reading: Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form. {{< /callout >}} -Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Explorers** page within Cloud Security. +Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the **Findings** page within Cloud Security.
Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
-{{< img src="security/csm/iac_scanning_explorer2.png" alt="Cloud Security Explorers page displaying detected misconfigurations in cloud resources" width="100%">}} +{{< img src="security/csm/iac_scanning_explorer2.png" alt="Cloud Security Findings page displaying detected misconfigurations in cloud resources" width="100%">}} When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code. diff --git a/content/en/security/cloud_security_management/identity_risks/_index.md b/content/en/security/cloud_security_management/identity_risks/_index.md index 2e2933fb3ac23..b6f40231d9449 100644 --- a/content/en/security/cloud_security_management/identity_risks/_index.md +++ b/content/en/security/cloud_security_management/identity_risks/_index.md @@ -32,11 +32,11 @@ Cloud Security Identity Risks is a Cloud Infrastructure Entitlement Management ( ## Review identity risks -Review your organization's active identity risks on the [Identity Risks Explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. +Review your organization's active identity risks in the [Identity Risks explorer][1]. Use the **Group by** options to filter by **Identity Risks**, **Resources**, or **None** (individual identity risks). View additional details on the side panel. Cloud Security Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions. -{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="Cloud Security Identity Risks Explorers page" width="100%">}} +{{< img src="security/identity_risks/identity_risks_explorer_3.png" alt="Cloud Security Identity Risks explorers page" width="100%">}} ## Remediate identity risks diff --git a/content/en/security/cloud_security_management/misconfigurations/_index.md b/content/en/security/cloud_security_management/misconfigurations/_index.md index cb6b9f22d018a..f2b97c9f7b269 100644 --- a/content/en/security/cloud_security_management/misconfigurations/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/_index.md @@ -15,7 +15,7 @@ Cloud Security Misconfigurations makes it easier to assess and visualize the cur Strengthen your security posture and achieve continuous compliance by detecting, prioritizing, and remediating misconfigurations across all your cloud resources using Datadog's [out-of-the-box compliance rules](#manage-out-of-the-box-and-custom-compliance-rules). -View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations Explorer][2]. +View a high-level overview of your security posture on the [Overview page][1]. Examine the details of misconfigurations and analyze historical configurations with the [Misconfigurations explorer][2]. Cloud Security Misconfigurations evaluates resources in increments between 15 minutes and 4 hours (depending on type). Datadog generates new misconfigurations as soon as a scan is completed, and stores a complete history of all misconfigurations for the past 15 months so they are available in case of an investigation or audit. @@ -43,11 +43,11 @@ Use template variables and Markdown to [customize notification messages][9]. Edi ## Review and remediate misconfigurations -Investigate details using the [Misconfigurations Explorer][10]. View detailed information about a resource, such as configuration, compliance rules applied to the resource, and tags that provide additional context about who owns the resource and its location within your environment. If a misconfiguration does not match your business use case or is an accepted risk, you can [mute the misconfiguration][13] up to an indefinite period of time. +Investigate details using the [Misconfigurations explorer][10]. View detailed information about a resource, such as configuration, compliance rules applied to the resource, and tags that provide additional context about who owns the resource and its location within your environment. If a misconfiguration does not match your business use case or is an accepted risk, you can [mute the misconfiguration][13] up to an indefinite period of time. You can also [create a Jira issue][15] and assign it to a team, use Terraform remediation to generate a pull request in GitHub with code changes that fix the underlying misconfiguration, and leverage [Workflow Automation][14] to create automated workflows (with or without human involvement). -{{< img src="security/cspm/misconfigurations_explorer.png" alt="Cloud Security Misconfigurations Explorer page" width="100%">}} +{{< img src="security/cspm/misconfigurations_explorer.png" alt="Cloud Security Misconfigurations explorer page" width="100%">}} ## Get started diff --git a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md index db2c2be2dbaff..1373ef7daed71 100644 --- a/content/en/security/cloud_security_management/misconfigurations/custom_rules.md +++ b/content/en/security/cloud_security_management/misconfigurations/custom_rules.md @@ -31,7 +31,7 @@ To clone a rule: 1. Find the rule you want to copy by doing one of the following: - Navigate to the [**Misconfigurations Rules**][1] page. Select a rule you want to copy to open its details page. - - Navigate to the [**Misconfigurations Explorer**][2]. Select a misconfiguration to open its details, then select **Edit Rule**. + - Navigate to the [**Misconfigurations explorer**][2]. Select a misconfiguration to open its details, then select **Edit Rule**. 2. Make any changes you want for your new rule. 3. Scroll to the bottom of the details page and click **Clone Rule**. @@ -70,7 +70,7 @@ You can assign almost any key-value as a tag. The following table shows tags tha | `requirement` | String | Not allowed for custom rules. Indicates a requirement related to a compliance framework. Don't add this to rules not part of a compliance framework. | | `cloud_provider` | `aws`, `gcp`, `azure` | Cannot be removed. Is set automatically based on resource type. | | `control` | String | Not allowed for custom rules. Indicates a control related to a compliance framework. Don't add this to rules not part of a compliance framework. | -| `source` | String from a defined set given by cloud providers as listed in the [Source facet in the Misconfigurations Explorer][2]. | Cannot be removed. Automatically added to cloned rules. Facilitates grouping rules by cloud provider. | +| `source` | String from a defined set given by cloud providers as listed in the [Source facet in the Misconfigurations explorer][2]. | Cannot be removed. Automatically added to cloned rules. Facilitates grouping rules by cloud provider. | | `framework` | String | Not allowed for custom rules. Indicates the compliance framework the rule belongs to. Not automatically added to cloned rules. | ## Further reading diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md index de8725a28b4b8..c3fb5a4859b05 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/_index.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/_index.md @@ -14,7 +14,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -The Cloud Security Misconfigurations [Explorer][1] allows you to: +The Cloud Security Misconfigurations [explorer][1] allows you to: - Review the detailed configuration of a resource. - Review the compliance rules applied to your resources by Cloud Security Misconfigurations. @@ -30,15 +30,15 @@ A misconfiguration is the primary primitive for a rule evaluation against a reso ## Explore your cloud misconfigurations -Misconfigurations are displayed on the [Misconfigurations Explorer][1]. Aggregate misconfigurations by rule using the **Group by** filters and query search bar. For example, filtering by `evaluation:fail` narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation. +Misconfigurations are displayed on the [Misconfigurations explorer][1]. Aggregate misconfigurations by rule using the **Group by** filters and query search bar. For example, filtering by `evaluation:fail` narrows the list to all compliance rules that have issues that need to be addressed. Misconfigurations can also be aggregated by resource to rank resources that have the most failed misconfigurations so you can prioritize remediation. -{{< img src="security/csm/explorers_page.png" alt="Cloud Security Misconfigurations Explorer page" style="width:100%;">}} +{{< img src="security/csm/explorers_page.png" alt="Cloud Security Misconfigurations explorer page" style="width:100%;">}} Select a misconfiguration to view the resources that have been evaluated by the rule, the rule description, its framework or industry benchmark mappings, and suggested remediation steps. {{< img src="security/cspm/findings/finding-side-panel3.png" alt="A list of impacted resources in the side panel" style="width:65%;">}} -Group by **Resources** on the Security Findings Explorer and select a resource to see the full list of compliance rules that were evaluated against the resource, along with their statuses. +Group findings by **Resources** and select a resource to see the full list of compliance rules that were evaluated against the resource, along with their statuses. {{< img src="security/cspm/findings/resource-rules-evaluated2.png" alt="Group and aggregate by resource in search" style="width:65%;">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md index cee66dc9b35d5..76320837b0b73 100644 --- a/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md +++ b/content/en/security/cloud_security_management/misconfigurations/findings/export_misconfigurations.md @@ -11,7 +11,7 @@ further_reading: text: "Learn about frameworks and industry benchmarks" --- -To export the list of misconfigurations from the [Misconfigurations Explorer][1] as a CSV, click **Download as CSV** on the Misconfigurations Explorer, select the maximum number of misconfigurations to export, and then click **Download as CSV**. You can export up to a maximum of 50,000 misconfigurations. +To export the list of misconfigurations from the [Misconfigurations explorer][1] as a CSV, click **Download as CSV**, select the maximum number of misconfigurations to export, and then click **Download as CSV**. You can export up to a maximum of 50,000 misconfigurations. {{< img src="security/cspm/findings/export-csv.png" alt="The Export Misconfigurations as CSV dialog box with option to specify the maximum number of misconfigurations to export" style="width:65%;">}} diff --git a/content/en/security/cloud_security_management/misconfigurations/kspm.md b/content/en/security/cloud_security_management/misconfigurations/kspm.md index c08b1b4cfdea4..da962e08b9022 100644 --- a/content/en/security/cloud_security_management/misconfigurations/kspm.md +++ b/content/en/security/cloud_security_management/misconfigurations/kspm.md @@ -36,7 +36,7 @@ This allows Datadog to detect risks in your Kubernetes deployments for each of t ## Monitor risk across Kubernetes deployments -With KSPM, Datadog scans your environment for risks defined by more than 50+ out-of-the-box Kubernetes detection rules. When at least one case defined in a rule is matched over a given period of time, [a notification alert is sent][6], and a finding is generated in the [Misconfigurations Explorer][11]. +With KSPM, Datadog scans your environment for risks defined by more than 50+ out-of-the-box Kubernetes detection rules. When at least one case defined in a rule is matched over a given period of time, [a notification alert is sent][6], and a finding is generated in the [Misconfigurations explorer][11]. Each finding contains the context you need to identify the issue's impact, such as the full resource configuration, resource-level tags, and a map of the resource's relationships with other components of your infrastructure. After you understand the problem and its impact, you can start remediating the issue by [creating a Jira ticket][7] from within Cloud Security or by [executing a pre-defined workflow][8]. diff --git a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md index 65b9bd5127366..d143223db02d3 100644 --- a/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md +++ b/content/en/security/cloud_security_management/misconfigurations/signals_explorer.md @@ -17,7 +17,7 @@ further_reading: ## Overview -In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations Explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [CSM Threats][3]. +In addition to reviewing and fixing cloud misconfigurations directly in the [Misconfigurations explorer page][1], you can set notifications for failed misconfigurations, and configure signals to correlate and triage misconfigurations in the same place as real-time threats that are generated by [Cloud SIEM][2] and [CSM Threats][3]. ## Reduce alert fatigue with security posture signals diff --git a/content/en/security/cloud_security_management/review_remediate/jira.md b/content/en/security/cloud_security_management/review_remediate/jira.md index 2df76f414eae5..e21b93a7ff0a1 100644 --- a/content/en/security/cloud_security_management/review_remediate/jira.md +++ b/content/en/security/cloud_security_management/review_remediate/jira.md @@ -38,7 +38,7 @@ To create Jira issues for Cloud Security security issues, you must configure the To create a Jira issue for one or more resources impacted by a misconfiguration: -1. On the [Misconfigurations Explorer][1], select a misconfiguration. +1. On the [Misconfigurations explorer][1], select a misconfiguration. 2. Under **Resources Impacted**, select one or more findings. 3. On the **Actions** dropdown menu that appears on top, select **Create Jira Issue**. 4. Choose whether to create a single issue or multiple issues (one issue for each resource). @@ -49,7 +49,7 @@ To create a Jira issue for one or more resources impacted by a misconfiguration: You can also create a Jira issue from the standalone issue side panel. -1. On the [Misconfigurations Explorer][1], set the Group By filter to **Resources**. +1. On the [Misconfigurations explorer][1], set the Group By filter to **Resources**. 2. Select a resource. 3. On the **Misconfigurations** tab, select a misconfiguration. 4. Click **Create Jira Issue**. @@ -68,7 +68,7 @@ After you create the issue, a link to the Jira issue is displayed on the side pa To create a Jira issue for one or more resources impacted by an identity risk: -1. On the [Identity Risks Explorer][1], select an identity risk. +1. On the [Identity Risks explorer][1], select an identity risk. 2. Under **Resources Impacted**, select one or more findings. 3. On the **Actions** dropdown menu that appears on top, select **Create Jira Issue**. 4. Choose whether to create a single issue or multiple issues (one issue for each resource). @@ -79,7 +79,7 @@ To create a Jira issue for one or more resources impacted by an identity risk: You can also create a Jira issue from the standalone issue side panel. -1. On the [Identity Risks Explorer][1], set the Group By filter to **Resources**. +1. On the [Identity Risks explorer][1], set the Group By filter to **Resources**. 2. Select a resource. 3. On the **Misconfigurations** tab, select an identity risk. 4. Click **Create Jira Issue**. diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index b9bc48511bced..083bd61efbf1a 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -70,7 +70,7 @@ Get started with Cloud Security Vulnerabilities and cover your infrastructure in You can also use both deployment methods to use the unified Datadog Agent where you already have it deployed, and Agentless elsewhere. -After you've enabled it, Datadog starts scanning your resources continuously, and starts reporting prioritized vulnerabilities in your [Cloud Security Vulnerability Explorer][1] within an hour. +After you've enabled it, Datadog starts scanning your resources continuously, and starts reporting prioritized vulnerabilities in your [Cloud Security Vulnerabilities explorer][1] within an hour. Use these tables to decide which solution to start with: | Feature | Agentless | Unified Datadog Agent | @@ -91,13 +91,13 @@ Use these tables to decide which solution to start with: For more information on compatibility, see [Cloud Security Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com. ## Continuously detect, prioritize, and remediate exploitable vulnerabilities -The [Cloud Security Vulnerabilities Explorer][1] helps you investigate vulnerabilities detected across your container images, host images, running hosts, and serverless functions using filtering and grouping capabilities. +The [Cloud Security Vulnerabilities explorer][1] helps you investigate vulnerabilities detected across your container images, host images, running hosts, and serverless functions using filtering and grouping capabilities. Focus on exploitable vulnerabilities first, using the Datadog Severity Score, combining the base CVSS score with many risk factors, including sensitive data, environment sensitivity, exposure to attacks, exploit availability, or threat intelligence sources. -For vulnerabilities with available fixes, the Explorer provides guided remediation steps to assist Dev and Ops teams in resolving issues more quickly and effectively. You can also triage, mute, comment, and assign vulnerabilities to manage their lifecycle. +For vulnerabilities with available fixes, the explorer provides guided remediation steps to assist Dev and Ops teams in resolving issues more quickly and effectively. You can also triage, mute, comment, and assign vulnerabilities to manage their lifecycle. -{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerability Explorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} +{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerabilities Eeplorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} ## Automation and Jira integration Make Cloud Security Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: diff --git a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md index fc52fe61c0da4..66d58c9a161d4 100644 --- a/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md +++ b/layouts/shortcodes/appsec-getstarted-2-plusrisk.en.md @@ -6,7 +6,7 @@ **Note**: The `dd-test-scanner-log` value is supported in the most recent releases. - A few minutes after you enable your application and send known attack patterns to it, threat information appears in the [Application Signals Explorer][201] and vulnerability information appears in the [Vulnerability Explorer][204]. + A few minutes after you enable your application and send known attack patterns to it, threat information appears in the [Application Signals Explorer][201] and vulnerability information appears in the [Vulnerabilities explorer][204]. [201]: https://app.datadoghq.com/security/appsec [202]: /security/default_rules/#cat-application-security From 058cbaf47c1330be68bd5b7506d38cb76a5feb7b Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Fri, 11 Apr 2025 13:07:47 -0600 Subject: [PATCH 18/28] Remove outdated blog links --- content/en/security/application_security/_index.md | 9 --------- .../en/security/application_security/how-appsec-works.md | 8 -------- .../threats/setup/standalone/_index.md | 3 --- .../threats/setup/threat_detection/_index.md | 3 --- 4 files changed, 23 deletions(-) diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md index cd90bc16f1973..5861c3002f7cb 100644 --- a/content/en/security/application_security/_index.md +++ b/content/en/security/application_security/_index.md @@ -20,18 +20,9 @@ further_reading: - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/" tag: "Product Page" text: "Datadog App and API Protection" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog AAP" - link: "https://www.datadoghq.com/blog/apm-security-view/" tag: "Blog" text: "Gain visibility into risks, vulnerabilities, and attacks with APM Security View" -- link: "https://www.datadoghq.com/blog/block-attackers-application-security-management-datadog/" - tag: "Blog" - text: "Block attackers in your apps and APIs with Datadog App and API Protection" -- link: "https://www.datadoghq.com/blog/threat-modeling-datadog-application-security-management/" - tag: "Blog" - text: "Threat modeling with Datadog App and API Protection" - link: "https://www.datadoghq.com/blog/aws-waf-datadog/" tag: "Blog" text: "Monitor AWS WAF activity with Datadog" diff --git a/content/en/security/application_security/how-appsec-works.md b/content/en/security/application_security/how-appsec-works.md index ed61b18eabced..ed52c1dcdd868 100644 --- a/content/en/security/application_security/how-appsec-works.md +++ b/content/en/security/application_security/how-appsec-works.md @@ -4,10 +4,6 @@ aliases: - /security_platform/guide/how-appsec-works/ - /security_platform/application_security/how-appsec-works/ - /security/guide/how-appsec-works/ -further_reading: -- link: "https://www.datadoghq.com/blog/datadog-application-security/" - tag: "Blog" - text: "Introducing Datadog Application Security" --- {{< site-region region="gov" >}} @@ -124,10 +120,6 @@ Datadog Application Security provides visibility into threats targeting your API Datadog Application Security identifies Log4j Log4Shell attack payloads and provides visibility into vulnerable apps that attempt to remotely load malicious code. When used in tandem with the rest of [Datadog's Cloud SIEM][16], you can investigate to identify common post-exploitation activity, and proactively remediate potentially vulnerable Java web services acting as an attack vector. -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - [1]: /security/application_security/threats/ [2]: /tracing/software_catalog/#security-view [3]: /tracing/services/service_page/#security diff --git a/content/en/security/application_security/threats/setup/standalone/_index.md b/content/en/security/application_security/threats/setup/standalone/_index.md index 44f4729165844..4477c23b1671a 100644 --- a/content/en/security/application_security/threats/setup/standalone/_index.md +++ b/content/en/security/application_security/threats/setup/standalone/_index.md @@ -17,9 +17,6 @@ further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" text: "How Application & API Protection Works in Datadog" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog AAP" --- ## Prerequisites diff --git a/content/en/security/application_security/threats/setup/threat_detection/_index.md b/content/en/security/application_security/threats/setup/threat_detection/_index.md index c91aacadb4e6f..534ea48f6b1d1 100644 --- a/content/en/security/application_security/threats/setup/threat_detection/_index.md +++ b/content/en/security/application_security/threats/setup/threat_detection/_index.md @@ -20,9 +20,6 @@ further_reading: - link: "/security/application_security/how-appsec-works/" tag: "Documentation" text: "How App and API Protection Works in Datadog" -- link: "https://www.datadoghq.com/blog/secure-serverless-applications-with-datadog-asm/" - tag: "Blog" - text: "Secure serverless applications with Datadog AAP" --- ## Prerequisites From 62d4a1a2c05393487a619ba09f5afb4214d53b32 Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Fri, 11 Apr 2025 13:10:05 -0600 Subject: [PATCH 19/28] Undo change to single-source doc --- content/en/security/threats/agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/threats/agent.md b/content/en/security/threats/agent.md index e8493f7f90385..4a990bbba0112 100644 --- a/content/en/security/threats/agent.md +++ b/content/en/security/threats/agent.md @@ -1,5 +1,5 @@ --- -description: Agent expression attributes and operators for CSM Threat Rules +description: Agent expression attributes and operators for CSM Threats Rules disable_edit: true further_reading: - link: /security/cloud_workload_security/getting_started/ From 0707c74955115c98f1dfe60a80ef55d07093e722 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Fri, 11 Apr 2025 13:15:44 -0600 Subject: [PATCH 20/28] Remove redundant header content --- .../setup/supported_deployment_types.md | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/content/en/security/cloud_security_management/setup/supported_deployment_types.md b/content/en/security/cloud_security_management/setup/supported_deployment_types.md index dfe803d6a930c..b48be075dc057 100644 --- a/content/en/security/cloud_security_management/setup/supported_deployment_types.md +++ b/content/en/security/cloud_security_management/setup/supported_deployment_types.md @@ -6,32 +6,32 @@ title: Cloud Security Supported Deployment Types The following table summarizes the Cloud Security features available relative to each deployment type. -| Deployment type | Agent Required (7.46+) | Cloud Security Misconfigurations | CSM Threats | Cloud Security Vulnerabilities | Cloud Security Identity Risks | Cloud Security Agentless Scanning | -|---------------------|------------------------|-----------------------|-------------|------------------------------|--------------------|------------------------| -| AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | -| Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | -| GCP Account | | {{< X >}} | | | | | -| Terraform | | | | | | {{< X >}} | -| Docker | {{< X >}} | {{< X >}} | {{< X >}} | | | | -| Kubernetes | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Linux | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Amazon ECS/EKS | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | -| Windows | {{< X >}} | | {{< X >}} | {{< X >}} | | | -| AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | +| Deployment type | Agent Required (7.46+) | Misconfigurations | CSM Threats | Vulnerabilities | Identity Risks | Agentless Scanning | +|---------------------|------------------------|-------------------|-------------|------------------------------|----------------|--------------------| +| AWS Account | | {{< X >}} | | {{< X >}} | {{< X >}} | {{< X >}} | +| Azure Account | | {{< X >}} | | Agentless Scanning (Preview) | {{< X >}} | | +| GCP Account | | {{< X >}} | | | | | +| Terraform | | | | | | {{< X >}} | +| Docker | {{< X >}} | {{< X >}} | {{< X >}} | | | | +| Kubernetes | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Linux | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Amazon ECS/EKS | {{< X >}} | {{< X >}} | {{< X >}} | {{< X >}} | | | +| Windows | {{< X >}} | | {{< X >}} | {{< X >}} | | | +| AWS Fargate ECS/EKS | {{< X >}} | | {{< X >}} | | | | The following table summarizes the scope of coverage available relative to each Cloud Security feature. -| Resources monitored | Cloud Security Misconfigurations | CSM Threats | Cloud Security Vulnerabilities | Cloud Security Identity Risks | Cloud Security Agentless scanning | -|---------------------------------|-----------------------|-------------|---------------------|--------------------|------------------------| -| Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | -| Resources in Azure Subscription | {{< X >}} | | | | | -| Resources in GCP Project | {{< X >}} | | | | | -| Kubernetes Cluster | {{< X >}} | {{< X >}} | | | | -| Docker Host | {{< X >}} | | | | | -| Linux Host | {{< X >}} | {{< X >}} | {{< X >}} | | {{< X >}} | -| Windows Host | | {{< X >}} | {{< X >}} | | | -| Docker Container | | {{< X >}} | | | | -| Container Image | | | {{< X >}} | | {{< X >}} | -| IAM in AWS Account | | | | {{< X >}} | | +| Resources monitored | Misconfigurations | CSM Threats | Vulnerabilities | Identity Risks | Agentless scanning | +|---------------------------------|-------------------|-------------|-----------------|----------------|--------------------| +| Resources in AWS Account | {{< X >}} | | {{< X >}} | | {{< X >}} | +| Resources in Azure Subscription | {{< X >}} | | | | | +| Resources in GCP Project | {{< X >}} | | | | | +| Kubernetes Cluster | {{< X >}} | {{< X >}} | | | | +| Docker Host | {{< X >}} | | | | | +| Linux Host | {{< X >}} | {{< X >}} | {{< X >}} | | {{< X >}} | +| Windows Host | | {{< X >}} | {{< X >}} | | | +| Docker Container | | {{< X >}} | | | | +| Container Image | | | {{< X >}} | | {{< X >}} | +| IAM in AWS Account | | | | {{< X >}} | | **Note**: Cloud Security Misconfigurations additionally monitors common resources used in your cloud accounts that are running Windows and AWS Fargate, such as EC2 instances, RDS, S3, and ELB. From a4f1c3b7365ef146ac0a1c876faefde29733217e Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Fri, 11 Apr 2025 15:57:23 -0400 Subject: [PATCH 21/28] Apply suggestions from code review Co-authored-by: DeForest Richards <56796055+drichards-87@users.noreply.github.com> --- content/en/developers/guide/data-collection-resolution.md | 2 +- .../getting_started/security/cloud_security_management.md | 2 +- .../en/security/cloud_security_management/setup/_index.md | 2 +- .../cloud_security_management/troubleshooting/threats.md | 8 ++++---- .../cloud_security_management/vulnerabilities/_index.md | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/en/developers/guide/data-collection-resolution.md b/content/en/developers/guide/data-collection-resolution.md index e959aa2bbd324..8c3e5a3c61a75 100644 --- a/content/en/developers/guide/data-collection-resolution.md +++ b/content/en/developers/guide/data-collection-resolution.md @@ -32,7 +32,7 @@ Find below a summary of Datadog data [collection][1] and [resolution][2]. See in | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | | Cloud Security | Findings | Datadog Cloud Security Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | -| CSM Threats | Signals | Datadog Cloud Security Threats | Real time | 1 millisecond | +| CSM Threats | Signals | Datadog Cloud Security Management Threats | Real time | 1 millisecond | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | | DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | diff --git a/content/en/getting_started/security/cloud_security_management.md b/content/en/getting_started/security/cloud_security_management.md index 70e58b65e4082..4bfa2fa735f11 100644 --- a/content/en/getting_started/security/cloud_security_management.md +++ b/content/en/getting_started/security/cloud_security_management.md @@ -89,5 +89,5 @@ For information on disabling Cloud Security, see the following: [30]: https://app.datadoghq.com/security/infra-vulnerability [31]: https://app.datadoghq.com/security/configuration/reports [32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities -[33]: /security/cloud_security_management/troubleshooting/threats/#disable-cloud-security-threats +[33]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats [34]: /security/cloud_security_management/setup/cloud_integrations \ No newline at end of file diff --git a/content/en/security/cloud_security_management/setup/_index.md b/content/en/security/cloud_security_management/setup/_index.md index 16abc1435edfd..8a504f8f3d715 100644 --- a/content/en/security/cloud_security_management/setup/_index.md +++ b/content/en/security/cloud_security_management/setup/_index.md @@ -153,5 +153,5 @@ For information on disabling Cloud Security, see the following: [6]: /security/cloud_security_management/identity_risks [7]: /security/cloud_security_management/setup/cloud_accounts [8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-cloud-security-vulnerabilities -[9]: /security/cloud_security_management/troubleshooting/threats/#disable-cloud-security-threats +[9]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats [10]: /security/cloud_security_management/setup/iac_scanning \ No newline at end of file diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index c40a79e48c831..46a7697b58989 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting Cloud Security Vulnerabilities" --- -If you experience issues with Cloud Security Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare @@ -113,7 +113,7 @@ DD_RUNTIME_SECURITY_CONFIG_ENABLED=false Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime config: -1. Disable Cloud Security in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +1. Disable CSM in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="system-probe.yaml" disable_copy="false" collapsible="true" >}} ########################################## @@ -126,7 +126,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime runtime_security_config: ## @param enabled - boolean - optional - default: false - ## Set to true to enable full Cloud Security. + ## Set to true to enable full CSM. # enabled: false @@ -139,7 +139,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime # # socket: /opt/datadog-agent/run/runtime-security.sock {{< /code-block >}} -2. Disable Cloud Security in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +2. Disable CSM in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="security-agent.yaml" disable_copy="false" collapsible="true" >}} ########################################## diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index 083bd61efbf1a..3e4a875346fa6 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -97,7 +97,7 @@ Focus on exploitable vulnerabilities first, using the Datadog Severity Score, co For vulnerabilities with available fixes, the explorer provides guided remediation steps to assist Dev and Ops teams in resolving issues more quickly and effectively. You can also triage, mute, comment, and assign vulnerabilities to manage their lifecycle. -{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerabilities Eeplorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} +{{< img src="security/vulnerabilities/csm-vm-explorer-actionability.png" alt="The Cloud Security Vulnerabilities Explorer displaying a vulnerability and the actions a user can take to remediate it" width="100%">}} ## Automation and Jira integration Make Cloud Security Vulnerabilities part of your daily workflow by setting up [security notification rules][17] and [automation pipelines (in Preview)][20]: From a4706670a307e3258d393339393b3ff657ed1d04 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Fri, 11 Apr 2025 15:20:46 -0600 Subject: [PATCH 22/28] Fix stray old acronym --- content/en/security/detection_rules/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/detection_rules/_index.md b/content/en/security/detection_rules/_index.md index 17730a1e6d193..b91a47705462d 100644 --- a/content/en/security/detection_rules/_index.md +++ b/content/en/security/detection_rules/_index.md @@ -45,7 +45,7 @@ Out-of-the box rules are available for the following security products: - [Cloud Security Misconfigurations][4] uses cloud configuration and infrastructure configuration detection rules to scan the state of your cloud environment. - [Workload Protection][5] uses the Datadog Agent and detection rules to actively monitor and evaluate system activity. - [Cloud Security Identity Risks][6] uses detection rules to detect IAM-based risks in your cloud infrastructure. -- [App and API Protection][7] (ASM) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. +- [App and API Protection][7] (AAP) leverages Datadog [APM][8], the [Datadog Agent][9], and detection rules to detect threats in your application environment. ## Beta detection rules From fea57a22453e5d7ea0a89c69b7b12114c6c0bd3d Mon Sep 17 00:00:00 2001 From: DeForest Richards <56796055+drichards-87@users.noreply.github.com> Date: Fri, 11 Apr 2025 15:23:28 -0600 Subject: [PATCH 23/28] Update content/en/security/_index.md --- content/en/security/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 24fff87eb856f..a7d6bb497142e 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -87,7 +87,7 @@ cascade: Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization's shared goals. -Datadog Security includes [Application Security](#application-security), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security). To learn more, check out the [30-second Product Guided Tour][14]. +Datadog Security includes [App and API Protection](#app-and-api-protection), [Cloud SIEM](#cloud-siem), and [Cloud Security](#cloud-security). To learn more, check out the [30-second Product Guided Tour][14]. ## App and API Protection From 07ed6ff0eabcacdcb1ede21b04e0bcb3cd113a5d Mon Sep 17 00:00:00 2001 From: DeForest Richards <56796055+drichards-87@users.noreply.github.com> Date: Fri, 11 Apr 2025 15:23:34 -0600 Subject: [PATCH 24/28] Update content/en/security/application_security/serverless/_index.md --- content/en/security/application_security/serverless/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index e4a74d183e18d..69c68522dc0ae 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -56,7 +56,7 @@ To install and configure the Datadog Serverless Framework plugin: ```yaml custom: datadog: - enableAAP: true + enableASM: true ``` Overall, your new `serverless.yml` file should contain at least: From d1d4f6ecfcb41aef4b42d353ed6348ab545d4b04 Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Fri, 11 Apr 2025 15:41:19 -0600 Subject: [PATCH 25/28] Update data collection resolution --- content/en/developers/guide/data-collection-resolution.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/developers/guide/data-collection-resolution.md b/content/en/developers/guide/data-collection-resolution.md index 1c3c749c0cacc..d3cbed54e5e83 100644 --- a/content/en/developers/guide/data-collection-resolution.md +++ b/content/en/developers/guide/data-collection-resolution.md @@ -31,8 +31,8 @@ Find below a summary of Datadog data [collection][1] and [resolution][2]. See in | Cloud Cost Management | Azure | Cost Exports | 1 hour | 1 day | | Cloud Cost Management | Google Cloud | Detailed Usage Cost Export | 1 hour | 1 day | | Cloud SIEM | Security Signals | Datadog Cloud SIEM | Real time | 1 millisecond | -| Cloud Security | Findings | Datadog Cloud Security Management Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | -| Workload Protection | Signals | Datadog Cloud Security Management Threats | Real time | 1 millisecond | +| Cloud Security | Findings | Datadog Cloud Security Misconfigurations | 15 minutes to 4 hours depending on resource type | 1 minute | +| Workload Protection | Signals | Datadog Workload Protection | Real time | 1 millisecond | | Database Monitoring | Query Metrics | Datadog Agent + enabled integrations | 10 seconds | 1 second | | Database Monitoring | Query Samples | Datadog Agent + enabled integrations | 1 minute | n/a | | DORA Metrics | Deployments, Failures | API, Datadog products | Data source-dependent | 1 millisecond | From f6118f2a2f50465cff22b100a6ecc7585bf403d2 Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Fri, 11 Apr 2025 17:33:59 -0600 Subject: [PATCH 26/28] Fix stay product names --- content/en/data_security/data_retention_periods.md | 2 +- content/en/developers/guide/data-collection-resolution.md | 2 +- .../cloud_security_management/troubleshooting/threats.md | 8 ++++---- content/en/security/default_rules/_index.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/en/data_security/data_retention_periods.md b/content/en/data_security/data_retention_periods.md index 263a8d2ac7fcf..579ea09a5c35b 100644 --- a/content/en/data_security/data_retention_periods.md +++ b/content/en/data_security/data_retention_periods.md @@ -40,7 +40,7 @@ attributes: - product: Cloud Cost Management data_type: | - **Recommendations**: 90 days - - product: Cloud Security Management + - product: Cloud Security data_type: | - **Findings and resolved vulnerabilities**: 15 months - product: Cloud SIEM diff --git a/content/en/developers/guide/data-collection-resolution.md b/content/en/developers/guide/data-collection-resolution.md index d3cbed54e5e83..75bcb09cfa924 100644 --- a/content/en/developers/guide/data-collection-resolution.md +++ b/content/en/developers/guide/data-collection-resolution.md @@ -18,7 +18,7 @@ Find below a summary of Datadog data [collection][1] and [resolution][2]. See in | APM | Services/resources statistics and span summaries | Datadog Agent + tracing library | 10 seconds | 10 seconds | | APM | Indexed spans | Datadog Agent + tracing library | 10 seconds | 1 millisecond | | APM | Trace metrics (unsampled) | Datadog Agent + tracing library | 10 seconds | 1 second | -| ASM | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | +| AAP | Suspicious requests | Datadog Agent + tracing library | 10 seconds | 1 millisecond | | Audit Trail | Datadog audit events | Datadog usage activity | n/a | 1 second | | CI Visibility | Pipeline, Stage, Job, Step, Command span | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | | CD Visibility | Deployment execution | Webhooks, Datadog Agent + plugin | Data source-dependent | 1 millisecond | diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index 9af56a3a366f8..d71c641110f40 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -9,7 +9,7 @@ further_reading: text: "Troubleshooting Cloud Security Vulnerabilities" --- -If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. +If you experience issues with Workload Protection, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1]. ## Security Agent flare @@ -113,7 +113,7 @@ DD_RUNTIME_SECURITY_CONFIG_ENABLED=false Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime config: -1. Disable CSM in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +1. Disable Workload Protection in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="system-probe.yaml" disable_copy="false" collapsible="true" >}} ########################################## @@ -126,7 +126,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime runtime_security_config: ## @param enabled - boolean - optional - default: false - ## Set to true to enable full CSM. + ## Set to true to enable full Workload Protection. # enabled: false @@ -139,7 +139,7 @@ Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime # # socket: /opt/datadog-agent/run/runtime-security.sock {{< /code-block >}} -2. Disable CSM in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: +2. Disable Workload Protection in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`: {{< code-block lang="yaml" filename="security-agent.yaml" disable_copy="false" collapsible="true" >}} ########################################## diff --git a/content/en/security/default_rules/_index.md b/content/en/security/default_rules/_index.md index dc9afaabea063..97e9f1374dce8 100644 --- a/content/en/security/default_rules/_index.md +++ b/content/en/security/default_rules/_index.md @@ -38,7 +38,7 @@ Datadog provides out-of-the-box (OOTB) [detection rules][1] to flag attacker tec
Datadog's Security Research team continuously adds new OOTB security detection rules. While the aim is to deliver high-quality detections with the release of integrations or other new features, the performance of these detections at scale often needs to be observed before making the rule generally available. These rules contain a Beta tag. This gives Datadog's Security Research team time to either refine or deprecate detection opportunities that do not meet Datadog's standards.
-Click the following buttons to filter the detection rules. Security detection rules are available for [App and API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [CSM Misconfigurations][3] (cloud and infrastructure), [Workload Protection][4], [CSM Identity Risks][6], and [Attack Paths][7]. +Click the following buttons to filter the detection rules. Security detection rules are available for [App and API Protection][5], [Cloud SIEM][2] (log detection and signal correlation), [Cloud Security Misconfigurations][3] (cloud and infrastructure), [Workload Protection][4], [Cloud Security Identity Risks][6], and [Attack Paths][7]. [1]: /security/detection_rules/ [2]: /security/cloud_siem/ From 84af7e224ef10e295d54aa1b26befc5be637c46e Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Fri, 11 Apr 2025 17:35:12 -0600 Subject: [PATCH 27/28] Minor edit --- .../cloud_security_management/troubleshooting/threats.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/cloud_security_management/troubleshooting/threats.md b/content/en/security/cloud_security_management/troubleshooting/threats.md index d71c641110f40..2528bac820585 100644 --- a/content/en/security/cloud_security_management/troubleshooting/threats.md +++ b/content/en/security/cloud_security_management/troubleshooting/threats.md @@ -19,7 +19,7 @@ The flare asks for confirmation before upload, so you may review the content bef In the commands below, replace `` with your Datadog support case ID if you have one, then enter the email address associated with it. -If you don't have a case ID, just enter your email address used to login in Datadog to create a new support case. +If you don't have a case ID, enter your email address used to login in Datadog to create a new support case. | Platform | Command | | -------- | ------- | From 6b517e520a707d9efc670070d0bfeacb403f40fc Mon Sep 17 00:00:00 2001 From: DeForest Richards <56796055+drichards-87@users.noreply.github.com> Date: Fri, 11 Apr 2025 17:43:33 -0600 Subject: [PATCH 28/28] Update content/en/security/application_security/serverless/_index.md --- content/en/security/application_security/serverless/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/security/application_security/serverless/_index.md b/content/en/security/application_security/serverless/_index.md index 69c68522dc0ae..4f92946f65409 100644 --- a/content/en/security/application_security/serverless/_index.md +++ b/content/en/security/application_security/serverless/_index.md @@ -65,7 +65,7 @@ To install and configure the Datadog Serverless Framework plugin: datadog: apiKeySecretArn: "{Datadog_API_Key_Secret_ARN}" # or apiKey enableDDTracing: true - enableAAP: true + enableASM: true ``` See also the complete list of [plugin parameters][4] to further configure your lambda settings.