Event Type | Event Description |
Miss user value | The request lacks necessary user information, such as user ID and username. This may indicate that an attacker is attempting an aggressive attempt on the business, such as Fuzzing (fuzz testing). |
Miss user parameters | The request lacks necessary parameters, such as user ID and username. This may indicate that an attacker is attempting an aggressive attempt on the business, such as Fuzzing (fuzz testing). |
Miss username and password | The request lacks necessary username and password information. This may indicate that an attacker is attempting an aggressive attempt on the business, such as fuzzing (fuzz testing). |
Miss log-in action | The request lacks the necessary log-in action. For example, the log-in request is missing the log-in action parameter. This may indicate that an attacker is attempting an aggressive attempt on the business, such as Fuzzing (fuzz testing). |
Vertical privilege escalation | Users or attackers acquire data outside their permission scope by modifying parameters, URL, etc. This can lead to sensitive data leaks and insufficient internal information security. |
Unauthorized access to sensitive information | Users or attackers access sensitive data in the system without authorization, causing sensitive data leaks and insufficient internal information security. |
Event Type | Event Description |
Brute force cracking | Attackers use automation tools to perform brute force cracking on the target system's password. They often use dictionary attacks or brute force cracking tools to try multiple password combinations until the correct password is found. |
Credential stuffing attack | Attackers use known username and password combinations to attempt logging in to the target system, usually through the leaked user information. They often use leaked username and password combinations to try logging in to other websites or systems to see if they can access the target system. |
Malicious registration | This means that attackers use false or misappropriated user information to conduct registrations, usually to perform other malicious behaviors such as sending spam. |
Event Type | Event Description |
SMS API flooding | Attackers use automation tools to frequently request the SMS API, usually to conduct SMS bombing, deplete SMS resources, and perform other malicious behaviors. |
Captcha API flooding | Attackers use automation tools to frequently request the Captcha API, usually to conduct CAPTCHA bypass, CAPTCHA resource consumption, and other malicious behaviors. |
API Abuse | Users or attackers frequently request the API, exceeding normal usage limits, which may burden the system or pose security risks. Attackers typically use automation tools to send a large number of requests to try to consume system resources or conduct other malicious activities. |
Event Type | Event Description |
API invocation from unusual regions | Requests to this API are usually concentrated in one region. A large number of requests from other regions have been detected, suspected to be abnormal. |
API invocation from unusual source IP | The IPs accessing this API are usually concentrated in a certain IP range. A large number of requests from abnormal IP ranges have been detected, suspected to be abnormal. |
API invocation from unusual terminals | The clients accessing this API are usually of a certain type. A large number of requests through other types of clients have been detected, suspected to be abnormal. |
Event Type | Event Description |
Excessive sensitive data retrieval | Users or attackers access a large amount of sensitive data through this API, potentially causing sensitive data leaks and insufficient internal information security. |
Unauthorized access to sensitive information | Users or attackers access sensitive data in the system without authorization, causing sensitive data leaks and insufficient internal information security. |
Event Type | Event Description |
Web attack | The API frequently suffers from over ten types of Web attacks such as SQL injection attack, XSS attack, command injection attack, illegal access to core files, file upload attack, malicious scanning, Trojan backdoor attack, XML injection attack, Web application vulnerability attack, LDAP injection attack, server-side request forgery, Server-side template injection vulnerability, unauthorized access vulnerability, and non-compliant protocols. |
Field Name | Description |
Security events | Total number of API events under the current domain name. |
Detected today | Total number of API events detected today under the current domain name. |
Detected | Total number of detected API events under the current domain name. |
Handled | Total number of handled API events under the current domain name. |
In progress | Total number of handled API events under the current domain name. |
Ignored | Total number of ignored API events under the current domain name. |
Field Name | Description |
Event ID | API event name. |
Event type | API event type. |
Event level | API event risk level. |
Related domain | API event associated API name. |
Status | Current event status of the API event. Detected: detected and unconfirmed API event In progress: API event with risks being confirmed and related rules being configured. This status includes processing suggestions for the event type (CC/access control/BOT, etc.), and appropriate rules can be added with one click. Handled: API event with risks confirmed and handling rules added Ignored: confirmed as not needing handling and ignored Disabled: Observed access traffic and attack traffic situation, confirming that the event can be completely closed. |
Detection time | Earliest detection time of the API event. |
Last update | Most recent update time of the API event. |
Operation | Status changed and View details. |
Field Name | Description |
Basic information | Mainly includes Event ID, Event type, Occurred, Update time, Related APl, Associated domain name, and Event details. |
Suggestion | Depending on the event type, provide corresponding suggestions. You can click Add with one click to add the corresponding handling rules. |
Rule added | Status of added rules. |
Change history | History of event status changes. |
Attacker details | Event attack source details. |
Was this page helpful?