AAP post-reorg updates

- removed SCA references in compat lib topics
- removed Code Security reference in compat lib topics
- removed old threats folder now that all files have moved

Some minor content updates.

Author: michaelcretzman

content/en/security/application_security/_index.md

@@ -14,9 +14,6 @@ further_reading:
 - link: "/security/application_security/threats/"
   tag: "Documentation"
   text: "App and API Protection"
-- link: "/security/code_security/software_composition_analysis/"
-  tag: "Documentation"
-  text: "Software Composition Analysis"
 - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/"
   tag: "Product Page"
   text: "Datadog App and API Protection"
@@ -45,19 +42,36 @@ algolia:
 
 {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}}
 
-Datadog App and API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate.
+**App & API Protection (AAP)** provides unified visibility and security for your applications and APIs, helping you detect, investigate, and prevent threats across modern workloads.
+
+Whether you're defending public-facing APIs, internal services, or user-facing applications, AAP equips your teams with realtime OOTB threat detection, posture assessment, and in-app protections.
+
+<div class="alert alert-info">Formerly known as Application Security Monitoring (ASM), AAP now goes beyond runtime threat detection to include API discovery, posture management, and protection capabilities.</div>
+
 
-AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, AAP leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code.
+## Key capabilities
 
-When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats.
+### API discovery and posture management
 
-Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by AAP and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel.
+* Automatically detect all APIs exposed by your services.  
+* Identify unprotected, undocumented, or overly permissive endpoints.  
+* Get detailed, contextual findings tied to specific endpoints, misconfigurations, and observed behavior.  
+* Evaluate API configurations against posture rules based on security best practices and compliance frameworks (e.g., OWASP API Top 10).
 
-With AAP, you can cut through the noise of continuous trace data to focus on securing and protecting your environment.
+### Runtime threat detection and protection
 
-Until you fully remediate the potential vulnerabilities in your application code, AAP enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click.
+* Detect real-time threats such as injection attacks, account takeover attempts, and application abuse.  
+* Correlate multi-signal attack patterns into actionable insights.  
+* Block malicious traffic with In-App WAF rules using attributes like IP, user agent, headers, and more.
 
-## Understanding how App and API Protection is implemented in Datadog
+## Use cases
+
+* Protect customer data in production APIs  
+* Detect and block credential stuffing and ATO attacks  
+* Maintain API posture compliance across teams and environments  
+* Investigate incidents with correlated trace, log, and security data
+
+## AAP implementation in Datadog
 
 If you're curious how App and API Protection is structured and how it uses tracing data to identify security problems, read [How App and API Protection Works][3].
 
@@ -72,9 +86,10 @@ To start configuring your environment to detect and protect threats with AAP, fo
 In the [Security Signals Explorer][6], click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context.
 
 ## Disable AAP
+
 For information on disabling AAP or its features, see the following:
 
-- [Disabling threat management and protection][10]
+- [Disabling AAP][10]
 
 ## Next steps
 

content/en/security/application_security/api-inventory/_index.md

@@ -14,9 +14,9 @@ further_reading:
 - **Authentication Method**: Type of authentication used, such as Basic Auth and API key.
 - **Public Exposure**: Whether the API is processing traffic from the internet.
 - **Sensitive data flows**: Sensitive data handled by the API and flows between APIs.
-- **Attack Exposure**: If the endpoint is targeted by attacks (powered by [App and API Protection][2]).
+- **Attack Exposure**: If the endpoint is targeted by attacks.
 - **Business Logic**: Business logic and associated business logic suggestions for this API.
-- **Vulnerabilities**: If the endpoint contains a vulnerability (powered by [Code Security][8] and [Software Composition Analysis][3]).
+- **Vulnerabilities**: If the endpoint contains a vulnerability.
 - **Findings**: Security findings found on this API.
 - **Dependencies**: APIs and Databases the API depends on.
 
@@ -119,10 +119,6 @@ Datadog reports the type of authentication when available in a header through th
 | Basic Authentication                              | `basic_auth`     |
 | Digest access authentication                      | `digest_auth`    |
 
-### Vulnerabilities count
-
-Counts the [Code Security][8] vulnerabilities on the endpoint , in addition to the [Software Composition Analysis][3] vulnerabilities of its service.
-
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}

content/en/security/application_security/guide/automate_risk_reduction_sca.md

@@ -3,18 +3,18 @@ title: Set Up App and API Protection Products without using APM
 disable_toc: false
 ---
 
-Datadog AAP [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone App and API Protection. This guide explains how to set up Standalone App and API Protection.
+Datadog AAP is built on top of [APM][3]. While Datadog recommends using AAP with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone App and API Protection. This guide explains how to set up Standalone App and API Protection.
 
 ## Prerequisites
 
 This guide assumes you have the following:
 
 - **Datadog Agent:** [Install the Datadog Agent][6] and configure it for your application's operating system, container, cloud, or virtual environment.
-- **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports App and API Protection. For more details, see the guides for [App and API Protection][4] or [Code Security][5].
+- **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports App and API Protection. For more details, see the guide for [App and API Protection][4].
 
 ## Compatibility
 
-Standalone App and API Protection is currently supported for the following tracing library versions:
+Standalone App and API Protection is supported for the following tracing library versions:
 
 | Language | Version |
 | -------- | ------- |
@@ -31,12 +31,10 @@ Standalone App and API Protection is currently supported for the following traci
 
 Set up the Datadog Agent using the standard method for APM or App and API Protection setup, but set up the Tracing Library by adding the `DD_APM_TRACING_ENABLED=false` environment variable to the service that runs the Tracing Library.
 
-This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. The environment variable can then be combined with environment variables to enable App and API Protection or Code Security.
+This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. The environment variable can then be combined with environment variables to enable App and API Protection.
 
 For App and API Protection, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable.
 
-For Code Security, add the `DD_APM_TRACING_ENABLED=false DD_IAST_ENABLED=true` environment variable.
-
 
 [1]: /security/workload_protection/
 [2]: /security/application_security/code_security/

content/en/security/application_security/guide/standalone_application_security.md

@@ -13,14 +13,16 @@ aliases:
 
 ## Overview
 
-Datadog App and API Protection provides observability into application-level attacks that aim to exploit code-level vulnerabilities or abuse the business logic of your application, and into any bad actors targeting your systems. It provides:
-
-- **Observability into attacks**: Provides insight into application-level attacks targeting code vulnerabilities or business logic.
-- **Trace-based monitoring**: Utilizes the same tracing libraries as Datadog APM to monitor traffic and detect security threats.
-- **Security signals**: Automatically generates security signals when attacks or business logic abuses are detected, focusing on meaningful threats rather than individual attempts.
-- **Notification Options**: Offers notifications through Slack, email, or PagerDuty based on security signal settings.
-- **Embedded security**: Integrated within the application, providing better threat identification and classification by accessing trace data.
-- **Enhanced WAF functionality**: Functions like a Web Application Firewall (WAF) but with additional application context, improving accuracy and reducing false positives.
+Datadog App and API Protection (AAP) provides observability into application and API-level attacks that aim to exploit vulnerabilities and abuse app business logic, and observability into any bad actors targeting your systems. AAP performs actions such as the following:
+
+- Detects and monitors application and API-level attacks
+- Flags traces containing attack attempts using APM data
+- Highlights exposed services in security views (Software Catalog, Service Page, Traces)
+- Identifies bad actors by collecting client IPs and user info
+- Provides automatic threat pattern updates and security signals
+- Supports built-in protection and attack qualification
+- Offers visibility into API threats and attack details
+- Helps identify and respond to vulnerabilities like Log4Shell
 
 ### Identify services exposed to application attacks
 

content/en/security/application_security/how-it-works/_index.md

@@ -1,6 +1,5 @@
 ---
 title: Trace Qualification
-aliases:  
 further_reading:
 - link: "/security/application_security/"
   tag: "Documentation"