You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: envoy/README.md
+46Lines changed: 46 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,49 @@ This check collects distributed system observability metrics from [Envoy][1].
6
6
7
7
## Setup
8
8
9
+
## Security
10
+
11
+
### Overview
12
+
13
+
[Datadog App & API Protection][30] extends visibility and inline threat mitigation to your Envoy proxy instance.
14
+
15
+
With this integration, you can detect and block attacks—such as API abuse, business logic exploitation, and code-layer threats—right at the edge of your cloud infrastructure.
16
+
17
+
Key Benefits:
18
+
-**Inline threat detection and blocking** at the load balancer using Datadog Security Signals
19
+
-**Real-time insights** into application-layer attacks with traces and logs in one unified view
20
+
-**Edge enforcement** against OWASP API threats, credential stuffing, injection attacks, and more
21
+
22
+
### Installation
23
+
24
+
The installation process requires a different approach than enabling this integration.
25
+
26
+
#### Envoy
27
+
28
+
The installation instructions are available in the [Enabling App & API Protection for Envoy][31] documentation.
29
+
30
+
#### Istio
31
+
32
+
The installation instructions are available in the [Enabling App and API Protection for Istio][32] documentation.
33
+
34
+
### Validation
35
+
36
+
To validate App & API Protection threat detection, send known attack patterns to your load balancer. For example, you can trigger the Security Scanner Detected rule by running the following curl script:
37
+
38
+
```sh
39
+
for((i=1;i<=250;i++));
40
+
do
41
+
# Target existing service's routes
42
+
curl https://your-load-balancer-url/existing-route -A dd-test-scanner-log;
43
+
44
+
# Target non existing service's routes
45
+
curl https://your-load-balancer-url/non-existing-route -A dd-test-scanner-log;
46
+
done
47
+
```
48
+
49
+
A few minutes after enabling the service extension and sending known attack patterns, threat information will appear in the Application Signals Explorer.
50
+
51
+
9
52
### Installation
10
53
11
54
The Envoy check is included in the [Datadog Agent][2] package, so you don't need to install anything else on your server.
@@ -215,3 +258,6 @@ Need help? Contact [Datadog support][16].
0 commit comments