Application Security Management (ASM) を有効にすると、Datadog のトレーシングライブラリは、すべての Web サービスや API リクエストを積極的に監視し、疑わしいセキュリティアクティビティがないかどうかを確認します。
An In-App WAF rule specifies conditions on the incoming request to define what the library considers suspicious. The Datadog tracing library includes hundreds of out-of-the-box ASM In-App WAF rules, which are used to display security traces in the trace explorer and in the default signal rules.
An In-App WAF rule is a JSON object composed of a category, a name, tags, and conditions. When a security trace is detected, tags from the rules are propagated onto the security trace, and can be used to build detection rules.
Note: Default rules in in-app WAF are read-only. To refine your in-app WAF behavior, modify the in-app WAF rules. Default rules cannot be modified, however, you can create a custom rule based on one of the default rules, and modify the match conditions to your needs. Be sure to disable the default rule so that you don’t have two similar rules evaluating the same requests.
Click on the three dots to the right of one of the policies, and select Download Configuration of this Policy to download the configuration file to your local machine.
Optionally, select Apply this Policy to Services to apply a default policy to one or more of your protection enabled ASM services.
Note: A policy can be applied to one or more services, but a service can only contain one policy.
Next, configure detection rules to create security signals based on those security traces defined by the In-App WAF rules you created. You can modify the provided out-of-the-box ASM detection rules or create new ones.