diff --git a/config/_default/params.yaml b/config/_default/params.yaml index 6169783215d37..c3d404dc13f34 100644 --- a/config/_default/params.yaml +++ b/config/_default/params.yaml @@ -102,7 +102,9 @@ code_language_ids: native: Native other: Other linux: Linux + macos: macOS windows: Windows + aws-fargate: "AWS Fargate" opentelemetry: OpenTelemetry ddprof: "Rust/C/C++" full_host: "Full Host" @@ -285,4 +287,4 @@ unsupported_sites: universal_service_monitoring: [gov] watchdog_faulty_service_deployment: [us3,us5,eu,ap1,gov] workflow-automation: [gov] - workflows: [gov] \ No newline at end of file + workflows: [gov] diff --git a/content/en/security/application_security/setup/_index.md b/content/en/security/application_security/setup/_index.md index d019482dd421e..78994c8ef2541 100644 --- a/content/en/security/application_security/setup/_index.md +++ b/content/en/security/application_security/setup/_index.md @@ -38,18 +38,29 @@ Learn how to enable App and API Protection on all the following supported platfo {{< appsec-integration name="Istio" avatar="istio" link="./istio" >}} {{< /appsec-integrations >}} -## Cloud and Container Platforms +## Hosts -### Kubernetes (K8s) +{{< appsec-integrations >}} + {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} + {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} + {{< appsec-integration name="macOS" avatar="apple" link="./macos" >}} + {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} +{{< /appsec-integrations >}} + +## Kubernetes (K8s) {{< appsec-integrations >}} + {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} {{< appsec-integration name="Istio" avatar="istio" link="./istio" >}} {{< /appsec-integrations >}} +## Cloud Platforms + ### Amazon Web Services (AWS) {{< appsec-integrations >}} {{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="./aws/lambda" >}} + {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws/fargate" >}} {{< /appsec-integrations >}} ### Google Cloud Platform (GCP) diff --git a/content/en/security/application_security/setup/aws/fargate/_index.md b/content/en/security/application_security/setup/aws/fargate/_index.md new file mode 100644 index 0000000000000..71bfc61bb3c60 --- /dev/null +++ b/content/en/security/application_security/setup/aws/fargate/_index.md @@ -0,0 +1,41 @@ +--- +title: Setup App and API Protection on AWS Fargate +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your AWS Fargate tasks by selecting the programming language your task is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python" >}} + {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs" >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/aws-fargate" >}} + {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} + {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} + {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/docker/_index.md b/content/en/security/application_security/setup/docker/_index.md new file mode 100644 index 0000000000000..f8359e86fd581 --- /dev/null +++ b/content/en/security/application_security/setup/docker/_index.md @@ -0,0 +1,41 @@ +--- +title: Setup App and API Protection on Linux +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your Docker containers by selecting the programming language your containerized service is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python" >}} + {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs" >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/docker" >}} + {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} + {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} + {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/java.md b/content/en/security/application_security/setup/java.md deleted file mode 100644 index 53623d685506e..0000000000000 --- a/content/en/security/application_security/setup/java.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Enabling AAP for Java -code_lang: java -type: multi-code-lang -code_lang_weight: 0 -aliases: - - /security_platform/application_security/getting_started/java - - /security/application_security/getting_started/java - - /security/application_security/threats/setup/threat_detection/java - - /security/application_security/threats_detection/java - - /security/application_security/setup/aws/fargate/java -further_reading: -- link: "/security/application_security/add-user-info/" - tag: "Documentation" - text: "Adding user information to traces" -- link: 'https://github.com/DataDog/dd-trace-java' - tag: "Source Code" - text: 'Java Datadog library source code' -- link: "/security/default_rules/?category=cat-application-security" - tag: "Documentation" - text: "OOTB App and API Protection Rules" -- link: "/security/application_security/troubleshooting" - tag: "Documentation" - text: "Troubleshooting App and API Protection" - ---- - -You can monitor App and API Protection for Java apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. - -{{% appsec-getstarted %}} - -## Enabling threat detection -### Get started - -1. **Update your [Datadog Java library][1]** to at least version 0.94.0: - - {{< tabs >}} - {{% tab "Wget" %}} - ```shell - wget -O dd-java-agent.jar 'https://dtdg.co/latest-java-tracer' - ``` -{{% /tab %}} -{{% tab "cURL" %}} - ```shell - curl -Lo dd-java-agent.jar 'https://dtdg.co/latest-java-tracer' - ``` -{{% /tab %}} -{{% tab "Dockerfile" %}} - ```dockerfile - ADD 'https://dtdg.co/latest-java-tracer' dd-java-agent.jar - ``` -{{% /tab %}} -{{< /tabs >}} - - To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][2]. - -1. **Run your Java application with AAP enabled.** From the command line: - ```shell - java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar - ``` - - Or one of the following methods, depending on where your application runs: - - **Note:** Read-only file systems are not currently supported. The application must have access to a writable `/tmp` directory. - - {{< tabs >}} -{{% tab "Docker CLI" %}} - -Update your configuration container for APM by adding the following argument in your `docker run` command: - - -```shell -docker run [...] -e DD_APPSEC_ENABLED=true [...] -``` - -{{% /tab %}} -{{% tab "Dockerfile" %}} - -Add the following environment variable value to your container Dockerfile: - -```Dockerfile -ENV DD_APPSEC_ENABLED=true -``` - -{{% /tab %}} -{{% tab "Kubernetes" %}} - -Update your deployment configuration file for APM and add the AAP environment variable: - -```yaml -spec: - template: - spec: - containers: - - name: - image: / - env: - - name: DD_APPSEC_ENABLED - value: "true" -``` - -{{% /tab %}} -{{% tab "Amazon ECS" %}} - -Update your ECS task definition JSON file, by adding this in the environment section: - -```json -"environment": [ - ..., - { - "name": "DD_APPSEC_ENABLED", - "value": "true" - } -] -``` - -{{% /tab %}} -{{% tab "AWS Fargate" %}} - -Set the `-Ddd.appsec.enabled` flag or the `DD_APPSEC_ENABLED` environment variable to `true` in your service invocation: - -```shell -java -javaagent:dd-java-agent.jar \ - -Ddd.appsec.enabled=true \ - -jar .jar \ - -``` - -{{% /tab %}} - - {{< /tabs >}} - -{{% appsec-getstarted-2-plusrisk %}} - -{{< img src="/security/application_security/appsec-getstarted-threat-and-vuln_2.mp4" alt="Video showing Signals explorer and details, and Vulnerabilities explorer and details." video="true" >}} - - -If you need additional assistance, contact [Datadog support][5]. - -## Using AAP without APM tracing - -If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled: - -1. Configure your tracing library with the `DD_APM_TRACING_ENABLED=false` environment variable in addition to the `DD_APPSEC_ENABLED=true` environment variable. -2. This configuration will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. - -For more details, see [Standalone App and API Protection][standalone_billing_guide]. -[standalone_billing_guide]: /security/application_security/guide/standalone_application_security/ - -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - -[1]: https://github.com/DataDog/dd-trace-java/releases -[2]: /security/application_security/setup/compatibility/java/ -[3]: /security/application_security/setup/compatibility/java/ -[4]: https://app.datadoghq.com/security/appsec/vm -[5]: /help -[6]: /agent/versions/upgrade_between_agent_minor_versions/ diff --git a/content/en/security/application_security/setup/java/_index.md b/content/en/security/application_security/setup/java/_index.md new file mode 100644 index 0000000000000..b7c07fd36d8ff --- /dev/null +++ b/content/en/security/application_security/setup/java/_index.md @@ -0,0 +1,49 @@ +--- +title: Enabling App and API Protection for Java +aliases: + - /security_platform/application_security/getting_started/java + - /security/application_security/getting_started/java + - /security/application_security/threats/setup/threat_detection/java + - /security/application_security/threats_detection/java +further_reading: +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Adding user information to traces" +- link: 'https://github.com/DataDog/dd-trace-java' + tag: "Source Code" + text: 'Java Datadog library source code' +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{< partial name="app_and_api_protection/callout.html" >}} + +{{% app_and_api_protection_java_overview showSetup="false" %}} + +## Environments + +### Hosts +{{< appsec-integrations >}} + {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} + {{< appsec-integration name="macOS" avatar="apple" link="./macos" >}} + {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} +{{< /appsec-integrations >}} + +### Cloud and Container Platforms +{{< appsec-integrations >}} +{{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} +{{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} +{{< /appsec-integrations >}} + +### AWS +{{< appsec-integrations >}} +{{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} +{{< /appsec-integrations >}} + +## Additional Resources + +- [Troubleshooting Guide](java/troubleshooting) +- [Compatibility Information](java/compatibility) diff --git a/content/en/security/application_security/setup/java/aws-fargate.md b/content/en/security/application_security/setup/java/aws-fargate.md new file mode 100644 index 0000000000000..9eacc967077a5 --- /dev/null +++ b/content/en/security/application_security/setup/java/aws-fargate.md @@ -0,0 +1,230 @@ +--- +code_lang: aws-fargate +type: multi-code-lang +code_lang_weight: 60 +title: Setup App and API Protection for Java on AWS Fargate +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- + +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- AWS Fargate environment +- Java application containerized with Docker +- AWS CLI configured with appropriate permissions +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent in your Fargate task definition: + +```json +{ + "containerDefinitions": [ + { + "name": "datadog-agent", + "image": "public.ecr.aws/datadog/agent:latest", + "environment": [ + { + "name": "DD_API_KEY", + "value": "" + }, + { + "name": "DD_APM_ENABLED", + "value": "true" + }, + { + "name": "DD_APM_NON_LOCAL_TRAFFIC", + "value": "true" + } + ] + } + ] +} +``` + +## 2. Enabling App and API Protection monitoring + +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" false) }} + +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring +Download the latest version of the Datadog Java library: + +```dockerfile +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar +``` + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using system properties" %}} + +Update your task definition to include the Java agent and App and API Protection configuration: + +```json +{ + "containerDefinitions": [ + { + "name": "your-java-app", + "image": "your-java-app-image", + "command": [ + "java", + "-javaagent:/dd-java-agent.jar", + "-Ddd.appsec.enabled=true", + "-Ddd.service=", + "-Ddd.env=", + "-jar", + "/app.jar" + ] + } + ] +} +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Update your task definition to include the Java agent and App and API Protection configuration: + +```json +{ + "containerDefinitions": [ + { + "name": "your-java-app", + "image": "your-java-app-image", + "environment": [ + { + "name": "DD_APPSEC_ENABLED", + "value": "true" + }, + { + "name": "DD_SERVICE", + "value": "" + }, + { + "name": "DD_ENV", + "value": "" + } + ], + "command": [ + "java", + "-javaagent:/dd-java-agent.jar", + "-jar", + "/app.jar" + ] + } + ] +} +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using system properties" %}} + +Update your task definition to include the Java agent and App and API Protection configuration with APM tracing disabled: + +```json +{ + "containerDefinitions": [ + { + "name": "your-java-app", + "image": "your-java-app-image", + "command": [ + "java", + "-javaagent:/dd-java-agent.jar", + "-Ddd.appsec.enabled=true", + "-Ddd.apm.tracing.enabled=false", + "-Ddd.service=", + "-Ddd.env=", + "-jar", + "/app.jar" + ] + } + ] +} +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Update your task definition to include the Java agent and App and API Protection configuration with APM tracing disabled: + +```json +{ + "containerDefinitions": [ + { + "name": "your-java-app", + "image": "your-java-app-image", + "environment": [ + { + "name": "DD_APPSEC_ENABLED", + "value": "true" + }, + { + "name": "DD_APM_TRACING_ENABLED", + "value": "false" + }, + { + "name": "DD_SERVICE", + "value": "" + }, + { + "name": "DD_ENV", + "value": "" + } + ], + "command": [ + "java", + "-javaagent:/dd-java-agent.jar", + "-jar", + "/app.jar" + ] + } + ] +} +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application + +Deploy your Fargate task with the updated configuration: + +```bash +aws ecs register-task-definition --cli-input-json file://task-definition.json +aws ecs run-task --cluster your-cluster --task-definition your-task-definition +``` + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting + + diff --git a/content/en/security/application_security/setup/java/compatibility.md b/content/en/security/application_security/setup/java/compatibility.md new file mode 100644 index 0000000000000..2a86cb52bd1f0 --- /dev/null +++ b/content/en/security/application_security/setup/java/compatibility.md @@ -0,0 +1,83 @@ +--- +title: Java Compatibility Requirements +aliases: + - /security/application_security/threats/setup/compatibility/java +--- + +## App and API Protection capabilities + +The following App and API Protection capabilities are supported in the Java library, for the specified tracer version: + +| App and API Protection capability | Minimum Java tracer version | +| -------------------------------------------------- | --------------------------- | +| Threat Detection | 0.94.0 | +| Threat Protection | 0.94.0 | +| Customize response to blocked requests | 0.94.0 | +| Automatic user activity event tracking | 0.94.0 | +| API Security | 0.94.0 | + +The minimum tracer version to get all supported App and API Protection capabilities for Java is 0.94.0. + +**Note**: Threat Protection requires enabling [Remote Configuration][1], which is included in the listed minimum tracer version. + + + +### Supported deployment types +| Type | Threat Detection support | +|------------------ | ------------------------ | +| Docker | {{< X >}} | +| Kubernetes | {{< X >}} | +| Amazon ECS | {{< X >}} | +| AWS Fargate | {{< X >}} | +| AWS Lambda | {{< X >}} | +| Google Cloud Run | {{< X >}} | + +## Language and framework compatibility + +### Supported Java versions + +The Datadog Java Tracing library is open source. View the [GitHub repository][2] for more information. + +The Datadog Java Tracing Library supports Java 8 and newer versions. For optimal performance and feature support, we recommend using the latest LTS version of Java. + +You must be running Datadog Agent v7.41.1+ for App and API Protection features. + +## Integrations + +The Java tracer includes support for the following frameworks, data stores, and libraries: + +### Web frameworks +- Spring Boot +- Spring Web +- Spring WebFlux +- JAX-RS +- Play Framework +- Spark Java +- Vert.x +- gRPC + +### Data stores +- JDBC +- MongoDB +- Redis +- Elasticsearch +- Cassandra +- Couchbase + +### Message brokers +- Kafka +- RabbitMQ +- JMS + +### Other +- OkHttp +- Apache HttpClient +- JSP +- Servlet +- GraphQL + +For a complete list of supported integrations and their versions, see the [Java tracer documentation][3]. + +[1]: /agent/remote_config/#enabling-remote-configuration +[2]: https://github.com/DataDog/dd-trace-java +[3]: /tracing/trace_collection/compatibility_requirements/java diff --git a/content/en/security/application_security/setup/java/docker.md b/content/en/security/application_security/setup/java/docker.md new file mode 100644 index 0000000000000..dad3ce2fa8f9d --- /dev/null +++ b/content/en/security/application_security/setup/java/docker.md @@ -0,0 +1,139 @@ +--- +title: Setup App and API Protection for Java in Docker +code_lang: docker +type: multi-code-lang +code_lang_weight: 10 +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{< callout url="#" btn_hidden="true" header="false" >}} +You can enable App and API Protection for Java services with the following setup options: + +1. If your Java service already has APM tracing, then skip to service configuration +2. Else, you can easily enable App and API Protection with Datadog's Single Step Instrumentation +3. Otherwise, keep reading for manual instructions +{{< /callout >}} + +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- Docker installed on your host +- Java application containerized with Docker +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent by following the [setup instructions for Docker](/agent/?tab=cloud_and_container). + +## 2. Enabling App and API Protection monitoring +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" true) }} +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using the ENTRYPOINT instruction: + +```dockerfile +# Download the Datadog Java tracer +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar +ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.service=", "-Ddd.env=", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Add the following environment variables to your Dockerfile: + +```dockerfile +# Download the Datadog Java tracer +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar + +# Set environment variables +ENV DD_APPSEC_ENABLED=true +ENV DD_SERVICE= +ENV DD_ENV= + +# Add the Java agent to your application's startup command +ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using the ENTRYPOINT instruction: + +```dockerfile +# Download the Datadog Java tracer +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar +ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.apm.tracing.enabled=false", "-Ddd.service=", "-Ddd.env=", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Add the following environment variables to your Dockerfile: + +```dockerfile +# Download the Datadog Java tracer +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar + +# Set environment variables +ENV DD_APPSEC_ENABLED=true +ENV DD_APM_TRACING_ENABLED=false +ENV DD_SERVICE= +ENV DD_ENV= + +# Add the Java agent to your application's startup command +ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application +Build your image and then run your container. + +When running your container, make sure to: +1. Connect it to the same Docker network as the Datadog Agent +2. Set the required environment variables + +```bash +docker run -d \ + --name your-java-app \ + your-java-app-image +``` + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting + diff --git a/content/en/security/application_security/setup/java/kubernetes.md b/content/en/security/application_security/setup/java/kubernetes.md new file mode 100644 index 0000000000000..058d5c7063665 --- /dev/null +++ b/content/en/security/application_security/setup/java/kubernetes.md @@ -0,0 +1,179 @@ +--- +title: Setup App and API Protection for Java in Kubernetes +code_lang: kubernetes +type: multi-code-lang +code_lang_weight: 20 +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{< callout url="#" btn_hidden="true" header="false" >}} +You can enable App and API Protection for Java services with the following setup options: + +1. If your Java service already has APM tracing, then skip to service configuration +2. Else, you can easily enable App and API Protection with Datadog's Single Step Instrumentation +3. Otherwise, keep reading for manual instructions +{{< /callout >}} + +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- Kubernetes cluster +- Java application containerized with Docker +- kubectl configured to access your cluster +- Helm (recommended for Agent installation) +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent by following the [setup instructions for Kubernetes](/agent/?tab=cloud_and_container). + +## 2. Enabling App and API Protection monitoring +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" true) }} +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring + +Download the latest version of the Datadog Java library: + +```dockerfile +ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar +``` + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using command-line arguments" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using command-line arguments: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: your-java-app +spec: + template: + spec: + containers: + - name: your-java-app + image: your-java-app-image + command: ["java"] + args: ["-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.service=", "-Ddd.env=", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Start your Java application with App and API Protection enabled using environment variables: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: your-java-app +spec: + template: + spec: + containers: + - name: your-java-app + image: your-java-app-image + env: + - name: DD_APPSEC_ENABLED + value: "true" + - name: DD_SERVICE + value: "" + - name: DD_ENV + value: "" + command: ["java"] + args: ["-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using command-line arguments" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using command-line arguments: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: your-java-app +spec: + template: + spec: + containers: + - name: your-java-app + image: your-java-app-image + command: ["java"] + args: ["-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.apm.tracing.enabled=false", "-Ddd.service=", "-Ddd.env=", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Start your Java application with App and API Protection enabled using environment variables: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: your-java-app +spec: + template: + spec: + containers: + - name: your-java-app + image: your-java-app-image + env: + - name: DD_APPSEC_ENABLED + value: "true" + - name: DD_APM_TRACING_ENABLED + value: "false" + - name: DD_SERVICE + value: "" + - name: DD_ENV + value: "" + command: ["java"] + args: ["-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"] +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application + +Apply your updated deployment: + +```bash +kubectl apply -f your-deployment.yaml +``` + + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting diff --git a/content/en/security/application_security/setup/java/linux.md b/content/en/security/application_security/setup/java/linux.md new file mode 100644 index 0000000000000..1837eae4560b8 --- /dev/null +++ b/content/en/security/application_security/setup/java/linux.md @@ -0,0 +1,125 @@ +--- +title: Setup App and API Protection for Java on Linux +code_lang: linux +type: multi-code-lang +code_lang_weight: 30 +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{< callout url="#" btn_hidden="true" header="false" >}} +You can enable App and API Protection for Java services with the following setup options: + +1. If your Java service already has APM tracing, then skip to service configuration +2. Else, you can easily enable App and API Protection with Datadog's Single Step Instrumentation +3. Otherwise, keep reading for manual instructions +{{< /callout >}} + +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- Linux operating system +- Java application +- Root or sudo privileges +- Systemd (for service management) +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent by following the [setup instructions for Linux hosts](/agent/?tab=Linux). + +## 2. Enabling App and API Protection monitoring + +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" true) }} +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring + +Download the latest version of the Datadog Java library: + +```bash +wget -O dd-java-agent.jar 'https://dtdg.co/latest-java-tracer' +``` + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```bash +java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```bash +export DD_APPSEC_ENABLED=true +export DD_SERVICE= +export DD_ENV= + +java -javaagent:/path/to/dd-java-agent.jar -jar path/to/app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```bash +java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.apm.tracing.enabled=false -Ddd.service= -Ddd.env= -jar path/to/app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```bash +export DD_APPSEC_ENABLED=true +export DD_APM_TRACING_ENABLED=false +export DD_SERVICE= +export DD_ENV= + +java -javaagent:/path/to/dd-java-agent.jar -jar path/to/app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application + +Start your Java application with above settings. + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting + diff --git a/content/en/security/application_security/setup/java/macos.md b/content/en/security/application_security/setup/java/macos.md new file mode 100644 index 0000000000000..b029448028ff8 --- /dev/null +++ b/content/en/security/application_security/setup/java/macos.md @@ -0,0 +1,114 @@ +--- +title: Setup App and API Protection for Java on macOS +code_lang: macos +type: multi-code-lang +code_lang_weight: 40 +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- macOS operating system +- Java application +- Homebrew (recommended for Agent installation) +- Administrator privileges for some configuration steps +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent by following the [setup instructions for macOS](/agent/?tab=macOS). + +## 2. Enabling App and API Protection monitoring + +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" false) }} +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring +Download the latest version of the Datadog Java library: + +```bash +curl -Lo dd-java-agent.jar 'https://dtdg.co/latest-java-tracer' +``` + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```bash +java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```bash +export DD_APPSEC_ENABLED=true +export DD_SERVICE= +export DD_ENV= + +java -javaagent:/path/to/dd-java-agent.jar -jar path/to/app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```bash +java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.apm.tracing.enabled=false -Ddd.service= -Ddd.env= -jar path/to/app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```bash +export DD_APPSEC_ENABLED=true +export DD_APM_TRACING_ENABLED=false +export DD_SERVICE= +export DD_ENV= + +java -javaagent:/path/to/dd-java-agent.jar -jar path/to/app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application +Start your Java application with the configured settings. + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting diff --git a/content/en/security/application_security/setup/java/troubleshooting.md b/content/en/security/application_security/setup/java/troubleshooting.md new file mode 100644 index 0000000000000..0b95cd5b46305 --- /dev/null +++ b/content/en/security/application_security/setup/java/troubleshooting.md @@ -0,0 +1,60 @@ +--- +title: Troubleshooting Java App and API Protection +--- + +## Common Issues + +### No security signals appearing + +1. **Verify Agent version** + - Ensure you're running Datadog Agent v7.41.1 or higher + - Check Agent status: `datadog-agent status` + +2. **Check Java tracer version** + - Confirm you're using Java tracer v0.94.0 or higher + - Verify the tracer is loaded: `java -javaagent:/path/to/dd-java-agent.jar -version` + +3. **Verify environment variables** + - Ensure `DD_APPSEC_ENABLED=true` is set + - Check `DD_SERVICE` and `DD_ENV` are properly configured + - Verify `DD_APM_ENABLED=true` if using APM features + +4. **Check file system permissions** + - Ensure the application has write access to `/tmp` + - Verify the Java agent JAR is readable + +### Application fails to start + +1. **Check Java agent path** + - Verify the path to `dd-java-agent.jar` is correct + - Ensure the JAR file exists and is readable + +2. **Memory issues** + - If you see `OutOfMemoryError`, increase the JVM heap size + - Add `-Xmx` parameter to your Java command + +3. **Class loading errors** + - Check for conflicts with other Java agents + - Verify Java version compatibility + +### Performance impact + +1. **High latency** + - Check Agent resource usage + - Verify network connectivity between Agent and Datadog + - Consider adjusting sampling rates + +2. **High memory usage** + - Monitor JVM memory usage + - Adjust Agent resource limits if needed + +### Still having issues? + +If you're still experiencing problems: +1. Check the [Application Security Monitoring troubleshooting guide][1] +2. Review the [Java tracer documentation][2] +3. Contact [Datadog support][3] + +[1]: /security/application_security/troubleshooting +[2]: /tracing/trace_collection/compatibility_requirements/java +[3]: /help \ No newline at end of file diff --git a/content/en/security/application_security/setup/java/windows.md b/content/en/security/application_security/setup/java/windows.md new file mode 100644 index 0000000000000..43024f0bc56eb --- /dev/null +++ b/content/en/security/application_security/setup/java/windows.md @@ -0,0 +1,113 @@ +--- +title: Setup App and API Protection for Java on Windows +code_lang: windows +type: multi-code-lang +code_lang_weight: 50 +further_reading: +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How App and API Protection Works" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB App and API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting App and API Protection" +--- +{{% app_and_api_protection_java_overview %}} + +## Prerequisites + +- Windows operating system +- Java application +- Administrator privileges for some configuration steps +- Your Datadog API key +- Datadog Java tracing library (see version requirements [here][1]) + +## 1. Installing the Datadog Agent + +Install the Datadog Agent by following the [setup instructions for Windows](/agent/?tab=Windows). + +## 2. Enabling App and API Protection monitoring +{{ partial "app_and_api_protection/java/navigation_menu.html" (dict "showSingleStep" false) }} +{{% appsec-remote-config-activation %}} + +### Manually enabling App and API Protection monitoring +Download the latest version of the Datadog Java library: + +```powershell +Invoke-WebRequest -Uri "https://dtdg.co/latest-java-tracer" -OutFile "dd-java-agent.jar" +``` + +{{% collapse-content title="APM Tracing Enabled" level="h4" %}} +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```powershell +java -javaagent:path\to\dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.service= -Ddd.env= -jar path\to\app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```powershell +$env:DD_APPSEC_ENABLED="true" +$env:DD_SERVICE="" +$env:DD_ENV="" + +java -javaagent:path\to\dd-java-agent.jar -jar path\to\app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +{{% collapse-content title="APM Tracing Disabled" level="h4" %}} +To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false. +{{< tabs >}} +{{% tab "Using system properties" %}} + +Start your Java application with the Datadog agent and App and API Protection enabled using system properties: + +```powershell +java -javaagent:path\to\dd-java-agent.jar -Ddd.appsec.enabled=true -Ddd.apm.tracing.enabled=false -Ddd.service= -Ddd.env= -jar path\to\app.jar +``` + +{{% /tab %}} +{{% tab "Using environment variables" %}} + +Set the required environment variables and start your Java application: + +```powershell +$env:DD_APPSEC_ENABLED="true" +$env:DD_APM_TRACING_ENABLED="false" +$env:DD_SERVICE="" +$env:DD_ENV="" + +java -javaagent:path\to\dd-java-agent.jar -jar path\to\app.jar +``` + +{{% /tab %}} +{{< /tabs >}} +{{% /collapse-content %}} + +## 3. Run your application + +Start your Java application with the configured settings. + +{{% app_and_api_protection_verify_setup %}} + +## Troubleshooting + +If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][2]. + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/application_security/setup/java/compatibility +[2]: /security/application_security/setup/java/troubleshooting diff --git a/content/en/security/application_security/setup/kubernetes/_index.md b/content/en/security/application_security/setup/kubernetes/_index.md new file mode 100644 index 0000000000000..2779baeaaa0eb --- /dev/null +++ b/content/en/security/application_security/setup/kubernetes/_index.md @@ -0,0 +1,41 @@ +--- +title: Setup App and API Protection on Linux +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your Kubernetes services by selecting the programming language your service is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python" >}} + {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs" >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/kubernetes" >}} + {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} + {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} + {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/linux/_index.md b/content/en/security/application_security/setup/linux/_index.md new file mode 100644 index 0000000000000..a1fd337eb72ab --- /dev/null +++ b/content/en/security/application_security/setup/linux/_index.md @@ -0,0 +1,41 @@ +--- +title: Setup App and API Protection on Linux +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your Linux services by selecting the programming language your service is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python" >}} + {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs" >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/linux" >}} + {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} + {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} + {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/macos/_index.md b/content/en/security/application_security/setup/macos/_index.md new file mode 100644 index 0000000000000..3de91f76b229e --- /dev/null +++ b/content/en/security/application_security/setup/macos/_index.md @@ -0,0 +1,41 @@ +--- +title: Setup App and API Protection on macOS +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your macOS services by selecting the programming language your service is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python" >}} + {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs" >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/macos" >}} + {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} + {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} + {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/windows/_index.md b/content/en/security/application_security/setup/windows/_index.md new file mode 100644 index 0000000000000..42950f32eb0ca --- /dev/null +++ b/content/en/security/application_security/setup/windows/_index.md @@ -0,0 +1,36 @@ +--- +title: Setup App and API Protection on Windows +disable_sidebar: true +further_reading: +- link: "/security/application_security/" + tag: "Documentation" + text: "Protect against Threats with Datadog Application & API Protection" +- link: "/security/application_security/add-user-info/" + tag: "Documentation" + text: "Tracking user activity" +- link: "/security/default_rules/?category=cat-application-security" + tag: "Documentation" + text: "OOTB Application & API Protection Rules" +- link: "/security/application_security/troubleshooting" + tag: "Documentation" + text: "Troubleshooting Application & API Protection" +- link: "/security/application_security/how-it-works/" + tag: "Documentation" + text: "How Application & API Protection Works in Datadog" +--- + +Learn how to setup App and API Protection (AAP) on your Windows services by selecting the programming language your service is written with. + +
+

Are you missing your environment?

+ Send us a request for your missing environment here. +
+ +{{< appsec-integrations >}} + {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/windows" >}} + {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet" >}} +{{< /appsec-integrations >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} diff --git a/layouts/partials/app_and_api_protection/callout.html b/layouts/partials/app_and_api_protection/callout.html new file mode 100644 index 0000000000000..6cc56a3b51bb1 --- /dev/null +++ b/layouts/partials/app_and_api_protection/callout.html @@ -0,0 +1,3 @@ +
+

Your platform may be compatible with Datadog's Single Step Instrumentation, which automatically instruments your services at startup from the Datadog Agent.

+
diff --git a/layouts/partials/app_and_api_protection/java/navigation_menu.html b/layouts/partials/app_and_api_protection/java/navigation_menu.html new file mode 100644 index 0000000000000..bfca0b130f6f9 --- /dev/null +++ b/layouts/partials/app_and_api_protection/java/navigation_menu.html @@ -0,0 +1,65 @@ +{{ $showSingleStep := .showSingleStep | default true }} +
+
+ {{ if $showSingleStep }} +

You have the possibility of enabling App and API Protection through Single Step Instrumentation

+

Otherwise, you can also enable it :

+ {{ else }} +

Enable App and API Protection:

+ {{ end }} + +
+
+ + diff --git a/layouts/shortcodes/app_and_api_protection_java_overview.md b/layouts/shortcodes/app_and_api_protection_java_overview.md new file mode 100644 index 0000000000000..4fcfbc82baa3e --- /dev/null +++ b/layouts/shortcodes/app_and_api_protection_java_overview.md @@ -0,0 +1,14 @@ +{{ $showSetup := .Get "showSetup" | default "true" | eq "true" }} + +## Overview +App and API Protection works by leveraging the [Datadog Java library](https://github.com/DataDog/dd-trace-java/) to monitor and secure your Java service. The library integrates seamlessly with your existing application without requiring code changes. + +For detailed compatibility information, including supported Java versions, frameworks, and deployment environments, see [Java Compatibility Requirements](/security/application_security/setup/java/compatibility). + +{{ if $showSetup }} +This guide explains how to set up App and API Protection (AAP) for Java applications. The setup involves: +1. Installing the Datadog Agent +2. Enabling App and API Protection monitoring +3. Running your Java application with the Datadog Agent +4. Verifying the setup +{{ end }} diff --git a/layouts/shortcodes/app_and_api_protection_verify_setup.md b/layouts/shortcodes/app_and_api_protection_verify_setup.md new file mode 100644 index 0000000000000..e357fc69ccbc9 --- /dev/null +++ b/layouts/shortcodes/app_and_api_protection_verify_setup.md @@ -0,0 +1,6 @@ +## 4. Verify setup +To verify that App and API Protection is working correctly: + +1. Send some traffic to your application +2. Check the [Application Signals Explorer](https://app.datadoghq.com/security/appsec) in Datadog +3. Look for security signals and vulnerabilities diff --git a/layouts/shortcodes/appsec-remote-config-activation.en.md b/layouts/shortcodes/appsec-remote-config-activation.en.md new file mode 100644 index 0000000000000..ec0f293fdcfc8 --- /dev/null +++ b/layouts/shortcodes/appsec-remote-config-activation.en.md @@ -0,0 +1,4 @@ +### Automatically enabling App and API Protection through Remote Configuration + +You can enable remote configuration on your [services dashboard](https://app.datadoghq.com/security/configuration/asm/setup?services=recommended). +Simply check the box for the service you want to enable App and API Protection for under "Activate on your APM services".