For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/application_security/threat_protection.md. A documentation index is available at /llms.txt.
This product is not supported for your selected Datadog site. ().

Use Threat Protection in App and API Protection (AAP) to detect attacks against your applications and APIs, perform investigations, and block malicious traffic in real time.

To get started, set up AAP on your services so they report security traces. AAP then detects threats from your live application traffic and lets you respond to them.

How Threat Protection works

Threat Protection brings together several capabilities, all built on live application traffic data. With Threat Protection, you can:

  • Detect and investigate threats with Security Signals. Datadog creates a security signal when it detects a threat from a detection rule, so you can triage, filter, and investigate attacks in the Signals Explorer.
  • Block attacks and attackers with Policies. Block malicious IP addresses and users in real time from the Datadog UI, manually or through automated rules.
  • Stop exploit attempts in code with Exploit Prevention. Detect and block attempts to exploit vulnerabilities, including zero-day attacks, from within the running application.
  • Extend protection to the perimeter with WAF Integrations. Combine in-app protection with edge defenses such as AWS WAF for a defense-in-depth approach.
  • Defend user accounts with Account Takeover Protection. Detect and mitigate account takeover attacks, such as credential stuffing, and disable compromised users.

Further reading