# Traceable

> Knowledge base documentation for Traceable.

## v1

- [Product Overview](https://traceabledocs.document360.io/docs/product-ovw.md): Explore Traceable's advanced API and application security platform. Learn about API discovery, risk management, role-based access, and pre-deployment security testing to safeguard your applications.
- [Traceable deployment](https://traceabledocs.document360.io/docs/traceable-deployment.md): Deploy Traceable to enhance your data collection and security with versatile options. Collect data via mirroring agents, edge deployments, or language agents within your application. Use the Platform agent to aggregate, classify, and redact data before analysis. Enjoy comprehensive visibility by deploying Tracing agents at the network edge, as sidecars, or through serverless and agentless methods. Compatible with various API gateways and load balancers, Traceable ensures secure, verifiable integration. Start your deployment journey with our guides and support for on-prem and cloud environments.
- [Traceable CLI Release Notes](https://traceabledocs.document360.io/docs/cli-release-notes.md)
- [Product Release Note 2026](https://traceabledocs.document360.io/docs/productrn26.md)
- [eBPF](https://traceabledocs.document360.io/docs/ebpfrn26.md)
- [Traceable Platform Agent](https://traceabledocs.document360.io/docs/tparn26.md)
- [Traceable Mirroring Agent](https://traceabledocs.document360.io/docs/mirroringagentrn26.md)
- [IIS](https://traceabledocs.document360.io/docs/iisrn26.md)
- [Packet Forwarder](https://traceabledocs.document360.io/docs/packetforwarderrn26.md)
- [eBPF](https://traceabledocs.document360.io/docs/ebpfrn25.md)
- [Apigee](https://traceabledocs.document360.io/docs/apigeern25.md)
- [AWS API gateway](https://traceabledocs.document360.io/docs/awsapigwrn25.md)
- [CA Layer7](https://traceabledocs.document360.io/docs/calayer7rn25.md)
- [Java](https://traceabledocs.document360.io/docs/javarn25.md)
- [IBM](https://traceabledocs.document360.io/docs/ibmrn25.md)
- [Mirroring agent](https://traceabledocs.document360.io/docs/mirroringagentrn25.md)
- [Mulesoft](https://traceabledocs.document360.io/docs/mulesoftrn25.md)
- [.NET](https://traceabledocs.document360.io/docs/dotnetrn25.md)
- [Netlify](https://traceabledocs.document360.io/docs/netlifyrn25.md)
- [NGINX](https://traceabledocs.document360.io/docs/nginxrn25.md)
- [Platform agent](https://traceabledocs.document360.io/docs/rntpa25.md)
- [Istio agent](https://traceabledocs.document360.io/docs/istiorn25.md)
- [Product Release Note](https://traceabledocs.document360.io/docs/productrn25.md)
- [Traceable CLI Release Notes](https://traceabledocs.document360.io/docs/cli-release-notes-2025.md)
- [Apigee](https://traceabledocs.document360.io/docs/apigeern24.md)
- [Azure APIM](https://traceabledocs.document360.io/docs/azureapimrn24.md)
- [AWS API gateway](https://traceabledocs.document360.io/docs/rnawsapigateway24.md)
- [eBPF](https://traceabledocs.document360.io/docs/rnebpf24.md)
- [CA Layer7](https://traceabledocs.document360.io/docs/calayer7rn24.md)
- [IIS](https://traceabledocs.document360.io/docs/rniis24.md)
- [Java](https://traceabledocs.document360.io/docs/javarn24.md)
- [Mulesoft agent](https://traceabledocs.document360.io/docs/mulesoftrn24.md)
- [Mirroring agent](https://traceabledocs.document360.io/docs/mirroring-agent.md)
- [Platform agent](https://traceabledocs.document360.io/docs/rntpa24.md)
- [Python](https://traceabledocs.document360.io/docs/pythonrn24.md)
- [.NET agent](https://traceabledocs.document360.io/docs/rndotnet24.md)
- [NGINX](https://traceabledocs.document360.io/docs/nginxrn24.md)
- [Node.js](https://traceabledocs.document360.io/docs/nodejsrn24.md)
- [Windows mirroring](https://traceabledocs.document360.io/docs/windowsrn24.md)
- [Traceable On-prem Release Note](https://traceabledocs.document360.io/docs/pfrn24.md)
- [Release Notes - Platform agent](https://traceabledocs.document360.io/docs/platformagentrn23.md)
- [Release Notes - eBPF](https://traceabledocs.document360.io/docs/rnebpf23.md)
- [Release Notes - Apigee](https://traceabledocs.document360.io/docs/rnapigee23.md)
- [Release Notes - Go agent](https://traceabledocs.document360.io/docs/rngo23.md)
- [Release Notes - Java agent](https://traceabledocs.document360.io/docs/javaagentrn2023.md)
- [Release Notes - Kong](https://traceabledocs.document360.io/docs/rnkong23.md)
- [Release Notes - Mulesoft agent](https://traceabledocs.document360.io/docs/rnmulesoft23.md)
- [Release Notes - IIS](https://traceabledocs.document360.io/docs/rniis23.md)
- [Release Notes - NGINX](https://traceabledocs.document360.io/docs/rnnginx23.md)
- [Release Notes - Node.js](https://traceabledocs.document360.io/docs/rnnodejs23.md)
- [Release Notes - Python](https://traceabledocs.document360.io/docs/rnpython23.md)
- [Security Advisory March 2025](https://traceabledocs.document360.io/docs/security-advisory-march-2025.md)
- [GCP to AWS Migration](https://traceabledocs.document360.io/docs/gcp-to-aws-migration.md)
- [Agent Support Matrix](https://traceabledocs.document360.io/docs/agent-support-compatibility.md)
- [Traceable CLI Compatibility](https://traceabledocs.document360.io/docs/cli-compatibility.md)
- [Installation using script](https://traceabledocs.document360.io/docs/installation-using-script.md)
- [OS specific installation](https://traceabledocs.document360.io/docs/os-specific.md)
- [Introduction](https://traceabledocs.document360.io/docs/tpaintro.md)
- [Helm](https://traceabledocs.document360.io/docs/helm.md)
- [YAML](https://traceabledocs.document360.io/docs/yml.md)
- [Terraform](https://traceabledocs.document360.io/docs/terraform.md)
- [JVM](https://traceabledocs.document360.io/docs/jvm.md)
- [Helm and terraform values](https://traceabledocs.document360.io/docs/helm-and-terraform-values.md)
- [Annotations and labels](https://traceabledocs.document360.io/docs/annotations-and-labels.md)
- [Custom labels, annotations, and fields](https://traceabledocs.document360.io/docs/custom-labels.md)
- [Uninstall](https://traceabledocs.document360.io/docs/uninstall.md)
- [ECS](https://traceabledocs.document360.io/docs/ecs.md)
- [Install using CloudFormation](https://traceabledocs.document360.io/docs/install-tpa-using-cloudformation.md)
- [Windows](https://traceabledocs.document360.io/docs/windows.md): Learn how to install the Traceable Platform Agent on a Windows machine. This step-by-step topic covers prerequisites, installation instructions, and how to configure the agent. It also includes details on setting environment variables like TA_ENVIRONMENT and restarting the agent service to ensure proper telemetry reporting to Traceable AI. Ideal for users looking to monitor and secure APIs with Traceable on Windows environments.
- [Platform agent configuration overrides](https://traceabledocs.document360.io/docs/platform-agent-configuration-overrides.md)
- [Security Contexts for TPA and Sidecar Containers](https://traceabledocs.document360.io/docs/platform-agent-security-context.md): Learn how to configure Pod Security Contexts and Container Security Contexts for Traceable Platform Agent (TPA) and sidecar containers in Kubernetes. This guide covers YAML-based security configurations, and container-specific security settings, ensuring a secure and compliant Kubernetes deployment. Follow best practices to minimize security risks, enforce least privilege access, and optimize your Helm chart configurations.
- [Gloo Edge](https://traceabledocs.document360.io/docs/gloo-edge.md)
- [HAProxy Ingress Controller](https://traceabledocs.document360.io/docs/haproxy-ingress-controller.md)
- [Kong Ingress Controller](https://traceabledocs.document360.io/docs/kong-ingress-controller.md)
- [NGINX Ingress Controller](https://traceabledocs.document360.io/docs/nginx-ingress.md)
- [NGINX Ingress Controller using C++ module](https://traceabledocs.document360.io/docs/nginx-ingress-using-c-module.md): Enable Traceable instrumentation in Ingress-NGINX using a C++ module after Lua plugin deprecation. Learn how to inject, configure, upgrade, and uninstall using Helm or Terraform with full control over observability and security features.
- [Go](https://traceabledocs.document360.io/docs/go.md)
- [Java agent](https://traceabledocs.document360.io/docs/java.md)
- [Node.js agent](https://traceabledocs.document360.io/docs/nodejs-agent.md)
- [.NET agent](https://traceabledocs.document360.io/docs/dotnet-agent.md)
- [Python agent](https://traceabledocs.document360.io/docs/python-agent.md)
- [Ruby agent](https://traceabledocs.document360.io/docs/ruby-agent.md)
- [Envoy Proxy Sidecar for ECS Applications](https://traceabledocs.document360.io/docs/envoy-proxy-sidecar-for-ecs-applications.md)
- [Code signing](https://traceabledocs.document360.io/docs/code-signing.md)
- [Agent ports](https://traceabledocs.document360.io/docs/agent-ports.md): Learn about the required ports for Traceable's tracing and platform agents, including port configurations for OTLP, Zipkin, HTTP/HTTPS reverse proxies, and specific integrations like F5 and Apigee.
- [Platform agent to Traceable Platform via HTTP/1.1](https://traceabledocs.document360.io/docs/tpa-platform-via-http11.md): Learn how to configure Traceable Platform Agent (TPA) with an Envoy sidecar to convert gRPC traffic over HTTP/2 to HTTP/1.1. This setup enables seamless communication between TPA and the Traceable platform when your proxy only supports HTTP/1.1. Explore step-by-step instructions for configuring via Helm, Terraform, and the install.sh script, ensuring compatibility and secure data flow in environments without HTTP/2 support.
- [Generate self-signed certificate](https://traceabledocs.document360.io/docs/generate-self-signed-certificate.md)
- [Platform agent health check](https://traceabledocs.document360.io/docs/platform-agent-health-check.md)
- [Tracing Agents Rule Evaluation for Protection](https://traceabledocs.document360.io/docs/tracing-agents-rule-evaluation-for-protection.md): Traceable enables agent-based rule evaluation for API security, allowing custom security policies to be enforced inline or out-of-band based on the tracing agent and deployment model. This approach ensures early API request inspection with real-time options to block, allow, or monitor traffic across cloud-native environments.
- [Ambassador](https://traceabledocs.document360.io/docs/ambassador.md)
- [Fastly](https://traceabledocs.document360.io/docs/fastly.md): Learn how to deploy the Traceable Agent on Fastly Compute@Edge for real-time API observability and security. This step-by-step guide covers agent deployment, configuration, backend setup, and health checks to integrate seamlessly with Fastly.
- [eBPF](https://traceabledocs.document360.io/docs/ebpf.md)
- [Install eBPF using script](https://traceabledocs.document360.io/docs/install-ebpf-using-script.md)
- [eBPF with SCC on OpenShift](https://traceabledocs.document360.io/docs/ebpf-scc-openshift.md)
- [eBPF deployment using the Harness CD pipeline](https://traceabledocs.document360.io/docs/ebpf-harness-cd.md): Step-by-step guide to deploying the Traceable eBPF agent in Kubernetes using a Harness Continuous Delivery (CD) pipeline. Covers creating a Helm connector, storing configuration in the Harness File Store, defining a service with the Traceable Helm chart, and integrating it into a deployment pipeline for automated, consistent eBPF instrumentation across environments.
- [eBPF and custom selectors](https://traceabledocs.document360.io/docs/ebpf-custom-selectors.md)
- [IIS](https://traceabledocs.document360.io/docs/iis.md)
- [Apigee Policy](https://traceabledocs.document360.io/docs/apigee-policy.md)
- [Apigee blocking policy](https://traceabledocs.document360.io/docs/apigee-blocking-policy.md)
- [(Optional) Apigee agent TLS configuration](https://traceabledocs.document360.io/docs/apigee-tls.md)
- [Avi Vantage](https://traceabledocs.document360.io/docs/avi-vantage.md)
- [Akana](https://traceabledocs.document360.io/docs/akana.md)
- [Azure APIM](https://traceabledocs.document360.io/docs/azure-apim.md)
- [Data collection with log analytics](https://traceabledocs.document360.io/docs/data-collection-with-log-analytics.md)
- [Deployment using Terraform](https://traceabledocs.document360.io/docs/aws-api-gateway-terraform.md): Learn how to deploy and monitor AWS API Gateway using Terraform with Traceable AI. This guide provides configuration steps, Terraform templates, and instructions to monitor both REST and HTTP API gateways. Automate and secure your infrastructure while tracking API traffic across multiple AWS regions.
- [Deployment using CloudFormation](https://traceabledocs.document360.io/docs/aws-api-gateway-cloudformation.md): Learn how to deploy AWS API Gateway using CloudFormation with Traceable AI. This guide covers step-by-step instructions, configuration details, and CLI commands to monitor REST and HTTP API gateways. Follow best practices for a secure and automated deployment across multiple AWS regions and accounts.
- [Axway with eBPF](https://traceabledocs.document360.io/docs/axway-with-ebpf.md)
- [Boomi](https://traceabledocs.document360.io/docs/boomi.md)
- [CA Layer7 API Gateway](https://traceabledocs.document360.io/docs/ca-layer-7.md)
- [Citrix ADC](https://traceabledocs.document360.io/docs/citrix-adc.md)
- [Cloudflare workers](https://traceabledocs.document360.io/docs/cloudflare-worker.md)
- [F5 mirroring](https://traceabledocs.document360.io/docs/f5-mirroring.md)
- [F5 HSL](https://traceabledocs.document360.io/docs/f5-hsl.md): Integrate and monitor F5 High-Speed Logging (HSL) with Traceable AI. This topic covers step-by-step instructions for configuring F5 HSL iRules, creating virtual servers, and setting up the Traceable Platform agent. Learn to capture and analyze high-volume log data for enhanced network security and performance.
- [GCP application load balancer](https://traceabledocs.document360.io/docs/gcp-application-load-balancer.md)
- [HAProxy](https://traceabledocs.document360.io/docs/haproxy.md)
- [IBM API Connect - Non-blocking](https://traceabledocs.document360.io/docs/ibm-dp-api-connect-non-blocking.md)
- [IBM API Connect - Blocking](https://traceabledocs.document360.io/docs/ibm-apiconnect-blocking.md)
- [IBM DataPower WebGUI](https://traceabledocs.document360.io/docs/ibm-datapower-web-gui.md)
- [Multiprotocol gateway](https://traceabledocs.document360.io/docs/ibm-multiprotocol-gateway.md)
- [IBM API Connect Analytics Policy](https://traceabledocs.document360.io/docs/ibm-api-connect-analytics-policy.md): Learn how to configure the IBM API Connect Analytics Policy for seamless integration with Traceable's platform. This guide covers prerequisites, TLS setup, offloading policy deployment, and verification using CLI for enhanced API observability and analytics.
- [Kong Konnect](https://traceabledocs.document360.io/docs/kong-konnect.md): Integrate Kong Konnect with Traceable to bolster your API security and gain end-to-end visibility across environments. This step-by-step guide provides detailed instructions for configuring the Traceable plugin on Kong Gateways, supporting various deployment options including Kubernetes, Docker, and virtual machines.
- [Traceable Kong](https://traceabledocs.document360.io/docs/kong.md): Learn how to integrate Traceable AI with Kong for robust API security and observability. This guide covers deploying the Traceable Kong agent, configuring synchronous and asynchronous modes, setting up essential parameters, and optimizing performance. Discover how to monitor API traffic, detect threats, and gain deep insights into your API ecosystem using Traceable AI’s Kong integration.
- [Mulesoft XML blocking policy](https://traceabledocs.document360.io/docs/mulesoft.md): The Traceable MuleSoft integration topic focuses on securing APIs by applying Traceable's XML Blocking Policy to MuleSoft's Anypoint Platform. It covers steps like downloading the policy, uploading it to MuleSoft Exchange, and configuring it to block or monitor API traffic. The topic also includes optional TLS setup instructions and detailed steps for deployment.
- [Mulesoft XML policy](https://traceabledocs.document360.io/docs/mulesoft-xml-policy.md)
- [Configuring Mulesoft TrustStore](https://traceabledocs.document360.io/docs/configuring-mulesoft-truststore.md): Learn how to configure the TrustStore for Mulesoft agents with TLS, supporting single and chain certificates. Follow step-by-step instructions to ensure secure communication with the Traceable Platform Agent (TPA).
- [Mulesoft Flex Gateway policy](https://traceabledocs.document360.io/docs/mulesoft-flex-gateway-policy.md): From download to deploy, add Traceable observability to MuleSoft Flex Gateway, publish the policy, attach at scale or per API, secure with TLS, and calibrate capture for reliable, high-fidelity visibility in production.
- [NGINX Plus](https://traceabledocs.document360.io/docs/nginx-plus.md)
- [NGINX community version](https://traceabledocs.document360.io/docs/nginx-community-version.md)
- [Traefik](https://traceabledocs.document360.io/docs/traefik.md)
- [OpenResty](https://traceabledocs.document360.io/docs/openresty.md)
- [3scale](https://traceabledocs.document360.io/docs/3scale.md)
- [AWS traffic mirroring](https://traceabledocs.document360.io/docs/aws-traffic-mirroring.md)
- [AWS mirroring - Terraform](https://traceabledocs.document360.io/docs/aws-mirroring-terraform-template.md): AWS VPC mirroring, API security, mirroring, out of band.
- [ECS Fargate mirroring](https://traceabledocs.document360.io/docs/ecs-fargate-mirroring.md)
- [Mirroring on a Linux machine](https://traceabledocs.document360.io/docs/mirroring-on-a-linux-machine.md)
- [GCP](https://traceabledocs.document360.io/docs/gcp-traffic-mirroring.md)
- [Windows Mirroring](https://traceabledocs.document360.io/docs/windows-mirroring.md)
- [DaemonSet mirroring](https://traceabledocs.document360.io/docs/daemonset-mirroring.md)
- [Pivotal Cloud Foundry (PCF)](https://traceabledocs.document360.io/docs/pcf.md): Pivotal Cloud Foundry, pcf, tile, Tanzu Ops Manager, VMWare
- [Traceable Lambda runtime extension](https://traceabledocs.document360.io/docs/lambda-runtime-extension.md): Enable observability in AWS Lambda with the Traceable Lambda Runtime Extension. Capture event data, monitor API interactions, and enhance security with seamless integration.
- [Akamai Edgeworker](https://traceabledocs.document360.io/docs/akamai-edgeworker.md): Learn how to integrate Akamai EdgeWorker with Traceable for enhanced API security and monitoring. This step-by-step guide explains how to capture real-time traffic data at the edge, leveraging Akamai’s serverless capabilities to identify threats, enhance observability. Discover how EdgeWorker duplicates traffic for analysis while maintaining uninterrupted service to downstream applications.
- [Azure functions](https://traceabledocs.document360.io/docs/azurefunctions.md): Secure your Azure Functions with Traceable’s .NET agent. Learn how to configure, deploy, and monitor API security using Traceable’s seamless integration with Azure Functions.
- [Netlify Edge Function](https://traceabledocs.document360.io/docs/netlify.md): Step-by-step guide for integrating Traceable with Netlify Edge Functions. Configure environment variables, register the Traceable Edge Function, and enable real-time API traffic monitoring and security insight through the Traceable Platform Agent.
- [Istio](https://traceabledocs.document360.io/docs/istio.md): Get step-by-step instructions on integrating Traceable with Istio to monitor and secure API traffic within your service mesh. This guide covers deployment, configuration, and upgrade processes for Traceable components, including the Platform Agent and Istio filter. Learn how to validate successful setup, troubleshoot issues, and maximize visibility into API interactions managed by Istio for enhanced security and performance.
- [Actions](https://traceabledocs.document360.io/docs/actions.md): Learn how to customize and manage dashboards in Traceable to monitor API security and performance. Add, edit, or delete widgets and configure dashboards to meet your business requirements.
- [Widgets](https://traceabledocs.document360.io/docs/widgets.md): Explore the widgets available in Traceable Dashboards to visualize API metrics. Learn about widget types, attributes, and configurations to create tailored, actionable dashboards for API security.
- [Custom Dashboard Sharing](https://traceabledocs.document360.io/docs/custom-dashboard-sharing.md): Learn how to share custom dashboards in Traceable with specific users or your entire organization, assign view or edit permissions, and manage access while respecting global role settings.
- [Explorer](https://traceabledocs.document360.io/docs/explorer.md): The Traceable Explorer is a centralized API monitoring tool designed for real-time analysis of API behavior, security, and performance. It provides in-depth visibility into API activity through endpoint traces, spans, and events, enabling precise tracking of API requests across services. With customizable filters, visualizations, and query management options in the Recent and Saved tabs, Traceable Explorer streamlines API data analysis, supporting proactive security and operational insights.
- [Parameters and Operators](https://traceabledocs.document360.io/docs/explorer-parameters-and-operators.md)
- [Reports](https://traceabledocs.document360.io/docs/reports.md)
- [Traceable MCP Server](https://traceabledocs.document360.io/docs/traceable-mcp-server.md): Configure and use the Traceable MCP Server to securely connect AI assistants and agents with API security data through the Model Context Protocol. Learn about authentication, available tools, security controls, and configuration steps.
- [AI Security Overview](https://traceabledocs.document360.io/docs/ai-security-overview.md): Understand how to secure AI-enabled applications using Traceable. This guide explains how to discover AI APIs and MCP assets, monitor threats targeting AI endpoints, and test AI applications for vulnerabilities such as prompt injection and sensitive data exposure using AI Security Dashboard, Discovery, Protection, and API Testing.
- [AI Security Agent Support Matrix](https://traceabledocs.document360.io/docs/ai-security-agent-support-matrix.md): Understand which Traceable agents support AI Security features and what configurations are required to enable AI asset discovery, AI firewall monitoring, and AI security testing across different deployment environments.
- [AI Security Dashboard](https://traceabledocs.document360.io/docs/ai-security-dashboard.md): Explore the AI Security Dashboard in Traceable to monitor AI APIs, models, MCP tools and servers, sensitive data exposure, OWASP Top 10 for LLM risks, threat activity, and traffic trends. Use customizable widgets to track AI asset inventory, security posture, and attack insights across Discovery, Protection, and Testing modules.
- [AI Assets](https://traceabledocs.document360.io/docs/ai-assets.md): Explore the AI Assets page in Discovery to gain centralized visibility into AI APIs, MCP tools, prompts, resources, and servers across your environment. Identify sensitive data exposure, monitor usage patterns, analyze risk scores, and prioritize remediation to strengthen AI security posture and governance.
- [AI Asset Details](https://traceabledocs.document360.io/docs/asset-details.md): Explore detailed insights for AI assets, including AI APIs, MCP tools, MCP servers, and AI backends. Understand dependencies, monitor performance, and identify risks to ensure secure and reliable AI operations.
- [Third Party AI Assets](https://traceabledocs.document360.io/docs/third-party-ai-assets.md): Discover and monitor third party AI assets used across your environment, including external AI models, services, APIs, and integrations. Identify shadow AI usage, analyze risk exposure, track sensitive data interactions, and strengthen AI governance with centralized visibility into externally connected AI technologies.
- [MCP Risk Score](https://traceabledocs.document360.io/docs/mcp-risk-score.md): Learn how Traceable calculates MCP Tool risk scores using likelihood and impact factors, including tool access, issues, response data sensitivity, and labels. Configure contributors and customize the risk lookup table to align MCP risk scoring with your organization’s AI security posture.
- [(Beta) AI Firewall Dashboard](https://traceabledocs.document360.io/docs/ai-firewall-dashboard.md): Explore the AI Firewall Dashboard in Traceable to monitor AI traffic, detect threats such as prompt injection and AI input explosion, analyze attack sources, and track blocked or monitored AI threat activity. Use built in widgets, threat insights, and customizable dashboard actions to strengthen AI application security and governance.
- [(Beta) AI Firewall Policies](https://traceabledocs.document360.io/docs/ai-firewall.md): Learn how AI Application Protection Policies help detect, analyze, and block AI-specific threats such as prompt injection, sensitive data exposure, and model misuse. Configure and manage policies to safeguard AI-driven applications effectively.
- [(Beta) AI Security Testing](https://traceabledocs.document360.io/docs/ai-security-testing.md): Learn how to use AI Security Testing in Traceable to discover, test, and secure AI and LLM endpoints using OWASP Top 10 for LLM risks. Configure AI scans with XAST or DAST, run attack simulations, review prompt-response evidence, and prioritize remediation with actionable AI-generated insights.
- [Posture Insights](https://traceabledocs.document360.io/docs/posture-insights.md): Understand how to use the Posture Insights dashboard in Traceable to monitor API security metrics, identify risks, and drill into issues across environments. Learn how to track exposure, authentication, and sensitive data trends with actionable insights and OWASP mappings.
- [API Activity](https://traceabledocs.document360.io/docs/api-activity.md)
- [All Assets](https://traceabledocs.document360.io/docs/all-assets.md): Gain complete visibility into all your application assets with the All Assets page. Monitor domains, services, backends, MCP tools, and MCP servers in one place, and act quickly to improve security, uptime, and compliance.
- [API Endpoints](https://traceabledocs.document360.io/docs/api-endpoints.md): Manage and monitor API endpoints effectively with Traceable's API Endpoints tab. Discover critical insights into API activities, vulnerabilities, security risks, and performance. Learn how to filter, group, label, and manage your API data across different environments. Optimize API security by tracking risk scores, authentication methods, and sensitive data exposure with easy-to-use filtering options. Download and customize your API data views for better control and analysis.
- [Endpoint Details](https://traceabledocs.document360.io/docs/endpoint-details.md): Explore Traceable’s Endpoint Details page for comprehensive API monitoring. Analyze API behavior, performance, security metrics, and track API DNA for enhanced API security and insights.
- [Domains, Services, and Backends](https://traceabledocs.document360.io/docs/domains-services-backends.md): Learn how Traceable automatically discovers and categorizes domains, services, and backends within your application. Gain insights into API traffic, performance, and security with real-time monitoring and detailed analysis.
- [(Beta) API discovery from code](https://traceabledocs.document360.io/docs/api-discovery-from-code.md): Use Traceable code scanning to uncover Shadow and Zombie APIs in your repositories. Connect private or open-source repos, trigger scans from the UI or CLI, and explore detailed OpenAPI specifications in YAML or JSON.
- [Threat Modeling](https://traceabledocs.document360.io/docs/threat-modeling.md)
- [Downloading API Documentation](https://traceabledocs.document360.io/docs/download-api-spec.md): Learn to download API documentation (OpenAPI, JSON, WSDL) via Traceable's APIs. Generate specs for domains, services, or environments in 3 steps: trigger, check status, and download.
- [Application Flow](https://traceabledocs.document360.io/docs/application-flow.md)
- [API Ownership](https://traceabledocs.document360.io/docs/api-ownership.md): API ownership in Traceable enables teams to clearly identify the responsibility for every API endpoint. By assigning owners manually, dynamically, or via GraphQL, organizations enhance accountability, expedite incident response, and strengthen API governance across engineering, security, and operations teams.
- [Dynamic API Ownership Assignment using GraphQL](https://traceabledocs.document360.io/docs/dynamic-api-ownership-assignment-using-graphql.md): Learn how to automate API ownership assignment using GraphQL in Traceable. This guide explains how to create dynamic ownership policies based on span attributes, regex patterns, and metadata to scale API management, reduce errors, and enhance visibility in complex environments.
- [All Assets](https://traceabledocs.document360.io/docs/third-party-all-assets.md): Explore the All Assets view in Discovery to gain centralized visibility into APIs, domains, services, backends, repositories, and AI assets across your environment. Use filters, risk insights, and asset-level details to monitor inventory coverage, investigate sensitive data exposure, and improve your overall security posture.
- [API Endpoints](https://traceabledocs.document360.io/docs/third-party-api-endpoints.md): Use the API Endpoints view to monitor discovered API endpoints, review request activity, analyze endpoint behavior, and identify potential security risks across your environment. Gain detailed visibility into endpoint usage patterns, authentication status, sensitive data exposure, and associated threats to strengthen API security operations.
- [Third-Party Monitoring Support Matrix](https://traceabledocs.document360.io/docs/third-party-monitoring-support-matrix.md): Traceable provides a deployment-based support matrix to help you identify which configurations enable third-party API monitoring and blocking. Use this guide to understand supported setups and capabilities across agents, gateways, and runtimes.
- [API Documentation and Inspector](https://traceabledocs.document360.io/docs/api-documentation.md): Discover how Traceable simplifies API documentation and security with advanced features like API Discovery, API Inspector, and Conformance Analysis. Learn to upload and manage OpenAPI Specs, Postman Collections, and GraphQL Schemas for thorough security testing and compliance. Use API Discovery to automatically detect APIs from specs, and leverage the API Inspector to assess security, format, and data validation issues with a detailed path-level audit score.
- [Managing Documentation using APIs](https://traceabledocs.document360.io/docs/managing-api-documentation.md): Learn how to manage API documentation in Traceable using REST and GraphQL APIs. This guide explains how to upload, re-upload, update, and delete OpenAPI, Postman, GraphQL, and WSDL specifications in an automated way.
- [Issues Overview](https://traceabledocs.document360.io/docs/issues.md): Understand how Traceable helps identify and manage API security issues through continuous monitoring, risk assessment, and remediation. Learn about detecting vulnerabilities in live traffic, AST, and compliance policies to secure your API infrastructure.
- [Issue Management](https://traceabledocs.document360.io/docs/issue-management.md): Learn how Traceable manages the lifecycle of API security issues through its Issue Management system. Understand issue statuses, auto-resolution logic, deletion conditions, and how to remediate issues using integrations and status updates.
- [Sensitive data](https://traceabledocs.document360.io/docs/sensitive-data.md): Discover how Traceable identifies and monitors sensitive data within your API ecosystem. Learn how to classify and secure personal, financial, and business information across API endpoints to prevent unauthorized access.
- [Posture Events](https://traceabledocs.document360.io/docs/posture-events.md): Learn how the Posture Events page in Discovery helps you track API posture changes such as vulnerability discovery, sensitive data exposure, service and domain discovery, risk score updates, and third-party data flow events. Explore event evidence, filtering options, notifications, and CSV export to efficiently investigate security posture changes.
- [Conformance Analysis](https://traceabledocs.document360.io/docs/conformance-analysis.md): Learn how Traceable’s Conformance Analysis helps detect API specification deviations by comparing uploaded API documentation against real-time traffic. Understand how to identify shadow, orphan, and mismatched endpoints, configure one-time and scheduled analyses, and view conformance results effectively.
- [Issue Policies](https://traceabledocs.document360.io/docs/issue-policies.md): Learn how to create and manage compliance policies in Traceable to identify API, AI security violations, and monitor PCI DSS compliance. Use predefined or custom policies to enhance API protection and ensure compliance with security standards.
- [Security Scheme](https://traceabledocs.document360.io/docs/security-scheme.md): Enhance API access control with Traceable's Security Scheme. Learn how to define and manage role- and scope-based authorization for your APIs using dynamic auto-learn and user-defined mappings. Secure your application ecosystem against unauthorized access and BFLA attacks with flexible, traffic-aware access rules.
- [Risk score](https://traceabledocs.document360.io/docs/risk-score.md)
- [Application and API Protection](https://traceabledocs.document360.io/docs/traceable-runtime-protection.md)
- [Edge Cluster Deployment](https://traceabledocs.document360.io/docs/protection-edge-cluster-onboarding.md): Learn how to deploy and manage Traceable Edge clusters, from instrumentation models and prerequisites to configuration, TLS setup, and deployment state management.
- [Health check](https://traceabledocs.document360.io/docs/edge-cluster-health-check.md)
- [Dashboard](https://traceabledocs.document360.io/docs/protection-dashboard.md): Get a unified view of WAP, API, AI, and Custom Policy protections in Traceable’s Protection Dashboard. Monitor attacks, rule performance, and enforcement status to maintain security across your application stack.
- [Actions](https://traceabledocs.document360.io/docs/dashboard-actions.md)
- [Customizations](https://traceabledocs.document360.io/docs/customizations.md)
- [Threat Actors](https://traceabledocs.document360.io/docs/threat-actors.md): Explore how Traceable’s Threat Actors view helps identify, investigate, and respond to malicious API and application activity. Learn how to detect suspicious users, analyze threat behavior, and take action through statuses like Deny, Snooze, and Suspend for effective threat mitigation.
- [APIs Under Threat](https://traceabledocs.document360.io/docs/apis-under-threat.md): Track APIs under threat with detailed insights into API attacks, malicious traffic, threat actors, and OWASP-aligned security classifications.
- [Threat Activity](https://traceabledocs.document360.io/docs/threat-activity.md): Explore Traceable's Threat Activity feature to detect, analyze, and mitigate API threats in real-time. Monitor behaviors, review evidence, and implement security measures to protect your infrastructure.
- [Data Protection](https://traceabledocs.document360.io/docs/data-protection.md): Explore advanced Data Protection strategies with Traceable's robust tools. This guide details real-time sensitive data mapping, in-depth user and data analysis, API abuse prevention, and customizable Data Loss Prevention (DLP) policies. Learn how to implement zero-trust principles, monitor data access patterns, and secure APIs from unauthorized access.
- [Security Events](https://traceabledocs.document360.io/docs/security-events-explorer.md): Learn how the Security Events page in Traceable helps you monitor runtime API threats, analyze rule-triggered requests, investigate malicious activity, and respond effectively using detailed span, source, and sensitive data context.
- [Bot Protection](https://traceabledocs.document360.io/docs/bot-protection.md): Protect APIs and web apps from bots with Traceable Bot Defense. Detect and block threats like credential stuffing, scraping, and carding using behavioral analysis, anomaly detection, and real-time mitigation. Secure your platform with custom policies, telemetry-based defenses, and flexible deployment options.
- [Attack Use Cases](https://traceabledocs.document360.io/docs/bot-protection-use-cases.md): Modern web applications face rising bot threats that exploit critical functionalities, leading to fraud, data breaches, and service disruptions. Bots execute attacks like credential stuffing, card testing, scraping, and scalping, bypassing traditional security measures. This guide explores common bot-driven attacks, their impact on login flows, payment systems, and APIs, and how businesses can implement targeted defenses to protect users, transactions, and resources.
- [Bot Protection Dashboard](https://traceabledocs.document360.io/docs/bot-dashboard.md): Monitor and analyze bot activity across your application with Traceable's Bot Protection Dashboard. Understand threat types, attack sources, fingerprint anomalies, and CAPTCHA effectiveness to strengthen your bot defense strategy.
- [Bot Actors](https://traceabledocs.document360.io/docs/bot-actors.md): Learn how to detect, analyze, and investigate bot actors by understanding their behavior, patterns, and impact across your APIs. Identify sources of automated activity, validate attack patterns such as enumeration, credential abuse, and API misuse, and use these insights to prioritize risk and apply targeted Bot Protection policies.
- [Bot Accounts](https://traceabledocs.document360.io/docs/bot-accounts.md): Learn how to detect, analyze, and mitigate bot-driven threats by investigating risky accounts, correlating API activity, and leveraging Traceable’s bot detection insights.
- [Bot Activities](https://traceabledocs.document360.io/docs/bot-activities.md): Explore detailed records of bot-related activities detected by Traceable. Analyze bot interaction patterns, risk signals, and fingerprint anomalies to enhance visibility, investigation, and response to automated threats.
- [Bot Events](https://traceabledocs.document360.io/docs/bot-events.md): Gain deep visibility into individual bot detections with the Bot Events page in Traceable. Learn how to investigate suspicious requests, analyze bot behavior using request-response data, and fine-tune detection rules with detailed traffic attributes and policy insights.
- [Understanding Policies](https://traceabledocs.document360.io/docs/protection-policies.md): Explore Traceable's comprehensive protection policies to safeguard your applications from WAF, API, AI, and Bot, and Custom threats like SQL injection, unauthorized access, and malicious traffic.
- [Profiles and Overrides in WAF Policies](https://traceabledocs.document360.io/docs/profiles-in-wap-policies.md): Understand how Traceable’s Profiles and Overrides in Web Application Protection (WAP) Policies simplify threat management across environments. Learn about profile inheritance, environment-specific overrides, and how to maintain consistent application security with flexible policy control.
- [Rule Testing for New or Updated Rule(s)](https://traceabledocs.document360.io/docs/rule-testing.md): Discover how Traceable’s rule testing feature validates new or updated threat rules before enforcement. Learn to simulate rule behavior, configure testing options, manage overridden environments, and ensure secure deployment without impacting live traffic.
- [WAF Policies Changelog](https://traceabledocs.document360.io/docs/wap-policies-changelog.md): Track updates to threat types and threat rules in the Protection module, including newly added rules and rule updates.
- [Schema Validation](https://traceabledocs.document360.io/docs/schema-validation.md): Configure Traceable Request Schema Validation to evaluate API requests against uploaded OpenAPI specs, with optional fallback to learned schemas.
- [Bot and Abuse Protection Policies](https://traceabledocs.document360.io/docs/bot-protection-policies.md): Learn how to configure and manage Traceable’s Bot Protection rules to monitor, block, or allow known bots across your APIs. Understand pre-categorized, advanced, user-defined rules, bot categories, and enforcement behavior.
- [Malicious Sources](https://traceabledocs.document360.io/docs/malicious-sources.md)
- [Custom Signatures](https://traceabledocs.document360.io/docs/custom-signatures.md)
- [Rate Limiting](https://traceabledocs.document360.io/docs/rate-limitting.md)
- [Enumeration](https://traceabledocs.document360.io/docs/enumeration.md)
- [Exclusions](https://traceabledocs.document360.io/docs/protection-exclusions.md): Learn how to create and manage exclusion rules in Traceable to fine-tune API protection. Understand exclusion types, configure rules by environment or source, and control monitoring, blocking, or allowing for precise threat detection and reduced false positives.
- [Threat Scoring](https://traceabledocs.document360.io/docs/threat-scoring.md): Learn how to use Threat Scoring to quantify API risk by assigning scores to anomalies and security events, classify threat actors, and automate enforcement actions. Configure scoring thresholds, adjust severity based on response codes, apply score decay, enable auto-blocking, and manage exclusions to improve threat prioritization and response accuracy.
- [Getting Started with AST](https://traceabledocs.document360.io/docs/ast-getting-started.md): Discover comprehensive insights into API Security Testing (AST) with Traceable. Learn how to leverage advanced components like scans, policies, and custom plugins to enhance your application’s security. Understand data flow, traffic types, and vulnerability assessments to ensure robust protection against threats.
- [Understanding Scans and Traffic Types](https://traceabledocs.document360.io/docs/ast-scans.md): Learn how Traceable’s API Security Testing (AST) uses scans and traffic types to detect vulnerabilities in your APIs. Understand scan configuration, traffic modes like XAST, DAST, and how Traceable simulates real-world attack scenarios for comprehensive API security.
- [Software and Hardware Requirements](https://traceabledocs.document360.io/docs/software-and-hardware-requirements.md): Review the software and hardware requirements for running Traceable runners. Learn about supported operating systems, resource recommendations, and dependencies needed for reliable scan execution at scale.
- [Installing a Runner](https://traceabledocs.document360.io/docs/installing-a-runner.md): Learn how to install Traceable runners using the platform, CLI, Helm, or AWS ECS. Follow step-by-step guidance to configure runners, apply labels, and enable reliable security scan execution.
- [Installation using CloudFormation](https://traceabledocs.document360.io/docs/runners-using-cloudformation.md)
- [Installation using Terraform](https://traceabledocs.document360.io/docs/runners-using-terraform.md)
- [Understanding Runners Dashboard](https://traceabledocs.document360.io/docs/understanding-runner-dashboard.md): Understand the Traceable Runners dashboard and learn how to monitor runner availability, execution status, configuration details, and scan activity across your environments.
- [CLI Pre-checks and Installation](https://traceabledocs.document360.io/docs/cli-installation.md): Learn how to install the Traceable CLI and run pre-checks to validate system readiness. Understand CLI setup, environment validation, and available commands for reliable scan execution.
- [Traceable CLI Config](https://traceabledocs.document360.io/docs/traceable-cli.md): The Traceable CLI 2.0 page describes how to configure and use the command-line interface for managing API security scans. It explains the YAML-based configuration model, runner and client setup, and how to enable and manage API and extensive scan logging for improved observability and troubleshooting.
- [Upgrading a Runner](https://traceabledocs.document360.io/docs/upgrading-runner.md): Learn how to upgrade a Traceable Runner across Docker, Systemd, Helm, and AWS ECS deployments, including steps for pulling new images, updating configurations, and performing rolling updates.
- [Uninstalling a Runner](https://traceabledocs.document360.io/docs/uninstalling-a-runner.md): Learn how to safely uninstall Traceable runners based on the deployment method. Follow clear steps to remove runners installed via CLI, systemd, Helm, or AWS ECS without leaving residual services.
- [Creating a Scan](https://traceabledocs.document360.io/docs/creating-scan.md): Learn how to create and configure API security scans in Traceable using different traffic types, attack policies, and scheduling options. This guide helps you run effective, automated security tests across your API environments with minimal effort.
- [Configuring Scans using GraphQL API](https://traceabledocs.document360.io/docs/scans-using-graphql-api.md): Learn how to programmatically create and manage API security test suites in Traceable using GraphQL APIs. Understand asset selection, traffic configuration, scheduling, and integration setup through structured API requests.
- [Scan Creation Recommendations](https://traceabledocs.document360.io/docs/scan-creation-recommendations.md): Optimize your API security scans in Traceable with targeted recommendations for attack grouping, scan scheduling, and efficient test distribution. Learn how to structure scans for better performance and comprehensive vulnerability coverage.
- [Scan Details](https://traceabledocs.document360.io/docs/ast-scan-details.md): Explore how to interpret Traceable’s scan results, including identified vulnerabilities, API coverage, scan runs, executed tests, and reachability tests. Learn how to use these insights to fine-tune your API security posture and troubleshoot scan behavior.
- [AST Issues Overview](https://traceabledocs.document360.io/docs/ast-issues-overview.md): Understand how Traceable displays and organizes API security issues detected through scans. Learn how to use the Issues page to prioritize vulnerabilities, view severity trends, and manage risk across your API ecosystem.
- [AST Issue Management](https://traceabledocs.document360.io/docs/ast-issue-management.md): Learn how to manage API security issues detected by Traceable’s AST scans. Understand issue lifecycle, drill down into evidence, update statuses, and automate remediation with integrations like Jira.
- [Reports](https://traceabledocs.document360.io/docs/ast-reports.md): View and analyze API security scan reports in Traceable. Learn how to use the Reports page to track scan results, identify vulnerabilities, review API coverage, and support remediation efforts across teams.
- [Downloading Scan Results using the FPR API](https://traceabledocs.document360.io/docs/downloading-scan-results-using-the-fpr-api.md): Learn how to use Traceable’s FPR API to download Fortify Project Results (FPR) from application security scans. This guide explains required parameters, authentication, output formats, and sample requests for integrating scan results into security workflows.
- [Understanding API Dependencies](https://traceabledocs.document360.io/docs/api-dependencies.md): Learn how Traceable models API dependencies to ensure accurate reachability testing during DAST scans, including execution order normalization, producer–consumer relationships, and dependency-driven API workflows.
- [Postman collections with AST](https://traceabledocs.document360.io/docs/postman-collections-with-ast.md): Learn how to run API security tests on your Postman collections using Traceable's Application Security Testing (AST) capabilities. This guide helps you automate vulnerability scanning for APIs by integrating Postman with Traceable AST CLI in your CI/CD pipelines.
- [Vulnerability Types](https://traceabledocs.document360.io/docs/vulnerability-types.md): Discover how Traceable enhances API security by detecting and managing various vulnerabilities. Learn about pre-defined and custom vulnerability types, how to configure them, and use them for real-time API security testing. Customize your security checks with Traceable’s powerful vulnerability management tools.
- [Getting Started with AST Plugins](https://traceabledocs.document360.io/docs/plugins-introduction.md): Learn how to get started with custom AST plugins in Traceable to detect vulnerabilities in your API traffic. This document provides an introduction to plugin configuration, core concepts, and how Traceable uses them during security testing.
- [Plugin Functions and Operators](https://traceabledocs.document360.io/docs/functions-operators-custom-plugin.md): Understand the different mutation and assertion functions supported in custom plugins, and explore a comprehensive list of attribute operators for Python and YAML plugins. This document is essential for writing precise and effective API security tests.
- [Configuring and Writing Custom Plugins](https://traceabledocs.document360.io/docs/configuring-custom-plugins.md): This guide walks you through writing and configuring custom plugins in Traceable, using YAML or Python. It includes a real-world scenario for detecting Mass Assignment vulnerabilities and step-by-step instructions for plugin creation.
- [Mutation and Assertion Overrides](https://traceabledocs.document360.io/docs/mutation-and-assertion-overrides.md): Learn how to configure mutation and assertion overrides in Traceable AI to tailor security policies for your API. This topic explains how to adjust payload mutation and validation assertions, helping you enhance your API security while maintaining flexibility. Explore key steps for managing overrides to suit specific security needs and compliance requirements.
- [API Key](https://traceabledocs.document360.io/docs/api-key.md)
- [Basic Auth](https://traceabledocs.document360.io/docs/basic-auth.md)
- [Bearer](https://traceabledocs.document360.io/docs/bearer.md)
- [Content Signature](https://traceabledocs.document360.io/docs/content-signature.md)
- [HMAC](https://traceabledocs.document360.io/docs/hmac.md)
- [JWT](https://traceabledocs.document360.io/docs/jwt.md)
- [Mutual TLS](https://traceabledocs.document360.io/docs/mutual-tls.md)
- [OAuth](https://traceabledocs.document360.io/docs/oauth-1.md)
- [PoP Token Signature](https://traceabledocs.document360.io/docs/pop-token-signature.md)
- [Custom Auth](https://traceabledocs.document360.io/docs/custom-auth.md): Learn how to configure Custom Authentication in Application Security Testing using AI generated prompts or Python based authentication hooks. Create custom authentication flows, generate and inject tokens, manage sessions, handle BOLA user scenarios, and configure request attributes for advanced authentication testing workflows.
- [Environment Config](https://traceabledocs.document360.io/docs/environment-config.md): Manage environment-specific security settings with Traceable’s Environment Config. Learn how to enable or disable API Security Testing (AST) and XAST Replay, view stored APIs, and apply traffic filters for targeted scans. This gives you complete control over what, when, and how testing is performed in each environment.
- [Pre-Hooks](https://traceabledocs.document360.io/docs/prehooks.md): Learn how to configure and use hooks in Traceable's API Security Testing to automate authentication, test setup, and scan initialization.
- [Transform rules](https://traceabledocs.document360.io/docs/transform-rules.md)
- [FAQs](https://traceabledocs.document360.io/docs/ast-faqs.md): Explore answers to the most frequently asked questions about Traceable's API Security Testing (AST), including scanning behavior, API detection, stored versus scanned API counts, and test execution logic.
- [Troubleshooting Guide](https://traceabledocs.document360.io/docs/ast-troubleshooting.md): A complete troubleshooting guide for resolving common issues in Traceable’s API Security Testing (AST), including incomplete scans, test generation failures, API reachability problems, and runner-related errors.
- [Azure DevOps](https://traceabledocs.document360.io/docs/azure-devops.md): Learn how to integrate Traceable’s AST (API Security Testing) extension with Azure DevOps to scan CI/CD pipelines for vulnerabilities. This guide covers setup, YAML configuration, UI task creation, and security best practices for seamless and automated API security testing in your DevOps workflow.
- [GitHub actions](https://traceabledocs.document360.io/docs/github-actions.md): Integrate Traceable’s API security testing with GitHub Actions to automate vulnerability scans in CI/CD workflows. Detect threats early in the SDLC, configure workflows, and generate actionable security reports.
- [GitLab integration](https://traceabledocs.document360.io/docs/gitlab-integration.md)
- [Harness STO Integration](https://traceabledocs.document360.io/docs/harness-sto.md): Learn how to integrate Traceable with Harness Security Testing Orchestration (STO) to bring API security findings into your CI/CD pipelines. Automatically run, import, and manage Traceable scans inside Harness STO for unified security visibility, vulnerability management, and policy enforcement.
- [Jenkins Integration](https://traceabledocs.document360.io/docs/jenkins-integration.md): Integrate Traceable’s xAST with Jenkins to automate API security testing in CI/CD pipelines. Configure builds, run scans, and generate actionable reports to secure your APIs during development.
- [Snyk integration](https://traceabledocs.document360.io/docs/snyk-integration.md): Learn how to integrate Snyk with Traceable for enhanced API security testing. This guide covers integration steps, managing Snyk API tokens, enabling scan policies, and interpreting vulnerability results with detailed code analysis.
- [(Beta) GitHub Integration](https://traceabledocs.document360.io/docs/github.md): Learn how to integrate Traceable’s GitHub App to run code scans, manage repository access, and surface security insights directly in your CI/CD pipeline.
- [Wiz integration](https://traceabledocs.document360.io/docs/wiz-integration.md): Integrate Wiz and Traceable for robust cloud security. Wiz scans AWS, Azure, GCP, and Kubernetes, providing full visibility across VMs, containers, and serverless functions. Traceable secures APIs, identifying and mapping threats to the Traceable Threat Activity screens, allowing for comprehensive risk assessment. Configure with Wiz client ID and secret in Traceable, ensure permissions, and set notifications to push or pull issues.
- [Jira integration](https://traceabledocs.document360.io/docs/jira.md)
- [ServiceNow ITSM integration](https://traceabledocs.document360.io/docs/itsm-integration.md): Integrate Traceable with ITSM platforms like ServiceNow to automatically log and track API security vulnerabilities within your existing workflows, improving incident response efficiency.
- [ServiceNow CMDB Integration](https://traceabledocs.document360.io/docs/servicenow-cmdb-integration.md): Learn how to integrate Traceable with ServiceNow CMDB using the certified Service Graph Connector. Configure connections, mappings, and schedules to automatically import API metadata into CMDB tables, enabling asset tracking and relationship visualization.
- [Azure DevOps Integration](https://traceabledocs.document360.io/docs/azure-devops-integration.md): Integrate Traceable with Azure DevOps to automate API vulnerability tracking and enhance security management. Log issues, link events to IT workflows, and streamline threat resolution with seamless integration.
- [AWS Integration](https://traceabledocs.document360.io/docs/aws-integration.md): Learn how to integrate AWS WAF with Traceable to protect web applications and APIs from common security threats. This topic explains the required permissions, authentication methods, and setup process, along with how to configure and manage custom rules for enhanced visibility, threat detection, and automated protection across your API ecosystem.
- [Akamai integration](https://traceabledocs.document360.io/docs/akamai-integration.md): Learn how to seamlessly integrate Akamai with Traceable AI to enhance application security, monitor traffic, and protect APIs. Step-by-step guide for configuring Akamai WAF integration for advanced threat detection and mitigation
- [Azure integration](https://traceabledocs.document360.io/docs/azure-integration.md): Integrate Azure Web Application Firewall (WAF) with Traceable to automatically block malicious IPs and threat actors, enforce security policies, and protect web applications using real-time traffic intelligence.
- [Cloudflare Integration](https://traceabledocs.document360.io/docs/cloudflare-integration.md): Learn how to integrate Traceable with Cloudflare WAF to enhance API and application security. This guide covers agent deployment, ruleset setup, threat actor mitigation, and custom signature rule support for efficient IP blocking and traffic control.
- [F5 integration](https://traceabledocs.document360.io/docs/f5-integration.md): Learn how to integrate F5 with Traceable to enhance API and web application security through automated threat detection, policy enforcement, and real-time WAF protection.
- [Fortinet integration](https://traceabledocs.document360.io/docs/fortinet-integration.md): Integrating Fortinet Web Application Firewall (WAF) with Traceable boosts API security by combining Fortinet’s protection against threats like SQL injection and XSS with Traceable’s API observability and AI-driven insights. This integration enables real-time detection and enhanced rule management, offering robust protection for web applications and APIs.
- [Google Cloud Armor Integration](https://traceabledocs.document360.io/docs/google-cloud-armor.md): Learn how to integrate Traceable with Google Cloud Armor to protect applications and APIs against DDoS, SQL injection, XSS, and other attacks. This guide covers prerequisites, integration setup, malicious source and threat actor rules, and custom signature policies for enhanced security.
- [Imperva integration](https://traceabledocs.document360.io/docs/imperva-integration.md): Integrate Imperva WAF with Traceable to centrally manage API and web application security, automatically block malicious IPs and threat actors, and enforce custom signature rules using real-time traffic intelligence.
- [Support Matrix for Custom Signature Rules](https://traceabledocs.document360.io/docs/support-matrix-custom-signature-rules.md): Traceable’s Custom Signature Rules and Support Matrix help you configure precise API protections across all supported WAF integrations. It helps you quickly identify supported attributes and operations to ensure consistent, effective threat detection.
- [Integration Events](https://traceabledocs.document360.io/docs/integration-events.md)
- [Notification](https://traceabledocs.document360.io/docs/int-notification.md): Learn how to configure notifications in Traceable to receive timely alerts for API security events. Set up custom rules, channels, and event-specific notifications for enhanced monitoring and threat management.
- [Notification Types and Field Definitions](https://traceabledocs.document360.io/docs/notification-event-types-and-field-definitions.md): Understand Traceable notification event types, key fields, and JSON schemas to confidently integrate API security alerts with your SIEM and automation systems.
- [S3 Integration](https://traceabledocs.document360.io/docs/s3.md): Traceable integrates with Amazon S3 to export security and API events using AWS IAM roles and OIDC-based role assumption with short-lived, least-privilege credentials. This secure S3 integration supports scalable event delivery, SIEM ingestion, compliance auditing, and long-term log retention across AWS regions.
- [HTTP Event Collector (HEC) Integration](https://traceabledocs.document360.io/docs/hec-integration.md): Learn how to integrate the HTTP Event Collector (HEC) with Traceable to securely stream real-time API security data to Splunk and CrowdStrike. This guide covers prerequisites, setup steps, API credential generation, and notification configuration for seamless SIEM/SOAR integration and centralized visibility into API threats.
- [Splunk integration](https://traceabledocs.document360.io/docs/splunk-integration.md)
- [Syslog](https://traceabledocs.document360.io/docs/syslog.md)
- [(Beta) Jira Templates](https://traceabledocs.document360.io/docs/jira-templates.md): Learn how to create and configure Jira templates to standardize Jira ticket creation, automatically populate Jira fields, and map Traceable data when generating Jira tickets from Traceable.
- [Public APIs](https://traceabledocs.document360.io/docs/public-apis.md): Public APIs, GraphQL, Altair GraphQL client
- [Team and roles - RBAC](https://traceabledocs.document360.io/docs/rbac.md): Learn how to implement role-based access control in Traceable. Define predefined and custom roles, manage permissions, and scope access to ensure secure API management and effective team collaboration.
- [Notification](https://traceabledocs.document360.io/docs/notification.md): Learn how to configure notifications in Traceable to receive timely alerts for API security events. Set up custom rules, channels, and event-specific notifications for enhanced monitoring and threat management.
- [Session Configuration](https://traceabledocs.document360.io/docs/session-configuration.md): Enhance your Traceable account security by configuring session settings effectively. This guide walks you through defining maximum session duration and idle session duration, ensuring users are automatically logged out after set periods. Learn how to manage user sessions, maintain team flexibility, and follow clear, step-by-step instructions for Traceable session configuration.
- [AI Features](https://traceabledocs.document360.io/docs/ai-features.md): Learn how Traceable’s AI Features integrate Generative AI to deliver contextual security insights across your APIs. This guide walks you through the capabilities, benefits, and enablement steps for using AI-powered issue analysis with complete privacy assurance.
- [Ask AI](https://traceabledocs.document360.io/docs/ai-powered-chatbot.md): Discover how Traceable’s AI-powered chatbot simplifies data exploration with natural language queries across APIs, services, domains, backends, sensitive data, threats, APIs under threat, and security events, enabling quick insights and risk monitoring.
- [AI Features FAQs](https://traceabledocs.document360.io/docs/ai-features-faqs.md): Get answers to the most frequently asked questions about Traceable’s AI Features. This document covers topics like data privacy, provider integrations, rate limits, and disabling options to help users confidently adopt AI-driven insights.
- [SAML Configuration](https://traceabledocs.document360.io/docs/saml-configuration.md)
- [Set Up SAML Group Mapping with Okta](https://traceabledocs.document360.io/docs/set-up-saml-group-mapping-with-okta.md)
- [Set up SAML Group Mapping with Azure AD](https://traceabledocs.document360.io/docs/set-up-saml-group-mapping-with-azure-ad.md)
- [Set Up SAML Group Mapping with OneLogin](https://traceabledocs.document360.io/docs/set-up-saml-group-mapping-with-onelogin.md)
- [Upload and Manage TLS Certificates](https://traceabledocs.document360.io/docs/tls-certificate.md): Learn how to configure and manage TLS certificates in Traceable Edge Deployments using Auto and Hosted certificate models. Understand domain validation, certificate renewal, AWS Certificate Manager (ACM) integration, HTTPS security, and certificate lifecycle management for secure edge communication.
- [API Discovery](https://traceabledocs.document360.io/docs/api-discovery.md): API discovery rules consists of API exclusion and API naming rules.These rules help you in better managing the number of APIs being monitored or naming the APIs.
- [Data Classification](https://traceabledocs.document360.io/docs/data-classification.md): Learn how Traceable’s Data Classification feature helps identify, categorize, and protect sensitive data in APIs. Understand datatypes, datasets, overrides, and the execution order of rules to ensure compliance, security, and effective data handling.
- [User Attribution](https://traceabledocs.document360.io/docs/user-attribution.md): Learn how Traceable's User Attribution feature tracks user actions across sessions using authentication schemes. Configure rules, extract attributes, and identify users to enhance threat detection and fraud prevention.
- [Basic Authentication User Attribution](https://traceabledocs.document360.io/docs/basic-authentication-user-attribution.md): Configure Basic Authentication user attribution to extract user IDs from headers and improve API visibility and monitoring.
- [Token-based Authentication User Attribution](https://traceabledocs.document360.io/docs/token-authentication-user-attribution.md)
- [Custom Authentication User Attribution](https://traceabledocs.document360.io/docs/custom-authentication-user-attribution.md): Use custom user attribution to identify API users from non-standard authentication, extract user ID and attributes, and improve API security and visibility.
- [Session Identification](https://traceabledocs.document360.io/docs/session-identification.md): Learn how Traceable’s Session Identification feature extracts and correlates session IDs from API traffic to track user activity, enforce security policies, and detect threats. This guide walks you through configuration steps, rule mapping, session ID extraction, and viewing identifiers in analytics for advanced observability and protection.
- [Label Management](https://traceabledocs.document360.io/docs/label-management.md): Efficiently manage and categorize your APIs with Traceable's Label Management feature. Learn to create custom labels and automate their application using rules based on API attributes. Organize your API ecosystem by labeling endpoints, services, and backends to monitor compliance, security, and performance. Streamline API tracking with automated rule-based labels for easier management of large-scale systems.
- [Custom Entities for Bot Protection](https://traceabledocs.document360.io/docs/entity.md): Learn how to configure custom entities in Traceable to extract and standardize application-specific data from API traffic. Use custom entities to improve visibility, policy accuracy, and bot detection across APIs and services.
- [IP Resolution Configuration](https://traceabledocs.document360.io/docs/ip-configuration.md): Learn how to configure IP Resolution in Traceable to accurately identify the client IP behind proxies, improve threat attribution, and ensure reliable detection and enforcement.
- [Action log](https://traceabledocs.document360.io/docs/action-log.md): Learn how Traceable's Action Log tracks user and system activities across API security settings. Monitor changes in tokens, configurations, and API scans to ensure compliance and security.
- [Allow list](https://traceabledocs.document360.io/docs/allow-list.md)