DataDog · daniel-romano-DD · Jul 23, 2025 · Jul 23, 2025 · Jul 23, 2025 · Jul 23, 2025
@@ -0,0 +1,52 @@
+---
+title: Enabling AAP for .NET
+code_lang: dotnet
+type: multi-code-lang
+code_lang_weight: 0
+aliases:
+  - /security_platform/application_security/getting_started/dotnet
+  - /security/application_security/getting_started/dotnet
+  - /security/application_security/threats/setup/threat_detection/dotnet
+  - /security/application_security/threats_detection/dotnet
+further_reading:
+- link: "/security/application_security/add-user-info/"
+  tag: "Documentation"
+  text: "Adding user information to traces"
+- link: 'https://github.com/DataDog/dd-trace-dotnet'
+  tag: "Source Code"
+  text: '.NET Datadog library source code'
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+---
+{{< partial name="app_and_api_protection/callout.html" >}}
+
+{{% app_and_api_protection_dotnet_overview showSetup="false"%}}
+
+## Environments
+
+### Hosts
+{{< appsec-integrations >}}
+  {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}}
+  <!--{{< appsec-integration name="macOS" avatar="apple" link="./macos" >}}-->
+  {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}}
+{{< /appsec-integrations >}}
+<!--
+### Cloud and Container Platforms
+{{< appsec-integrations >}}
+{{< appsec-integration name="Docker" avatar="docker" link="./docker" >}}
+{{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}}
+{{< /appsec-integrations >}}
+
+### AWS
+{{< appsec-integrations >}}
+{{< appsec-integration name="AWS Fargate" avatar="amazon-ecs" link="./aws_fargate" >}}
+{{< /appsec-integrations >}}
+-->
+## Additional Resources
+
+- [Troubleshooting Guide](dotnet/troubleshooting)
+- [Compatibility Information](dotnet/compatibility)
@@ -0,0 +1,84 @@
+---
+title: .NET Compatibility Requirements
+code_lang: dotnet
+type: multi-code-lang
+code_lang_weight: 10
+aliases:
+  - /security/application_security/threats/setup/compatibility/dotnet
+---
+
+## App and API Protection capabilities
+
+The following App and API Protection capabilities are supported in the .NET library, for the specified tracer version:
+
+| App and API Protection capability       | Minimum .NET tracer version |
+| --------------------------------------- | ----------------------------|
+| Threat Detection                        | 2.23.0                      |
+| Threat Protection                       | 2.26.0                      |
+| Customize response to blocked requests  | 2.27.0                      |
+| Automatic user activity event tracking  | 2.32.0                      |
+| API Security                            | 2.42.0                      |
+
+The minimum tracer version to get all supported App and API Protection capabilities for .NET is 2.42.0.
+
+**Note**: Threat Protection requires enabling [Remote Configuration][1], which is included in the listed minimum tracer version.
+
+### Supported deployment types
+
+Threat Detection is supported for the following deployment types:
+
+- Docker
+- Kubernetes
+- Amazon ECS
+- AWS Fargate
+- AWS Lambda
+- Azure App Service
+
+**Note**: Azure App Service is supported for **web applications only**. App and API Protection capabilities are not supported for Azure Functions.
+
+## Language and framework compatibility
+
+### Supported .NET versions
+
+The Datadog .NET Tracing library is open source. View the [GitHub repository][2] for more information.
+
+The .NET Tracer supports instrumentation from 
+ - .NET Framework 4.6.1 and newer versions
+ - .NET Core 3.1 and newer versions
+
+These are supported on the following architectures:
+- Linux (GNU) x86-64, ARM64
+- Alpine Linux (musl) x86-64, ARM64
+- macOS (Darwin) x86-64, ARM64
+- Windows (msvc) x86, x86-64
+
+For a complete list of supported versions abd operating systems, see the [.NET Core tracer documentation][3] and [.NET Framework tracer documentation][4].
+
+You must be running Datadog Agent v7.41.1+ for App and API Protection features.
+
+## Integrations
+
+The .NET tracer includes support for the following frameworks, data stores, and libraries:
+
+### Web framework compatibility
+- ASP.NET MVC
+- ASP.NET Web API 2
+
+### Data stores
+- OracleDB
+- ADO.NET
+- SQL Server
+- MySQL
+- SQLite
+- PostgreSQL
+
+### Other
+- Kafka
+- GraphQL
+
+For a complete list of supported integrations and their versions, see the [.NET Core tracer documentation][3] and [.NET Framework tracer documentation][4].
+
+[1]: /agent/remote_config/#enabling-remote-configuration
+[2]: https://github.com/DataDog/dd-trace-dotnet
+[3]: /tracing/trace_collection/compatibility/dotnet-core
+[4]: /tracing/trace_collection/compatibility/dotnet-framework
@@ -0,0 +1,136 @@
+---
+title: Set up App and API Protection for .NET on Linux
+code_lang: linux
+type: multi-code-lang
+code_lang_weight: 30
+further_reading:
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+---
+{{% app_and_api_protection_dotnet_setup_options platform="linux" %}}
+
+{{% app_and_api_protection_dotnet_overview %}}
+
+## Prerequisites
+
+- Linux operating system
+- .NET application
+- Root or sudo privileges
+- Systemd (for service management)
+- Your Datadog API key
+- Datadog .NET tracing library (see version requirements [here][1])
+
+## 1. Installing the Datadog Agent
+
+Install the Datadog Agent by following the [setup instructions for Linux hosts][2].
+
+## 2. Enabling App and API Protection monitoring
+
+{{% app_and_api_protection_navigation_menu %}}
+{{% appsec-remote-config-activation %}}
+
+### Manually enabling App and API Protection monitoring
+
+**Go to [Datadog .NET Tracer package][3]** to find out the latest release to download.
+
+{{< tabs >}}
+{{% tab "AMD 64 Platforms" %}}
+
+**Download and install** the latest *Datadog .NET Tracer package* that supports your operating system and architecture.
+
+<div class="alert alert-warning">
+  <strong>Note on version:</strong> replace <strong>&#60;TRACER_VERSION&#62;</strong> with the latest three component version of the library (ej: 3.21.0)
+</div>
+
+```bash
+wget -O datadog-dotnet-apm-<TRACER_VERSION>.tar.gz 'https://github.com/DataDog/dd-trace-dotnet/releases/download/v<TRACER_VERSION>'
+```
+
+Run the following command to install the package and create the .NET tracer log directory `/var/log/datadog/dotnet` with the appropriate permissions:
+
+```bash
+sudo tar -C /opt/datadog -xzf datadog-dotnet-apm-<TRACER_VERSION>.tar.gz && /opt/datadog/createLogPath.sh
+```
+{{% /tab %}}
+{{% tab "ARM 64 Platforms" %}}
+
+**Download and install** the latest *Datadog .NET Tracer package* that supports your operating system and architecture.
+
+<div class="alert alert-warning">
+  <strong>Note on version:</strong> replace <strong>&#60;TRACER_VERSION&#62;</strong> with the latest three component version of the library (ej: 3.21.0)
+</div>
+
+```bash
+wget -O datadog-dotnet-apm-<TRACER_VERSION>.arm64.tar.gz 'https://github.com/DataDog/dd-trace-dotnet/releases/download/v<TRACER_VERSION>'
+```
+
+Run the following command to install the package and create the .NET tracer log directory `/var/log/datadog/dotnet` with the appropriate permissions:
+
+```bash
+sudo tar -C /opt/datadog -xzf datadog-dotnet-apm-<TRACER_VERSION>.arm64.tar.gz && /opt/datadog/createLogPath.sh
+```
+
+{{% /tab %}}
+{{< /tabs >}}
+
+<div class="alert alert-warning">
+  If you are having issues installing the Tracer library check the [Tracer Installation guide][5]
+  *Note on version:* replace *<TRACER_VERSION>* with the latest three component version of the library (ej: 3.21.0)
+</div>
+
+
+{{% collapse-content title="APM Tracing Enabled" level="h4" %}}
+Set the required environment variables and start your .NET application:
+
+```bash
+export CORECLR_ENABLE_PROFILING=1
+export CORECLR_PROFILER={846F5F1C-F9AE-4B07-969E-05C26BC060D8}
+export CORECLR_PROFILER_PATH=/opt/datadog/Datadog.Trace.ClrProfiler.Native.so
+export DD_DOTNET_TRACER_HOME=/opt/datadog
+export DD_SERVICE=<MY_SERVICE>
+export DD_ENV=<MY_ENV>
+export DD_APPSEC_ENABLED=true
+```
+{{% /collapse-content %}}
+
+{{% collapse-content title="APM Tracing Disabled" level="h4" %}}
+To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false.
+```bash
+export CORECLR_ENABLE_PROFILING=1
+export CORECLR_PROFILER={846F5F1C-F9AE-4B07-969E-05C26BC060D8}
+export CORECLR_PROFILER_PATH=/opt/datadog/Datadog.Trace.ClrProfiler.Native.so
+export DD_DOTNET_TRACER_HOME=/opt/datadog
+export DD_SERVICE=<MY_SERVICE>
+export DD_ENV=<MY_ENV>
+export DD_APPSEC_ENABLED=true
+export DD_APM_TRACING_ENABLED=false
+```
+
+{{% /collapse-content %}}
+
+## 3. Run your application
+
+Start your .NET application with above settings.
+
+{{% app_and_api_protection_verify_setup %}}
+
+## Troubleshooting
+
+If you encounter issues while setting up App and API Protection for your .NET application, see the [.NET App and API Protection troubleshooting guide][4].
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /security/application_security/setup/dotnet/compatibility
+[2]: /agent/?tab=Linux
+[3]: https://github.com/DataDog/dd-trace-dotnet/releases
+[4]: /security/application_security/setup/dotnet/troubleshooting
+[5]: /tracing/trace_collection/automatic_instrumentation/dd_libraries/dotnet-core/?tab=linux
@@ -0,0 +1,48 @@
+---
+title: Troubleshooting .NET App and API Protection
+---
+
+## Common Issues
+
+### No security signals appearing
+
+1. Verify Agent version:
+   - Ensure you're running Datadog Agent v7.41.1 or higher.
+   - Check Agent status: `datadog-agent status`.
+2. Check .NET tracer version:
+   - Confirm you're using .NET tracer v2.42.0 or higher.
+3. Verify environment variables:
+   - Ensure `DD_APPSEC_ENABLED=true` is set.
+   - Check `DD_SERVICE` and `DD_ENV` are properly configured.
+   - Verify `DD_APM_ENABLED=true` if using APM features.
+4. Check file system permissions:
+   - Ensure the application has write access to `/tmp`.
+   - Verify the Java agent JAR is readable.
+
+### Application fails to start
+
+1. Check logs for errors:
+   - Logs are located at
+     - Linux: `/var/log/datadog/dotnet/`
+     - Windows: `%PROGRAMDATA%\Datadog .NET Tracer\logs\`
+
+### Performance impact
+
+1. High latency:
+   - Check Agent resource usage.
+   - Verify network connectivity between Agent and Datadog.
+   - Consider adjusting sampling rates.
+2. High memory usage:
+   - Monitor memory usage.
+   - Adjust Agent resource limits if needed
+
+### Still having issues?
+
+If you're still experiencing problems:
+1. Check the [Application Security Monitoring troubleshooting guide][1]
+2. Review the [.NET tracer documentation][2]
+3. Contact [Datadog support][3]
+
+[1]: /security/application_security/troubleshooting
+[2]: /tracing/trace_collection/compatibility/dotnet-core
+[3]: /help