[DOCS-11464] doc for new Users explorer #30842
Conversation
📝 Documentation Team Review RequiredThis pull request requires approval from the @DataDog/documentation team before it can be merged. Please ensure your changes follow our documentation guidelines and wait for a team member to review and approve your changes. |
Preview links (active after the
|
|
|
||
| ## Overview | ||
|
|
||
| Datadog App and API Protection identifies users as risks when one or more signals is associated with a user ID, email, or name. |
There was a problem hiding this comment.
The Users explorer includes all users that are associated with security traces, not signals. There are multiple ways customers can associate a user to a trace: https://docs.datadoghq.com/security/application_security/how-it-works/add-user-info/?tab=java#adding-authenticated-user-information-to-traces-and-enabling-user-blocking-capability
There was a problem hiding this comment.
Users are identified by the @usr.id. When they are available, we also display the user name and e-mail.
There was a problem hiding this comment.
Users aren't a risk in themselves, or at least not generally. Some risks are about the user being under attack (for instance, attempts to compromise them) where they're the victim
There was a problem hiding this comment.
Also, if we're tracking traces, then any login attempt will cause a user to show up in there. In this case, the explorer becomes a user inventory (we then want to discourage a heavy handed approach to block any user in the explorer)
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Outdated
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
content/en/security/application_security/security_signals/users_explorer.md
Show resolved
Hide resolved
| @@ -0,0 +1,178 @@ | |||
| --- | |||
| title: Users Explorer | |||
There was a problem hiding this comment.
Just a general note that there is inconsistent capitalization for these explorers. For example, Attackers Explorer is all uppercase on its dedicated page.
There was a problem hiding this comment.
I checked and they should all be titlecase: https://datadoghq.atlassian.net/wiki/spaces/WRITING/pages/5369593857/Datadog+products+and+features#T
incorp peer edit Co-authored-by: Brett Blue <[email protected]>
DOCS-11464
New topic covering the new Users explorer for App and API Protection.
Merge instructions
Merge readiness: