Threat Detection
Overview
A snapshot of the threat landscape for the threat detection results of the APIs:
Key Metrics:
- Application Under Threat: Total number of applications currently under threat
- API Under Threat: Total number of APIs under threat
- Threat Level: Indicates the severity level of the threats detected
- Threats Trend: Visualizes the trend of threats over the selected time range
- Top 10 Threat Source IPs: Displays the top 10 source IP addresses from which threats are originating
- Top 10 Threat Types: List the most common types of threats detected
- Top 10 APIs Under Threat: Identifies the top 10 APIs facing the most significant threats
Time Ranges:
Last hour, last 24 hours, last 7 days, last 30 days, last month, and this month.
Threats
Threats displays all API threats detected by the system.
Displayed Information:
- Start Time: Time when the threat was first detected
- Application: The application to which the API belongs
- API Path: The specific API path under threat
- Risk Level: Severity level of the detected threat
- Source IP: The originating IP address of the threat
- Threat: Name or identifier of the threat
- Threat Type: Classification of the threat based on behavior or pattern
- Threat Category: Grouping of the threat type under a broader category
Filters
- Application: Select the target application to view related threats
- Start Time / End Time: Specify a time range to narrow down the threat list
Detection Rules
Detection Rules include managed and custom rules for identifying API threats.
Managed Rules:
Pre-defined for detecting common API threats.
Custom Rules:
User-defined for tailored detection.
Configuration for Custom Rules:
- Name, Description, and Risk Level
- Source and Target: Define request origin and API endpoints
- Metric Collection Interval: Choose from once, one minute, or one day
- Scheduling: Set rule effectiveness as always (default) or periodic (weekly)
- Triggering Condition: Configure metrics, matching condition, and threshold value