Updated docs with common issues content (#26814)

content/en/getting_started/application_security/_index.md

@@ -88,6 +88,14 @@ Once enabled, ASM immediately identifies application vulnerabilities and detects
 
 3. Go to [Security Signals Explorer][6] to see the signal that is generated after a few seconds.
 
+## Disable ASM
+
+For information on disabling ASM or its features, see the following:
+
+- [Disabling threat management and protection][24]
+- [Disabling Software Composition Analysis][25]
+- [Disabling Code Security][26]
+
 ## Reports and notifications
 
 1. Set up [notification rules][23] to receive alerts using Slack, Jira, email, and more.
@@ -122,5 +130,7 @@ Interested in best practices to go further? View the [in-product Quickstart Guid
 [21]: /agent/remote_config?tab=configurationyamlfile#setup
 [22]: https://app.datadoghq.com/security/configuration/reports
 [23]: https://app.datadoghq.com/security/configuration/notification-rules
-
+[24]: /security/application_security/troubleshooting/#disabling-threat-management-and-protection
+[25]: /security/application_security/troubleshooting/#disabling-software-composition-analysis
+[26]: /security/application_security/troubleshooting/#disabling-code-security
 

content/en/getting_started/application_security/software_composition_analysis.md

@@ -129,6 +129,9 @@ Optionally, you can select specific GitHub repositories to enable SCA by clickin
 
    {{< img src="getting_started/appsec/appsec-vuln-remediation_3.png" alt="Application Vulnerability Management recommended remediation steps of the vulnerability." style="width:100%;" >}}
 
+## Disable SCA
+
+For information on disabling Software Composition Analysis, see [Disabling Software Composition Analysis][16].
 
 ## Further reading
 
@@ -147,3 +150,4 @@ Optionally, you can select specific GitHub repositories to enable SCA by clickin
 [13]: https://app.datadoghq.com/security/configuration/asm/setup
 [14]: https://docs.datadoghq.com/integrations/github/
 [15]: /security/application_security/software_composition_analysis/setup/compatibility/
+[16]: /security/application_security/troubleshooting/#disabling-software-composition-analysis

content/en/getting_started/cloud_security_management/_index.md

@@ -62,6 +62,13 @@ This guide walks you through best practices for getting your team up and running
 2. Use out-of-the-box dashboards or [create your own][22] for faster investigations, reporting, and monitoring.
 3. Subscribe to the weekly [security digest][31] reports to begin investigation and remediation of the most important new security issues discovered in the last seven days. 
 
+## Disable CSM
+
+For information on disabling CSM, see the following:
+
+- [Disable CSM Vulnerabilities][32]
+- [Disable CSM Threats][33]
+
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -88,3 +95,5 @@ This guide walks you through best practices for getting your team up and running
 [29]: https://app.datadoghq.com/security/identities
 [30]: https://app.datadoghq.com/security/infra-vulnerability
 [31]: https://app.datadoghq.com/security/configuration/reports
+[32]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities
+[33]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats

content/en/security/_index.md

@@ -83,6 +83,14 @@ Datadog [Application Security][1] provides observability into application-level
 
 {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}}
 
+### Disable ASM
+
+For information on disabling ASM or its features, see the following:
+
+- [Disabling threat management and protection][17]
+- [Disabling Software Composition Analysis][18]
+- [Disabling Code Security][19]
+
 ## Cloud SIEM
 
 [Cloud SIEM][4] (Security Information and Event Management) detects real-time threats to your application and infrastructure, like a targeted attack, an IP communicating with your systems which matches a threat intel list, or an insecure configuration. Cloud SIEM is powered by [Datadog Log Management][5]. With these areas combined, you can [automate remediation of threats detected by Datadog Cloud SIEM][6] to speed up your threat-response workflow. Check out the dedicated [Guided Tour](https://www.datadoghq.com/guided-tour/security/cloud-siem/) to see more.
@@ -117,3 +125,6 @@ To get started with Datadog Security, navigate to the [**Security** > **Setup**]
 [14]: https://www.datadoghq.com/guided-tour/security/
 [15]: /security/cloud_security_management/identity_risks/
 [16]: /security/cloud_security_management/vulnerabilities/
+[17]: /security/application_security/troubleshooting/#disabling-threat-management-and-protection
+[18]: /security/application_security/troubleshooting/#disabling-software-composition-analysis
+[19]: /security/application_security/troubleshooting/#disabling-code-security

content/en/security/application_security/_index.md

@@ -88,6 +88,14 @@ In the [Security Signals Explorer][6], click on any security signal to see what
 
 [Code Security][9] identifies code-level vulnerabilities in your services and provides actionable insights and recommended fixes. It uses an Interactive Application Security Testing (IAST) approach to find vulnerabilities within your application code. IAST uses instrumentation embedded in your code like application performance monitoring (APM) and it enables Datadog to identify vulnerabilities using legitimate application traffic instead of relying on external tests that could require extra configuration or periodic scheduling.
 
+## Disable ASM
+
+For information on disabling ASM or its features, see the following:
+
+- [Disabling threat management and protection][10]
+- [Disabling Software Composition Analysis][11]
+- [Disabling Code Security][12]
+
 ## Next steps
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -100,3 +108,6 @@ In the [Security Signals Explorer][6], click on any security signal to see what
 [7]: https://dashcon.io/appsec
 [8]: /security/application_security/software_composition_analysis/
 [9]: /security/application_security/code_security/
+[10]: /security/application_security/troubleshooting/#disabling-threat-management-and-protection
+[11]: /security/application_security/troubleshooting/#disabling-software-composition-analysis
+[12]: /security/application_security/troubleshooting/#disabling-code-security

content/en/security/application_security/code_security/_index.md

@@ -117,6 +117,10 @@ To enable Code Security configure the [Datadog Tracing Library][9]. Detailed ins
 
 If you need additional help, contact [Datadog support][11].
 
+## Disable Code Security
+
+For information on disabling Code Security, see [Disabling Code Security][12].
+
 ## Further Reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -131,3 +135,4 @@ If you need additional help, contact [Datadog support][11].
 [9]: /security/application_security/code_security/setup/
 [10]: https://app.datadoghq.com/security/configuration/asm/setup
 [11]: https://www.datadoghq.com/support/
+[12]: /security/application_security/troubleshooting/#disabling-code-security

content/en/security/application_security/software_composition_analysis/_index.md

@@ -121,6 +121,10 @@ Software Composition Analysis enriches the information APM is already collecting
 
 {{< img src="security/application_security/threats/threats-on-svc-cat_3.png" alt="Vulnerability information shown in the APM Service Catalog" style="width:100%;" >}}
 
+## Disable Software Composition Analysis
+
+For information on disabling Software Composition Analysis, see [Disabling Software Composition Analysis][14].
+
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -137,3 +141,4 @@ Software Composition Analysis enriches the information APM is already collecting
 [11]: /integrations/jira/
 [12]: https://app.datadoghq.com/security/configuration/asm/setup
 [13]: https://github.com/DataDog/guarddog
+[14]: /security/application_security/troubleshooting/#disabling-software-composition-analysis

content/en/security/application_security/threats/_index.md

@@ -65,6 +65,10 @@ You can [create In-App WAF rules][5] that define what suspicious behavior looks
 
 {{% asm-protect %}}
 
+## Disable threat management and protection
+
+For information on disabling threat management and protection, see [Disabling threat management and protection][12].
+
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -79,3 +83,4 @@ You can [create In-App WAF rules][5] that define what suspicious behavior looks
 [9]: /security/application_security/threats/exploit-prevention/
 [10]: /security/default_rules/?category=cat-application-security
 [11]: /security/account_takeover_protection/
+[12]: /security/application_security/troubleshooting/#disabling-threat-management-and-protection

content/en/security/application_security/troubleshooting.md

@@ -576,10 +576,17 @@ If no `DD_APPSEC_ENABLED=true` environment variable is set for your service, do
 
 ## Disabling Software Composition Analysis
 
-To disable [Software Composition Analysis][14]:
+SCA can be enabled using two methods: the UI or manually using an environment variable. When you disable SCA, you must use the *same method* you used to enable SCA. For example, if you enabled SCA manually, you cannot disable it using the UI. You must disable it manually. 
 
-* Go to [Services][15], select **Software Composition Analysis (SCA)**, click on your service and then click **Deactivate**.
+Typically, SCA is enabled and disabled on a service using the UI.
+
+To disable [Software Composition Analysis][14] using the UI:
+
+* Go to [Services][15], select **Software Composition Analysis (SCA)**, click on your service to open the service details, and then, in **Vulnerability Detection**, click **Deactivate**.
 * To disable Software Composition Analysis on your services in bulk, click the check box in the list header and then under **Bulk Actions** select **Deactivate Software Composition Analysis (SCA) on (number of) services**.
+
+To disable SCA manually:
+
 * To disable Software Composition Analysis using the `DD_APPSEC_SCA_ENABLED` environment variable, remove the `DD_APPSEC_SCA_ENABLED=true` environment variable from your application configuration, and restart your service. This does not apply to PHP apps.
 
 ## Disabling Code Security

content/en/security/cloud_security_management/setup/_index.md

@@ -28,11 +28,17 @@ further_reading:
 
 ## Overview
 
-To get started with Cloud Security Management (CSM), follow these steps:
-
-1. [Enable Agentless Scanning](#enable-agentless-scanning)
-1. [Deploy the Agent for additional coverage](#deploy-the-agent-for-additional-coverage)
-1. [Enable additional features](#enable-additional-features)
+To get started with Cloud Security Management (CSM), review the following:
+
+- [Overview](#overview)
+- [Enable Agentless Scanning](#enable-agentless-scanning)
+- [Deploy the Agent for additional coverage](#deploy-the-agent-for-additional-coverage)
+- [Enable additional features](#enable-additional-features)
+  - [AWS CloudTrail Logs](#aws-cloudtrail-logs)
+  - [IaC remediation](#iac-remediation)
+  - [Deploy via cloud integrations](#deploy-via-cloud-integrations)
+- [Disable CSM](#disable-csm)
+- [Further reading](#further-reading)
 
 ## Enable Agentless Scanning
 
@@ -113,6 +119,13 @@ With Infrastructure as Code (IaC) remediation, you can use Terraform to open a p
 
 Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see [Deploying Cloud Security Management via Cloud Integrations][7].
 
+## Disable CSM
+
+For information on disabling CSM, see the following:
+
+- [Disable CSM Vulnerabilities][8]
+- [Disable CSM Threats][9]
+
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -123,4 +136,6 @@ Monitor your compliance security coverage and secure your cloud infrastructure a
 [4]: /security/cloud_security_management/setup/cloudtrail_logs
 [5]: /security/cloud_security_management/setup/iac_remediation
 [6]: /security/cloud_security_management/identity_risks
-[7]: /security/cloud_security_management/setup/cloud_accounts
+[7]: /security/cloud_security_management/setup/cloud_accounts
+[8]: /security/cloud_security_management/troubleshooting/vulnerabilities/#disable-csm-vulnerabilities
+[9]: /security/cloud_security_management/troubleshooting/threats/#disable-csm-threats

content/en/security/cloud_security_management/troubleshooting/threats.md

@@ -9,8 +9,6 @@ further_reading:
   text: "Troubleshooting CSM Vulnerabilities"
 ---
 
-## Overview
-
 If you experience issues with Cloud Security Management (CSM) Threats, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][1].
 
 ## Security Agent flare
@@ -83,6 +81,88 @@ datadog:
 ```bash
 DD_RUNTIME_SECURITY_CONFIG_NETWORK_ENABLED=false
 ```
+## Disable CSM Threats
+
+To disable CSM Threats, follow the steps for your Agent platform.
+
+### Helm
+
+In the Helm `values.yaml`, set `securityAgent.runtime` to `enabled: false` as follows:
+
+{{< code-block lang="yaml" filename="values.yaml" disable_copy="false" collapsible="true" >}}
+
+# values.yaml file
+datadog:
+
+# Set to false to Disable CWS
+securityAgent:
+  runtime:
+    enabled: false
+{{< /code-block >}}
+
+### Daemonset/Docker
+
+Apply the following environment variable change to both the System Probe and the Security Agent deployment for a Daemonset:
+
+{{< code-block lang="json" filename="daemon.json" disable_copy="false" collapsible="true" >}}
+
+DD_RUNTIME_SECURITY_CONFIG_ENABLED=false
+{{< /code-block >}}
+
+### Host
+
+Modify the `system-probe.yaml` and `security-agent.yaml` to disable the runtime config:
+
+1. Disable CSM in `/etc/datadog-agent/system-probe.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`:
+    {{< code-block lang="yaml" filename="system-probe.yaml" disable_copy="false" collapsible="true" >}}
+
+    ##########################################
+    ## Security Agent Runtime Configuration ##
+    ##                                      ##
+    ## Settings to send logs to Datadog are ##
+    ## fetched from section `logs_config`   ##
+    ## in datadog-agent.yaml                ##
+    ##########################################
+
+    runtime_security_config:
+    ## @param enabled - boolean - optional - default: false
+    ## Set to true to enable full CSM.
+    #
+    enabled: false
+
+    ## @param fim_enabled - boolean - optional - default: false
+    ## Set to true to only enable the File Integrity Monitoring feature.
+    # fim_enabled: false
+
+    ## @param socket - string - optional - default: /opt/datadog-agent/run/runtime-security.sock
+    ## The full path of the unix socket where the security runtime module is accessed.
+    #
+    # socket: /opt/datadog-agent/run/runtime-security.sock
+    {{< /code-block >}}
+2. Disable CSM in `/etc/datadog-agent/security-agent.yaml`. Ensure that `runtime_security_config` is set to `enabled: false`:
+    {{< code-block lang="yaml" filename="security-agent.yaml" disable_copy="false" collapsible="true" >}}
+
+    ##########################################
+    ## Security Agent Runtime Configuration ##
+    ##                                      ##
+    ## Settings to send logs to Datadog are ##
+    ## fetched from section `logs_config`   ##
+    ## in datadog-agent.yaml                ##
+    ##########################################
+
+    runtime_security_config:
+    ## @param enabled - boolean - optional - default: false
+    ## Set to true to enable the Security Runtime Module.
+    #
+    enabled: false
+
+    ## @param socket - string - optional - default: /opt/datadog-agent/run/runtime-security.sock
+    ## The full path of the unix socket where the security runtime module is accessed.
+    #
+    # socket: /opt/datadog-agent/run/runtime-security.sock
+    {{< /code-block >}}
+3. Restart your agents.
+
 ## Further Reading
 
 {{< partial name="whats-next/whats-next.html" >}}

content/en/security/cloud_security_management/troubleshooting/vulnerabilities.md

@@ -49,6 +49,30 @@ The workaround for this issue is to set the configuration option:
 - For Helm: set `datadog.sbom.containerImage.uncompressedLayersSupport: true` in your `values.yaml` file.
 - For Datadog Operator: set `features.sbom.containerImage.uncompressedLayersSupport` to `true` in your DatadogAgent CRD.
 
+## Disable CSM Vulnerabilities
+
+In the `datadog-values.yaml` file for the Agent, set the following configuration settings to `false`:
+
+```
+# datadog-values.yaml file
+datadog:
+  sbom:
+    containerImage:
+      enabled: false
+
+      # Uncomment the following line if you are using Google Kubernetes Engine (GKE) or Amazon Elastic Kubernetes (EKS)
+      # uncompressedLayersSupport: true
+
+    # Enables Host Vulnerability Management
+    host:
+      enabled: false
+
+    # Enables Container Vulnerability Management
+    # Image collection is enabled by default with Datadog Helm version `>= 3.46.0`
+      containerImageCollection:
+        enabled: false
+```
+
 ## Further Reading
 
 {{< partial name="whats-next/whats-next.html" >}}