Threat activity

The Threat Activity page under Traceable's API Protection provides you with high-level as well as detailed information related to various threats on your APIs. The summary section provides information based on all the logged and blocked activity, along with the top detected threats. The summary section is further divided into sections based on:

• Malicious activities
• Malicious sources
• API abuse

The top threat types are further classified in different categories based on:

• Traceable identified threat type
• OWASP 2017
• OWASP 2021
• OWASP API
• CWE

This categorization helps you in identifying threats based on OWASP's industry standard definitions of API threats. 

Detailed threat activity view

You can view in-depth and detailed information about threat activity by filtering based on different API attributes, for example, Endpoint name, Service name, threat actor country, and so on. You can add as many filters as you wish to drill down or search for a specific threat activity. Once you have filtered threat activity based on your search criteria, you can view the detailed information by clicking on the specific threat activity. 

The detailed information about threat activity provides you information such as when it was first and last detected, the total number of requests, the affected end points, the different threat actors involved in that threat activity, and so on. You can further drill down on an individual request to view information about payload and session information. In the session information, Traceable provides detailed information about the request made to the affected endpoints and services. You can further drill down to fetch information about each request to the affected endpoint. The following is a clickable demo showcasing the various in-depth information that Traceable provides about the threat activity in your API ecosystem.

The Request Timeline displays the number of requests received during a specific time-period. The request timeline shows the number of requests at a specific time during first detected and last detected time.