You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: envoy/README.md
+45Lines changed: 45 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -170,6 +170,48 @@ Collecting logs is disabled by default in the Datadog Agent. To enable it, see [
170
170
171
171
[Run the Agent's status subcommand][13] and look for `envoy` under the Checks section.
172
172
173
+
## Security
174
+
175
+
### Overview
176
+
177
+
[Datadog App & API Protection][30] extends visibility and inline threat mitigation to your Envoy proxy instance.
178
+
179
+
With this integration, you can detect and block attacks such as API abuse, business logic exploitation, and code layer threats directly at the edge of your cloud infrastructure.
180
+
181
+
Key Benefits:
182
+
- **Inline threat detection and blocking** at the load balancer using Datadog Security Signals
183
+
- **Real-time insights** into application-layer attacks with traces and logs in one unified view
184
+
- **Edge enforcement** against OWASP API threats, credential stuffing, injection attacks, and more
185
+
186
+
### Installation
187
+
188
+
The installation process requires a different approach than enabling this integration.
189
+
190
+
#### Envoy
191
+
192
+
The installation instructions are available in the [Enabling App & API Protection for Envoy][31] documentation.
193
+
194
+
#### Istio
195
+
196
+
The installation instructions are available in the [Enabling App and API Protection for Istio][32] documentation.
197
+
198
+
### Validation
199
+
200
+
To validate App & API Protection threat detection, send known attack patterns to your Envoy instance. For example, you can trigger the Security Scanner Detected rule by running the following curl script:
201
+
202
+
```sh
203
+
for ((i=1;i<=250;i++));
204
+
do
205
+
# Target existing service's routes
206
+
curl https://your-envoy-url/existing-route -A dd-test-scanner-log;
207
+
208
+
# Target non existing service's routes
209
+
curl https://your-envoy-url/non-existing-route -A dd-test-scanner-log;
210
+
done
211
+
```
212
+
213
+
A few minutes after enabling the App & API Protection for Envoy and sending known attack patterns, threat information will appear in the Application Signals Explorer.
214
+
173
215
## Data Collected
174
216
175
217
### Metrics
@@ -215,3 +257,6 @@ Need help? Contact [Datadog support][16].
0 commit comments