diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml
index 1331c833030..c89852c9491 100644
--- a/config/_default/menus/main.en.yaml
+++ b/config/_default/menus/main.en.yaml
@@ -8185,38 +8185,43 @@ menu:
parent: application_security
identifier: application_security_overview
weight: 4
- - name: Security Signals
- url: security/application_security/security_signals
+ - name: Threat Protection
+ url: security/application_security/threat_protection/
parent: application_security
- identifier: application_security_security_signals
+ identifier: application_security_threat_protection
weight: 5
+ - name: Security Signals
+ url: security/application_security/threat_protection/security_signals
+ parent: application_security_threat_protection
+ identifier: application_security_security_signals
+ weight: 1
- name: Attackers Explorer
- url: security/application_security/security_signals/attacker-explorer/
+ url: security/application_security/threat_protection/security_signals/attacker-explorer/
parent: application_security_security_signals
identifier: threats_attackers
weight: 1
- name: Attacker Fingerprint
- url: security/application_security/security_signals/attacker_fingerprint/
+ url: security/application_security/threat_protection/security_signals/attacker_fingerprint/
parent: application_security_security_signals
identifier: threats_attacker_fingerprint
weight: 2
- name: Attacker Clustering
- url: security/application_security/security_signals/attacker_clustering/
+ url: security/application_security/threat_protection/security_signals/attacker_clustering/
parent: application_security_security_signals
identifier: threats_attacker_clustering
weight: 3
- name: Users Explorer
- url: security/application_security/security_signals/users_explorer/
+ url: security/application_security/threat_protection/security_signals/users_explorer/
parent: application_security_security_signals
identifier: threats_users
weight: 4
- name: Policies
- url: security/application_security/policies/
- parent: application_security
+ url: security/application_security/threat_protection/policies/
+ parent: application_security_threat_protection
identifier: application_security_policies
- weight: 6
+ weight: 2
- name: Custom Rules
- url: security/application_security/policies/custom_rules/
+ url: security/application_security/threat_protection/policies/custom_rules/
parent: application_security_policies
identifier: application_security_policies_custom_rules
weight: 1
@@ -8226,35 +8231,35 @@ menu:
identifier: application_security_policies_ootb_rules
weight: 2
- name: In-App WAF Rules
- url: security/application_security/policies/inapp_waf_rules/
+ url: security/application_security/threat_protection/policies/inapp_waf_rules/
parent: application_security_policies
identifier: application_security_policies_inappwaf_rules
weight: 3
- name: Tracing Library Configuration
- url: security/application_security/policies/library_configuration/
+ url: security/application_security/threat_protection/policies/library_configuration/
parent: application_security_policies
identifier: application_security_policies_tracing_lib
weight: 4
- name: Exploit Prevention
- url: security/application_security/exploit-prevention/
- parent: application_security
+ url: security/application_security/threat_protection/exploit-prevention/
+ parent: application_security_threat_protection
identifier: exploit_prevention
- weight: 7
+ weight: 3
- name: WAF Integrations
- url: security/application_security/waf-integration/
- parent: application_security
+ url: security/application_security/threat_protection/waf-integration/
+ parent: application_security_threat_protection
identifier: aws_waf_int
- weight: 8
+ weight: 4
- name: Account Takeover Protection
- url: security/application_security/account_takeover_protection/
- parent: application_security
+ url: security/application_security/threat_protection/account_takeover_protection/
+ parent: application_security_threat_protection
identifier: security_ato_protection
- weight: 9
+ weight: 5
- name: API Posture
url: security/application_security/api_posture/
parent: application_security
identifier: application_security_api_security
- weight: 10
+ weight: 6
- name: API Inventory
url: security/application_security/api_posture/api_inventory/
parent: application_security_api_security
@@ -8289,12 +8294,12 @@ menu:
url: security/application_security/guide/
parent: application_security
identifier: appsec_guides
- weight: 11
+ weight: 7
- name: Troubleshooting
url: security/application_security/troubleshooting/
parent: application_security
identifier: appsec_troubleshooting
- weight: 12
+ weight: 8
- name: AI Guard
url: /security/ai_guard/
pre: siem
diff --git a/content/en/glossary/terms/rasp.md b/content/en/glossary/terms/rasp.md
index 0443c5e655d..9f190059f7d 100644
--- a/content/en/glossary/terms/rasp.md
+++ b/content/en/glossary/terms/rasp.md
@@ -7,4 +7,4 @@ core_product:
---
RASP is a security technology that detects and prevents attacks in real time.
-For more information about RASP, see the App and API Protection documentation.
+For more information about RASP, see the App and API Protection documentation.
diff --git a/content/en/security/ai_guard/signals.md b/content/en/security/ai_guard/signals.md
index 9183504533d..750f2c56860 100644
--- a/content/en/security/ai_guard/signals.md
+++ b/content/en/security/ai_guard/signals.md
@@ -138,7 +138,7 @@ Additionally, you can click **Explore in graph view** to see the requests in the
{{< partial name="whats-next/whats-next.html" >}}
-[1]: /security/application_security/security_signals/
+[1]: /security/application_security/threat_protection/security_signals/
[2]: https://app.datadoghq.com/security/ai-guard/settings/detection-rules
[3]: /security/detection_rules/
[4]: https://app.datadoghq.com/security/ai-guard/signals
diff --git a/content/en/security/application_security/_index.md b/content/en/security/application_security/_index.md
index 20388984477..92c4e6ba57a 100644
--- a/content/en/security/application_security/_index.md
+++ b/content/en/security/application_security/_index.md
@@ -134,8 +134,8 @@ For information on disabling AAP or its features, see the following:
[10]: /security/application_security/troubleshooting/#disabling-aap
[11]: /security/application_security/troubleshooting/#disabling-software-composition-analysis
[12]: /security/application_security/troubleshooting/#disabling-code-security
-[13]: /security/application_security/exploit-prevention/#library-compatibility
-[14]: /security/application_security/exploit-prevention/
-[15]: /security/application_security/waf-integration/
+[13]: /security/application_security/threat_protection/exploit-prevention/#library-compatibility
+[14]: /security/application_security/threat_protection/exploit-prevention/
+[15]: /security/application_security/threat_protection/waf-integration/
[16]: /security/application_security/setup/
[17]: /security/application_security/api_posture/endpoint_scanning/
diff --git a/content/en/security/application_security/api_posture/api_findings.md b/content/en/security/application_security/api_posture/api_findings.md
index f4df2ac24a8..384345f6a1f 100644
--- a/content/en/security/application_security/api_posture/api_findings.md
+++ b/content/en/security/application_security/api_posture/api_findings.md
@@ -31,4 +31,4 @@ Click a finding to view its details and perform a workflow such as Validate > In
- Use **Reference Links** for developer education or code review.
[1]: https://app.datadoghq.com/security/appsec/inventory/finding
-[2]: /security/application_security/policies/custom_rules/
+[2]: /security/application_security/threat_protection/policies/custom_rules/
diff --git a/content/en/security/application_security/api_posture/api_inventory/api_endpoints.md b/content/en/security/application_security/api_posture/api_inventory/api_endpoints.md
index a228b124b09..800a52aa37b 100644
--- a/content/en/security/application_security/api_posture/api_inventory/api_endpoints.md
+++ b/content/en/security/application_security/api_posture/api_inventory/api_endpoints.md
@@ -198,6 +198,6 @@ Custom authentication detection is possible by configuring [Endpoint Tagging Rul
[11]: /security/application_security/api_posture/endpoint_scanning/
[12]: /integrations/guide/source-code-integration/
[13]: /internal_developer_portal/catalog/entity_model/
-[14]: /security/application_security/policies/library_configuration/#configuring-a-client-ip-header
+[14]: /security/application_security/threat_protection/policies/library_configuration/#configuring-a-client-ip-header
[15]: https://app.datadoghq.com/security/configuration/asm/trace-tagging
[16]: /security/application_security/api_posture/sensitive_data/
diff --git a/content/en/security/application_security/guide/manage_account_theft_appsec.md b/content/en/security/application_security/guide/manage_account_theft_appsec.md
index f6b6b932c37..f1b6689132c 100644
--- a/content/en/security/application_security/guide/manage_account_theft_appsec.md
+++ b/content/en/security/application_security/guide/manage_account_theft_appsec.md
@@ -702,7 +702,7 @@ In this guide, you did the following:
This is general guidance. Depending on your applications and environments, there might be a need for additional response strategies.
-[1]: /security/application_security/account_takeover_protection/
+[1]: /security/application_security/threat_protection/account_takeover_protection/
[2]: https://app.datadoghq.com/services?query=service%3Auser-auth&env=%2A&fromUser=false&hostGroup=%2A&lens=Security&sort=-fave%2C-team&start=1735636008863&end=1735639608863
[3]: /security/application_security/setup/compatibility/
[4]: /remote_configuration
@@ -716,7 +716,7 @@ This is general guidance. Depending on your applications and environments, there
[12]: https://app.datadoghq.com/organization-settings/remote-config?resource_type=agents
[13]: /security/application_security/how-it-works/add-user-info/?tab=set_user#tracking-business-logic-information-without-modifying-the-code
[14]: https://app.datadoghq.com/security/appsec/threat
-[15]: /security/application_security/account_takeover_protection/#attacker-strategies
+[15]: /security/application_security/threat_protection/account_takeover_protection/#attacker-strategies
[16]: https://app.datadoghq.com/security/appsec/detection-rules?query=type%3Aapplication_security%20tag%3A%22category%3Aaccount_takeover%22&deprecated=hide&groupBy=none&sort=date&viz=rules
[17]: /security/notifications/
[18]: https://app.datadoghq.com/security/configuration/notification-rules/new?notificationData=
@@ -735,4 +735,4 @@ This is general guidance. Depending on your applications and environments, there
[31]: /api/latest/spans/#aggregate-spans
[32]: https://haveibeenpwned.com/
[33]: https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules
-[34]: /security/application_security/policies/inapp_waf_rules/
\ No newline at end of file
+[34]: /security/application_security/threat_protection/policies/inapp_waf_rules/
\ No newline at end of file
diff --git a/content/en/security/application_security/how-it-works/_index.md b/content/en/security/application_security/how-it-works/_index.md
index fe210c2c287..83dd47874a9 100644
--- a/content/en/security/application_security/how-it-works/_index.md
+++ b/content/en/security/application_security/how-it-works/_index.md
@@ -126,13 +126,13 @@ Datadog App and API Protection identifies Log4j Log4Shell attack payloads and pr
[8]: /security/application_security/serverless/
[9]: /tracing/trace_pipeline/trace_retention/
[10]: /tracing/configure_data_security/?tab=http
-[11]: /security/application_security/policies/library_configuration/#exclude-specific-parameters-from-triggering-detections
+[11]: /security/application_security/threat_protection/policies/library_configuration/#exclude-specific-parameters-from-triggering-detections
[12]: https://owasp.org/www-project-modsecurity-core-rule-set/
[13]: /security/default_rules/?category=cat-application-security
[14]: https://app.datadoghq.com/security/appsec/event-rules
[15]: https://app.datadoghq.com/security/appsec/vm/library
[16]: /security/cloud_siem/
-[17]: /security/application_security/policies/library_configuration/#data-security-considerations
+[17]: /security/application_security/threat_protection/policies/library_configuration/#data-security-considerations
[26]: /agent/remote_config/#enabling-remote-configuration
[27]: /internal_developer_portal/catalog/endpoints/
[28]: /security/code_security/iast/
diff --git a/content/en/security/application_security/setup/aws/waf/_index.md b/content/en/security/application_security/setup/aws/waf/_index.md
index 4fb819a7b9e..e8e67f6b2f4 100644
--- a/content/en/security/application_security/setup/aws/waf/_index.md
+++ b/content/en/security/application_security/setup/aws/waf/_index.md
@@ -4,7 +4,7 @@ further_reading:
- link: "/security/application_security/how-it-works/"
tag: "Documentation"
text: "How App and API Protection Works"
- - link: "/security/application_security/waf-integration/"
+ - link: "/security/application_security/threat_protection/waf-integration/"
tag: "Documentation"
text: "Learn more about WAF Integrations"
- link: "/security/application_security/troubleshooting"
diff --git a/content/en/security/application_security/setup/compatibility/serverless.md b/content/en/security/application_security/setup/compatibility/serverless.md
index fbb563c9339..f2538cd01ca 100644
--- a/content/en/security/application_security/setup/compatibility/serverless.md
+++ b/content/en/security/application_security/setup/compatibility/serverless.md
@@ -95,4 +95,4 @@ Only *web applications* are supported. Azure Functions are not supported.
[3]: /serverless/guide/upgrade_java_instrumentation
[4]: /serverless/guide/serverless_tracing_and_bundlers/
[5]: /service_management/workflows/
-[6]: /security/application_security/policies/inapp_waf_rules/
+[6]: /security/application_security/threat_protection/policies/inapp_waf_rules/
diff --git a/content/en/security/application_security/setup/envoy.md b/content/en/security/application_security/setup/envoy.md
index c642b7e4e55..ce976f72764 100644
--- a/content/en/security/application_security/setup/envoy.md
+++ b/content/en/security/application_security/setup/envoy.md
@@ -175,5 +175,5 @@ For additional details on the Envoy integration compatibilities, refer to the [E
[5]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
[6]: https://github.com/DataDog/dd-trace-go
[7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
[9]: /security/application_security/setup/compatibility/envoy
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/dotnet.md b/content/en/security/application_security/setup/gcp/cloud-run/dotnet.md
index 93617eef5bb..c0609effafc 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/dotnet.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/dotnet.md
@@ -134,5 +134,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/go.md b/content/en/security/application_security/setup/gcp/cloud-run/go.md
index a5f4f0a3867..09cb9535090 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/go.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/go.md
@@ -108,5 +108,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/java.md b/content/en/security/application_security/setup/gcp/cloud-run/java.md
index 848a4f52659..834141dbf99 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/java.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/java.md
@@ -117,5 +117,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/nodejs.md b/content/en/security/application_security/setup/gcp/cloud-run/nodejs.md
index 05c2d221f52..ea2174dab81 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/nodejs.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/nodejs.md
@@ -122,5 +122,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/php.md b/content/en/security/application_security/setup/gcp/cloud-run/php.md
index cd4104f0ca0..87dedd09eea 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/php.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/php.md
@@ -151,5 +151,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/python.md b/content/en/security/application_security/setup/gcp/cloud-run/python.md
index d4e8b8eb510..a53087dc638 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/python.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/python.md
@@ -116,5 +116,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/cloud-run/ruby.md b/content/en/security/application_security/setup/gcp/cloud-run/ruby.md
index c638fe7cb3d..0d7ebfe4310 100644
--- a/content/en/security/application_security/setup/gcp/cloud-run/ruby.md
+++ b/content/en/security/application_security/setup/gcp/cloud-run/ruby.md
@@ -119,5 +119,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
[3]: https://app.datadoghq.com/security/appsec
[4]: /security/application_security/serverless/compatibility
[5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
[apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
diff --git a/content/en/security/application_security/setup/gcp/service-extensions.md b/content/en/security/application_security/setup/gcp/service-extensions.md
index 0b51c8dc12b..756fa148ffb 100644
--- a/content/en/security/application_security/setup/gcp/service-extensions.md
+++ b/content/en/security/application_security/setup/gcp/service-extensions.md
@@ -524,5 +524,5 @@ For additional details on the GCP Service Extensions integration compatibilities
[5]: https://cloud.google.com/service-extensions/docs/configure-traffic-extensions
[6]: https://github.com/DataDog/dd-trace-go
[7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
[9]: /security/application_security/setup/compatibility/gcp-service-extensions
\ No newline at end of file
diff --git a/content/en/security/application_security/setup/go/sdk.md b/content/en/security/application_security/setup/go/sdk.md
index ea1fc887a46..cbc6852ef64 100644
--- a/content/en/security/application_security/setup/go/sdk.md
+++ b/content/en/security/application_security/setup/go/sdk.md
@@ -185,13 +185,13 @@ Key points:
[2]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec
[3]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec/events#BlockingSecurityEvent
[4]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec/events#IsSecurityError
-[5]: /security/application_security/policies/#customize-protection-behavior
+[5]: /security/application_security/threat_protection/policies/#customize-protection-behavior
[6]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackUserLoginFailure
[7]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#SetUser
[8]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#MonitorParsedHTTPBody
[9]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#MonitorHTTPResponseBody
[10]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackUserLoginSuccess
-[11]: /security/application_security/policies/custom_rules/#business-logic-abuse-detection-rule
+[11]: /security/application_security/threat_protection/policies/custom_rules/#business-logic-abuse-detection-rule
[12]: https://github.com/DataDog/orchestrion
[13]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackCustomEvent
[14]: /security/application_security/how-it-works/#built-in-protection
diff --git a/content/en/security/application_security/setup/haproxy.md b/content/en/security/application_security/setup/haproxy.md
index 77023c53980..c46580e95c3 100644
--- a/content/en/security/application_security/setup/haproxy.md
+++ b/content/en/security/application_security/setup/haproxy.md
@@ -166,7 +166,7 @@ For additional details on the HAProxy integration compatibilities, refer to the
[4]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fhaproxy-spoa
[5]: https://github.com/DataDog/dd-trace-go
[6]: /tracing/trace_collection/library_config/go/
-[7]: /security/application_security/policies/library_configuration/
+[7]: /security/application_security/threat_protection/policies/library_configuration/
[8]: https://github.com/DataDog/dd-trace-go/tree/main/contrib/haproxy/stream-processing-offload/cmd/spoa/haproxyconf/
[9]: https://github.com/DataDog/dd-trace-go/blob/main/contrib/haproxy/stream-processing-offload/cmd/spoa/haproxyconf/CHANGELOG.md
[10]: /security/application_security/setup/compatibility/haproxy
\ No newline at end of file
diff --git a/content/en/security/application_security/setup/kubernetes/envoy-gateway.md b/content/en/security/application_security/setup/kubernetes/envoy-gateway.md
index ae6621bc85d..5910ee4d51c 100644
--- a/content/en/security/application_security/setup/kubernetes/envoy-gateway.md
+++ b/content/en/security/application_security/setup/kubernetes/envoy-gateway.md
@@ -321,7 +321,7 @@ For additional details on the Envoy Gateway integration compatibilities, see the
[6]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
[7]: https://github.com/DataDog/dd-trace-go
[8]: /tracing/trace_collection/library_config/go/
-[9]: /security/application_security/policies/library_configuration/
+[9]: /security/application_security/threat_protection/policies/library_configuration/
[10]: https://gateway-api.sigs.k8s.io/api-types/referencegrant/
[11]: /security/application_security/setup/compatibility/envoy-gateway
[12]: /security/application_security/
diff --git a/content/en/security/application_security/setup/kubernetes/gateway-api.md b/content/en/security/application_security/setup/kubernetes/gateway-api.md
index 732c7fe387c..0ca62ee8e4e 100644
--- a/content/en/security/application_security/setup/kubernetes/gateway-api.md
+++ b/content/en/security/application_security/setup/kubernetes/gateway-api.md
@@ -185,7 +185,7 @@ For finer-grained analysis and other AAP features, consider trying other AAP int
[2]: /agent/remote_config/?tab=configurationyamlfile#enabling-remote-configuration
[6]: https://github.com/DataDog/dd-trace-go
[7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
[9]: https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api
[10]: https://gateway-api.sigs.k8s.io/implementations
[11]: https://go.dev/doc/install
diff --git a/content/en/security/application_security/setup/kubernetes/gke.md b/content/en/security/application_security/setup/kubernetes/gke.md
index cd48eeb5c04..a7445cc0e16 100644
--- a/content/en/security/application_security/setup/kubernetes/gke.md
+++ b/content/en/security/application_security/setup/kubernetes/gke.md
@@ -266,7 +266,7 @@ For additional details on the underlying compatibility, see the [GCP Service Ext
[7]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
[8]: https://github.com/DataDog/dd-trace-go
[9]: /tracing/trace_collection/library_config/go/
-[10]: /security/application_security/policies/library_configuration/
+[10]: /security/application_security/threat_protection/policies/library_configuration/
[11]: https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gateway-resources#configure_health_check
[12]: https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gke-service-extensions
[13]: /security/application_security/setup/compatibility/gcp-service-extensions
diff --git a/content/en/security/application_security/setup/kubernetes/istio.md b/content/en/security/application_security/setup/kubernetes/istio.md
index 5cf06cb6071..a5774b251bc 100644
--- a/content/en/security/application_security/setup/kubernetes/istio.md
+++ b/content/en/security/application_security/setup/kubernetes/istio.md
@@ -482,7 +482,7 @@ For additional details on the Istio integration compatibilities, see the [Istio
[6]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
[7]: https://github.com/DataDog/dd-trace-go
[8]: /tracing/trace_collection/library_config/go/
-[9]: /security/application_security/policies/library_configuration/
+[9]: /security/application_security/threat_protection/policies/library_configuration/
[10]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_proc/v3/ext_proc.proto
[11]: /security/application_security/setup/compatibility/istio
[12]: /containers/kubernetes/appsec/
diff --git a/content/en/security/application_security/terms.md b/content/en/security/application_security/terms.md
index f5dec9ed8f0..61ea2e0d30f 100644
--- a/content/en/security/application_security/terms.md
+++ b/content/en/security/application_security/terms.md
@@ -136,11 +136,11 @@ Object-Graph Navigation Language Injection (OGNLi)
[8]: /remote_configuration
[10]: /security/detection_rules/
[11]: https://app.datadoghq.com/security/appsec/exclusions
-[12]: /security/application_security/policies/inapp_waf_rules/
+[12]: /security/application_security/threat_protection/policies/inapp_waf_rules/
[13]: https://app.datadoghq.com/security/appsec/signals?query=%40workflow.rule.type%3A%22Application%20Security%22&view=signal
[14]: /security/application_security/how-it-works/add-user-info/
[15]: /security/application_security/how-it-works/trace_qualification/
[16]: /security/application_security/how-it-works/threat-intelligence/
-[17]: /security/application_security/security_signals/attacker-explorer/
-[18]: /security/application_security/security_signals/attacker_fingerprint/
-[19]: /security/application_security/security_signals/attacker_clustering/
+[17]: /security/application_security/threat_protection/security_signals/attacker-explorer/
+[18]: /security/application_security/threat_protection/security_signals/attacker_fingerprint/
+[19]: /security/application_security/threat_protection/security_signals/attacker_clustering/
diff --git a/content/en/security/application_security/threat_protection/_index.md b/content/en/security/application_security/threat_protection/_index.md
new file mode 100644
index 00000000000..896596023ed
--- /dev/null
+++ b/content/en/security/application_security/threat_protection/_index.md
@@ -0,0 +1,34 @@
+---
+title: Threat Protection
+description: Detect, investigate, and block application and API attacks in real time with Threat Protection in App and API Protection.
+further_reading:
+- link: "https://www.datadoghq.com/blog/datadog-exploit-prevention/"
+ tag: "Blog"
+ text: "Protect your applications from zero-day attacks with Datadog Exploit Prevention"
+---
+
+Use Threat Protection in [App and API Protection][1] (AAP) to detect attacks against your applications and APIs, investigate them, and block malicious traffic in real time.
+
+To get started, [set up AAP][2] on your services so they report security traces. AAP then detects threats from your live application traffic and lets you respond to them.
+
+## How Threat Protection works
+
+Threat Protection brings together several capabilities, all built on the same live application data. With them, you can:
+
+- Detect and investigate threats with [Security Signals][3]. Datadog creates a security signal when it detects a threat from a detection rule, so you can triage, filter, and investigate attacks in the Signals Explorer.
+- Block attacks and attackers with [Policies][4]. Block malicious IP addresses and users in real time from the Datadog UI, manually or through automated rules.
+- Stop exploit attempts in code with [Exploit Prevention][5]. Detect and block attempts to exploit vulnerabilities, including zero-day attacks, from within the running application.
+- Extend protection to the perimeter with [WAF Integrations][6]. Combine in-app protection with edge defenses such as AWS WAF for a defense-in-depth approach.
+- Defend user accounts with [Account Takeover Protection][7]. Detect and mitigate account takeover attacks, such as credential stuffing, and disable compromised users.
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /security/application_security/
+[2]: /security/application_security/setup/
+[3]: /security/application_security/threat_protection/security_signals/
+[4]: /security/application_security/threat_protection/policies/
+[5]: /security/application_security/threat_protection/exploit-prevention/
+[6]: /security/application_security/threat_protection/waf-integration/
+[7]: /security/application_security/threat_protection/account_takeover_protection/
diff --git a/content/en/security/application_security/account_takeover_protection.md b/content/en/security/application_security/threat_protection/account_takeover_protection.md
similarity index 98%
rename from content/en/security/application_security/account_takeover_protection.md
rename to content/en/security/application_security/threat_protection/account_takeover_protection.md
index 46ec8cba722..feecdcdff29 100644
--- a/content/en/security/application_security/account_takeover_protection.md
+++ b/content/en/security/application_security/threat_protection/account_takeover_protection.md
@@ -2,6 +2,7 @@
title: Account Takeover Protection
disable_toc: false
aliases:
+ - /security/application_security/account_takeover_protection/
- /security/account_takeover_protection/
further_reading:
- link: "security/application_security/terms/"
@@ -78,7 +79,7 @@ The following user activity events are used for ATO tracking.
Those enrichment need to hold a user identifier (unique to a user, numeric or otherwise) as `usr.id`. In the case of login failures, it also needs to know whether the user existed in the database or not (`usr.exists`). This helps identifying malicious activity that will regularly target missing accounts.
-You can use the
Suggested Rules feature to automatically analyze application traffic and propose rules to help monitor and protect login and API flows. See
Suggested Rules.You can use the
Suggested Rules feature to automatically analyze application traffic and propose rules to help monitor and protect login and API flows. See
Suggested Rules.