Trace Qualification

Overview

App and API Protection (AAP) provides observability into application-level attacks, and evaluates the conditions in which each trace was generated. AAP trace qualification then labels each attack as harmful or safe to help you take action on the most impactful attacks.

Filter by the Qualification facet in the AAP Traces Explorer to view the possible qualification results:

AAP trace list with the qualification facet showing the possible qualification results

Qualification outcomes

AAP runs qualification rules (closed-source) on every trace. There are four possible qualification outcomes, as listed in the facet menu:

Qualification resultDescription
UnknownAAP has qualification rules for this attack, but did not have enough information to make a qualification decision.
None successfulAAP determined that attacks in this trace were not harmful.
HarmfulAt least one attack in the trace was successful.
No valueAAP does not have qualification rules for this type of attack.

Trace sidepanel

The qualification result can also be seen when viewing the details of an individual trace.
Example of a trace that AAP has qualified as safe:

AAP trace qualified as safe

Example of a trace that AAP has qualified as harmful:

AAP trace qualified as harmful

Further Reading

Additional helpful documentation, links, and articles:

Protect against threats with Datadog App and API ProtectionDOCUMENTATION more more How App and API Protection WorksDOCUMENTATION more more
PREVIEWING: mcretzman/DOCS-10318-sec-reorg-WP-AAP