Overview
Users can enable the API security analysis feature on the Access Management Page, and observe and analyze API assets and risks by combining features such as API traffic analysis, API asset management, API security, event management, and access logs. This allows for targeted policy settings to protect website API assets and businesses from network attacks and infringements, preventing the sensitive data leak.
The process of API security practice tutorial is as follows:
Prerequisites
API Traffic Analysis
1. Log in to the WAF Console, and choose Safe and visible > APl Analytics in the left sidebar. 2. On the APl traffic analysis page, select the corresponding domain name from the top left corner. The right side shows whether API Security is enabled for the current domain name.
Display Instructions:
|
API asset overview | Statistics on the total number of API assets under the current domain name and the number of assets in corresponding statuses. |
API security risks overview | Statistics on the number of risky APIs, sensitive APIs, and API events under the current domain name. |
Asset activity status related | Statistics on the ranking, quantity, and trends of active APIs and inactive APIs under the current domain name. |
Sensitive data API related | Statistics on the classification, ranking, and proportion distribution of sensitive APIs under the current domain name. |
API event related | Statistics on the risk proportion of detected API events, ranking of related event numbers, event type proportions, number of events, and trends under the current domain name. |
3. By clicking the text in the chart, you can navigate to the API asset list/API asset details page.
API Asset Management
Users can manage and mark relevant API assets by changing the API asset status, making it convenient for subsequent statistics, analysis, and handling of API assets.
1. Log in to the WAF Console, and choose Asset Center > API Asset Management in the left sidebar. 2. On the API Asset Management page, select the domain name to be protected in the top left corner. The right side shows whether the API Security is enabled for the current domain name.
3. On the API Asset Management page, select the API for which you want to change the status, and click Asset Status or Status changed for the API asset.
4. In the status changed window, modify the relevant parameters, and click Submit.
Description of the Status changed Page:
|
Username | Default to the current console account name, supporting user customization |
Remarks | Status note description, up to 100 characters. |
Status | Cover five statuses: Detected, Confirming, Confirmed, Abolished, and Ignored. |
5. On the API asset management Page, select the API asset details you want to view, and click View details in the Operation column.
Description of the TAB details page:
|
API overview | Access trend, access source distribution, and request feature statistics of the current API. |
API attack overview | Attack trends and statistics of top abnormal requests for the current API. |
Parameter example | Request data and response data of the current API. |
Parameter list | Parameters in the request and response data of the current API. |
Associated event | Associated risk event list of the current API. |
Change history | Status change history and remarks of the current API assets. |
Event Management
Users can manage and mark relevant API assets by changing the API asset status, making it convenient for subsequent statistics, analysis, and handling of API assets.
1. Log in to the WAF console, and choose Event Management > API security events in the left sidebar. 2. On the API security events page, select the domain names to be protected in the top left corner. The right side shows whether API Security is enabled for the current domain name.
3. In the event overview page, you can view the total number of current events and number of events in each status.
4. In the event list page, select the event status you want to change, and click Status or Status changed of the event.
5. In the status changed window, modify the relevant parameters, and click Submit.
Description of the Status changed Page:
|
Username | Default to the current console account name, supporting user customization |
Remarks | Status note description, up to 100 characters. |
Status | Detected: Detected and unconfirmed API events. Handling: API event with risks being confirmed and related rules being configured. This status includes processing suggestions for the event type (CC/access control/BOT, etc.), and appropriate rules can be added with one click. Confirmed: API events with risks confirmed and handling rules added. Ignored: Confirm as not required to be handled and ignore it. Disabled: Observe the access traffic and attack traffic situation, confirming that the event can be completely closed. |
6. On the Event Management page, select the target event, and click View details to enter the Details page.
7. On the Event details page, the information such as the basic information of the event, suggestions, added rules, and change history will be displayed.
Description of the Details Page:
|
Basic information | Information on the current event including event ID, event type, associated API, domain name, occurrence time, update time, and event details. |
Suggestions | Suggestions for handling the current event type (CC, access control, and bot, etc.). |
Added rules | Existing access control rules. |
Attack source details | Details of the attack source and related operations for the current event. |
Change history | History of status changes for the current event. |
Was this page helpful?