DataDog · drichards-87 · Jun 11, 2026 · Jun 11, 2026
@@ -8185,38 +8185,43 @@ menu:
       parent: application_security
       identifier: application_security_overview
       weight: 4
-    - name: Security Signals
-      url: security/application_security/security_signals
+    - name: Threat Protection
+      url: security/application_security/threat_protection/
       parent: application_security
-      identifier: application_security_security_signals
+      identifier: application_security_threat_protection
       weight: 5
+    - name: Security Signals
+      url: security/application_security/threat_protection/security_signals
+      parent: application_security_threat_protection
+      identifier: application_security_security_signals
+      weight: 1
     - name: Attackers Explorer
-      url: security/application_security/security_signals/attacker-explorer/
+      url: security/application_security/threat_protection/security_signals/attacker-explorer/
       parent: application_security_security_signals
       identifier: threats_attackers
       weight: 1
     - name: Attacker Fingerprint
-      url: security/application_security/security_signals/attacker_fingerprint/
+      url: security/application_security/threat_protection/security_signals/attacker_fingerprint/
       parent: application_security_security_signals
       identifier: threats_attacker_fingerprint
       weight: 2
     - name: Attacker Clustering
-      url: security/application_security/security_signals/attacker_clustering/
+      url: security/application_security/threat_protection/security_signals/attacker_clustering/
       parent: application_security_security_signals
       identifier: threats_attacker_clustering
       weight: 3
     - name: Users Explorer
-      url: security/application_security/security_signals/users_explorer/
+      url: security/application_security/threat_protection/security_signals/users_explorer/
       parent: application_security_security_signals
       identifier: threats_users
       weight: 4
     - name: Policies
-      url: security/application_security/policies/
-      parent: application_security
+      url: security/application_security/threat_protection/policies/
+      parent: application_security_threat_protection
       identifier: application_security_policies
-      weight: 6
+      weight: 2
     - name: Custom Rules
-      url: security/application_security/policies/custom_rules/
+      url: security/application_security/threat_protection/policies/custom_rules/
       parent: application_security_policies
       identifier: application_security_policies_custom_rules
       weight: 1
@@ -8226,35 +8231,35 @@ menu:
       identifier: application_security_policies_ootb_rules
       weight: 2
     - name: In-App WAF Rules
-      url: security/application_security/policies/inapp_waf_rules/
+      url: security/application_security/threat_protection/policies/inapp_waf_rules/
       parent: application_security_policies
       identifier: application_security_policies_inappwaf_rules
       weight: 3
     - name: Tracing Library Configuration
-      url: security/application_security/policies/library_configuration/
+      url: security/application_security/threat_protection/policies/library_configuration/
       parent: application_security_policies
       identifier: application_security_policies_tracing_lib
       weight: 4
     - name: Exploit Prevention
-      url: security/application_security/exploit-prevention/
-      parent: application_security
+      url: security/application_security/threat_protection/exploit-prevention/
+      parent: application_security_threat_protection
       identifier: exploit_prevention
-      weight: 7
+      weight: 3
     - name: WAF Integrations
-      url: security/application_security/waf-integration/
-      parent: application_security
+      url: security/application_security/threat_protection/waf-integration/
+      parent: application_security_threat_protection
       identifier: aws_waf_int
-      weight: 8
+      weight: 4
     - name: Account Takeover Protection
-      url: security/application_security/account_takeover_protection/
-      parent: application_security
+      url: security/application_security/threat_protection/account_takeover_protection/
+      parent: application_security_threat_protection
       identifier: security_ato_protection
-      weight: 9
+      weight: 5
     - name: API Posture
       url: security/application_security/api_posture/
       parent: application_security
       identifier: application_security_api_security
-      weight: 10
+      weight: 6
     - name: API Inventory
       url: security/application_security/api_posture/api_inventory/
       parent: application_security_api_security
@@ -8289,12 +8294,12 @@ menu:
       url: security/application_security/guide/
       parent: application_security
       identifier: appsec_guides
-      weight: 11
+      weight: 7
     - name: Troubleshooting
       url: security/application_security/troubleshooting/
       parent: application_security
       identifier: appsec_troubleshooting
-      weight: 12
+      weight: 8
     - name: AI Guard
       url: /security/ai_guard/
       pre: siem

@@ -7,4 +7,4 @@ core_product:
 ---
 RASP is a security technology that detects and prevents attacks in real time.
 
-For more information about RASP, see the <a href='/security/application_security/exploit-prevention/'>App and API Protection documentation</a>.
+For more information about RASP, see the <a href='/security/application_security/threat_protection/exploit-prevention/'>App and API Protection documentation</a>.
@@ -138,7 +138,7 @@ Additionally, you can click **Explore in graph view** to see the requests in the
 
 {{< partial name="whats-next/whats-next.html" >}}
 
-[1]: /security/application_security/security_signals/
+[1]: /security/application_security/threat_protection/security_signals/
 [2]: https://app.datadoghq.com/security/ai-guard/settings/detection-rules
 [3]: /security/detection_rules/
 [4]: https://app.datadoghq.com/security/ai-guard/signals

@@ -134,8 +134,8 @@ For information on disabling AAP or its features, see the following:
 [10]: /security/application_security/troubleshooting/#disabling-aap
 [11]: /security/application_security/troubleshooting/#disabling-software-composition-analysis
 [12]: /security/application_security/troubleshooting/#disabling-code-security
-[13]: /security/application_security/exploit-prevention/#library-compatibility
-[14]: /security/application_security/exploit-prevention/
-[15]: /security/application_security/waf-integration/
+[13]: /security/application_security/threat_protection/exploit-prevention/#library-compatibility
+[14]: /security/application_security/threat_protection/exploit-prevention/
+[15]: /security/application_security/threat_protection/waf-integration/
 [16]: /security/application_security/setup/
 [17]: /security/application_security/api_posture/endpoint_scanning/
@@ -31,4 +31,4 @@ Click a finding to view its details and perform a workflow such as Validate > In
    - Use **Reference Links** for developer education or code review.
 
 [1]: https://app.datadoghq.com/security/appsec/inventory/finding
-[2]: /security/application_security/policies/custom_rules/
+[2]: /security/application_security/threat_protection/policies/custom_rules/
@@ -198,6 +198,6 @@ Custom authentication detection is possible by configuring [Endpoint Tagging Rul
 [11]: /security/application_security/api_posture/endpoint_scanning/
 [12]: /integrations/guide/source-code-integration/
 [13]: /internal_developer_portal/catalog/entity_model/
-[14]: /security/application_security/policies/library_configuration/#configuring-a-client-ip-header
+[14]: /security/application_security/threat_protection/policies/library_configuration/#configuring-a-client-ip-header
 [15]: https://app.datadoghq.com/security/configuration/asm/trace-tagging
 [16]: /security/application_security/api_posture/sensitive_data/
@@ -702,7 +702,7 @@ In this guide, you did the following:
 
 This is general guidance. Depending on your applications and environments, there might be a need for additional response strategies.
 
-[1]: /security/application_security/account_takeover_protection/
+[1]: /security/application_security/threat_protection/account_takeover_protection/
 [2]: https://app.datadoghq.com/services?query=service%3Auser-auth&env=%2A&fromUser=false&hostGroup=%2A&lens=Security&sort=-fave%2C-team&start=1735636008863&end=1735639608863
 [3]: /security/application_security/setup/compatibility/
 [4]: /remote_configuration
@@ -716,7 +716,7 @@ This is general guidance. Depending on your applications and environments, there
 [12]: https://app.datadoghq.com/organization-settings/remote-config?resource_type=agents
 [13]: /security/application_security/how-it-works/add-user-info/?tab=set_user#tracking-business-logic-information-without-modifying-the-code
 [14]: https://app.datadoghq.com/security/appsec/threat
-[15]: /security/application_security/account_takeover_protection/#attacker-strategies
+[15]: /security/application_security/threat_protection/account_takeover_protection/#attacker-strategies
 [16]: https://app.datadoghq.com/security/appsec/detection-rules?query=type%3Aapplication_security%20tag%3A%22category%3Aaccount_takeover%22&deprecated=hide&groupBy=none&sort=date&viz=rules
 [17]: /security/notifications/
 [18]: https://app.datadoghq.com/security/configuration/notification-rules/new?notificationData=
@@ -735,4 +735,4 @@ This is general guidance. Depending on your applications and environments, there
 [31]: /api/latest/spans/#aggregate-spans
 [32]: https://haveibeenpwned.com/
 [33]: https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules
-[34]: /security/application_security/policies/inapp_waf_rules/
+[34]: /security/application_security/threat_protection/policies/inapp_waf_rules/
@@ -126,13 +126,13 @@ Datadog App and API Protection identifies Log4j Log4Shell attack payloads and pr
 [8]: /security/application_security/serverless/
 [9]: /tracing/trace_pipeline/trace_retention/
 [10]: /tracing/configure_data_security/?tab=http
-[11]: /security/application_security/policies/library_configuration/#exclude-specific-parameters-from-triggering-detections
+[11]: /security/application_security/threat_protection/policies/library_configuration/#exclude-specific-parameters-from-triggering-detections
 [12]: https://owasp.org/www-project-modsecurity-core-rule-set/
 [13]: /security/default_rules/?category=cat-application-security
 [14]: https://app.datadoghq.com/security/appsec/event-rules
 [15]: https://app.datadoghq.com/security/appsec/vm/library
 [16]: /security/cloud_siem/
-[17]: /security/application_security/policies/library_configuration/#data-security-considerations
+[17]: /security/application_security/threat_protection/policies/library_configuration/#data-security-considerations
 [26]: /agent/remote_config/#enabling-remote-configuration
 [27]: /internal_developer_portal/catalog/endpoints/
 [28]: /security/code_security/iast/

@@ -4,7 +4,7 @@ further_reading:
     - link: "/security/application_security/how-it-works/"
       tag: "Documentation"
       text: "How App and API Protection Works"
-    - link: "/security/application_security/waf-integration/"
+    - link: "/security/application_security/threat_protection/waf-integration/"
       tag: "Documentation"
       text: "Learn more about WAF Integrations"
     - link: "/security/application_security/troubleshooting"

@@ -95,4 +95,4 @@ Only *web applications* are supported. Azure Functions are not supported.
 [3]: /serverless/guide/upgrade_java_instrumentation
 [4]: /serverless/guide/serverless_tracing_and_bundlers/
 [5]: /service_management/workflows/
-[6]: /security/application_security/policies/inapp_waf_rules/
+[6]: /security/application_security/threat_protection/policies/inapp_waf_rules/
@@ -175,5 +175,5 @@ For additional details on the Envoy integration compatibilities, refer to the [E
 [5]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
 [6]: https://github.com/DataDog/dd-trace-go
 [7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
 [9]: /security/application_security/setup/compatibility/envoy
@@ -134,5 +134,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -108,5 +108,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -117,5 +117,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -122,5 +122,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -151,5 +151,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -116,5 +116,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -119,5 +119,5 @@ As long as your command to run is passed as an argument to `datadog-init`, you w
 [3]: https://app.datadoghq.com/security/appsec
 [4]: /security/application_security/serverless/compatibility
 [5]: /actions/workflows/
-[6]: /security/application_security/waf-integration/
+[6]: /security/application_security/threat_protection/waf-integration/
 [apm-lambda-tracing-setup]: https://docs.datadoghq.com/serverless/aws_lambda/distributed_tracing/
@@ -524,5 +524,5 @@ For additional details on the GCP Service Extensions integration compatibilities
 [5]: https://cloud.google.com/service-extensions/docs/configure-traffic-extensions
 [6]: https://github.com/DataDog/dd-trace-go
 [7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
 [9]: /security/application_security/setup/compatibility/gcp-service-extensions
@@ -185,13 +185,13 @@ Key points:
 [2]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec
 [3]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec/events#BlockingSecurityEvent
 [4]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec/events#IsSecurityError
-[5]: /security/application_security/policies/#customize-protection-behavior
+[5]: /security/application_security/threat_protection/policies/#customize-protection-behavior
 [6]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackUserLoginFailure
 [7]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#SetUser
 [8]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#MonitorParsedHTTPBody
 [9]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#MonitorHTTPResponseBody
 [10]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackUserLoginSuccess
-[11]: /security/application_security/policies/custom_rules/#business-logic-abuse-detection-rule
+[11]: /security/application_security/threat_protection/policies/custom_rules/#business-logic-abuse-detection-rule
 [12]: https://github.com/DataDog/orchestrion
 [13]: https://pkg.go.dev/github.com/DataDog/dd-trace-go/v2/appsec#TrackCustomEvent
 [14]: /security/application_security/how-it-works/#built-in-protection
@@ -166,7 +166,7 @@ For additional details on the HAProxy integration compatibilities, refer to the
 [4]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fhaproxy-spoa
 [5]: https://github.com/DataDog/dd-trace-go
 [6]: /tracing/trace_collection/library_config/go/
-[7]: /security/application_security/policies/library_configuration/
+[7]: /security/application_security/threat_protection/policies/library_configuration/
 [8]: https://github.com/DataDog/dd-trace-go/tree/main/contrib/haproxy/stream-processing-offload/cmd/spoa/haproxyconf/
 [9]: https://github.com/DataDog/dd-trace-go/blob/main/contrib/haproxy/stream-processing-offload/cmd/spoa/haproxyconf/CHANGELOG.md
 [10]: /security/application_security/setup/compatibility/haproxy
@@ -321,7 +321,7 @@ For additional details on the Envoy Gateway integration compatibilities, see the
 [6]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
 [7]: https://github.com/DataDog/dd-trace-go
 [8]: /tracing/trace_collection/library_config/go/
-[9]: /security/application_security/policies/library_configuration/
+[9]: /security/application_security/threat_protection/policies/library_configuration/
 [10]: https://gateway-api.sigs.k8s.io/api-types/referencegrant/
 [11]: /security/application_security/setup/compatibility/envoy-gateway
 [12]: /security/application_security/

@@ -185,7 +185,7 @@ For finer-grained analysis and other AAP features, consider trying other AAP int
 [2]: /agent/remote_config/?tab=configurationyamlfile#enabling-remote-configuration
 [6]: https://github.com/DataDog/dd-trace-go
 [7]: /tracing/trace_collection/library_config/go/
-[8]: /security/application_security/policies/library_configuration/
+[8]: /security/application_security/threat_protection/policies/library_configuration/
 [9]: https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api
 [10]: https://gateway-api.sigs.k8s.io/implementations
 [11]: https://go.dev/doc/install

@@ -266,7 +266,7 @@ For additional details on the underlying compatibility, see the [GCP Service Ext
 [7]: https://github.com/DataDog/dd-trace-go/pkgs/container/dd-trace-go%2Fservice-extensions-callout
 [8]: https://github.com/DataDog/dd-trace-go
 [9]: /tracing/trace_collection/library_config/go/
-[10]: /security/application_security/policies/library_configuration/
+[10]: /security/application_security/threat_protection/policies/library_configuration/
 [11]: https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gateway-resources#configure_health_check
 [12]: https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gke-service-extensions
 [13]: /security/application_security/setup/compatibility/gcp-service-extensions