Protecting Application from API Attacks
The AppSentinels Platform provides real-time protection for your applications by detecting and mitigating a wide range of API threats.
🔹 Types of Threats Detected
- Known Attacks (e.g., SQL Injection, XSS, SSRF)
- Business Logic Attacks (e.g., BOLA, BUA, BFLA)
- Behavior Anomalies (e.g., Unusual API Usage Patterns)
- Schema Deviations (e.g., Unexpected Fields, Type Mismatches)
- Data Exfiltration Detection and Automated Threats
The platform uses behavior-based analysis, schema enforcement, and machine learning to detect both known and unknown threats.
🔐 Enabling Threat Detection
-
Organization-Level Protection:
- Navigate to Organization → Defend screen.
- Enable User Reputation and CRS attacks for behavior and vulnerability detection.
-
Application-Level Protection:
- Navigate to Application → Defend screen.
-
Enable:
- Smart Alerts / Business Logic Attacks
- Automated Threat Detection
- Usage Anomaly Detection
- Schema Enforcement
✅ Regularly reviewing and fine-tuning these protections improves your
API resilience and helps defend against evolving threats.
📊 Analyzing Detected Attacks
All detected attacks are viewable in the Security Events screen. Similar attacks are automatically grouped to reduce alert fatigue.
🔹 Action on Detected Attacks
- Log the event for visibility
- Analyze without blocking
- Block immediately based on threat severity
✅ Aggregation and smart handling ensure efficient protection without
overwhelming the security team.
🕵️ Threat Actor Monitoring
The platform continuously fingerprints and monitors malicious users, presenting a full threat progression view.
🔹 Key Features
- Fingerprinting: Tracks IPs, user agents, sessions, and custom identifiers
- Activity Correlation: Groups behavior into complete attack lifecycle
- Success vs. Failure: Tracks exploit outcomes for faster triage
- MITRE-style Mapping: Recon, Initial Access, Execution, Exfiltration/Escalation
🔹 Managing Threat Actors
- Go to Threat Actors dashboard view
- Review details: geolocation, tactics, risk level
- View APIs targeted, techniques used, impact, and recommended response
🔹 Blocking Threat Actors
- Navigate to Settings → Threat Progression → Action Mapping
- Define blocking rules by tactic classification
- Platform auto-blocks matching actors for a defined window
✅ Threat Actor Monitoring shifts security from reactive to strategic
and enables faster, smarter defense.