Threat Detection
Overview
A snapshot of the threat landscape for the threat detection results of the APIs:
- Application Under Threat: Total number of applications currently under threat.
- API Under Threat: Total number of APIs under threat.
- Threat Level: Indicates the severity level of the threats detected.
- Threats Trend: Visualizes the trend of threats over the selected time range.
- Top 10 Threat Source IPs: Displays the top 10 source IP addresses from which threats are originating.
- Top 10 Threat Types: List the most common types of threats detected.
- Top 10 APIs Under Threat: Identifies the top 10 APIs facing the most significant threats.
Time Ranges: Last hour, last 24 hours, last 7 days, last 30 days, last month, and this month.
Threats
Threats displays all API threats detected by the system.
Displayed Information:
- Start Time: Time when the threat was first detected.
- Application: The application to which the API belongs.
- API Path: The specific API path under threat.
- Risk Level: Severity level of the detected threat.
- Source IP: The originating IP address of the threat.
- Threat: Name or identifier of the threat.
- Threat Type: Classification of the threat based on behavior or pattern.
- Threat Category: Grouping of the threat type under a broader category.
Filters:
- Application: Select the target application to view related threats.
- Start Time / End Time: Specify a time range to narrow down the threat list.
Detection Rules
Detection Rules include managed and custom rules for identifying API threats.
- Managed Rules: Pre-defined for detecting common API threats.
- Custom Rules: User-defined for tailored detection.
Configuration for Custom Rules:
- Name, Description, and Risk Level
- Source and Target: Define request origin and API endpoints.
- Metric Collection Interval: Choose from once, one minute, or one day.
- Scheduling: Set rule effectiveness as always (default) or periodic (weekly).
- Triggering Condition: Configure metrics, matching condition, and threshold value.