How to Monitor API’s Using API Security

silver imac turned on displaying different photos
Reading Time: 4 minutes

Hello Readers! I hopw you all are good. I am here with the new post in which we’ll see how to Monitor API’s Using API Security. Let’s look into overview of Security Reports first then to monitor the security of api’s using Security Reports.

Let’s get started!!!

Overview

Apigee Advanced API Security protects the APIs from attacks by malicious agents, such as bots. Apigee provides two main tools for identifying threats and vulnerabilities. They are as follows:

  • Bot detection
  • Identifying API misconfigurations

To know about the bot detection and identification API misconfigurations tools follow below link : 

https://cloud.google.com/apigee/docs/api-security#identifying-api-misconfigurations

Now To access the Security Job reports and Scores the Advanced API Security must be enabled. Let’s see how we can enable the Advanced API Security .

Refer Link for Enabling Advanced API Security .

Accessing API Security Reports Job

To open the Security Report Jobs view:

  1. Open Apigee UI in a browser.
  2. Select Analyze > API Security > Report Jobs.

This displays the main Security Report Jobs view:

Creating Security Reports

To create a new security report start by clicking +Create Report Job in the Security Report Jobs view as : 

After clicking on  +Create Report Job a page will appear which looks like:

Here you can specify options as:

  • Report Name: A name for the report.
  • Report Date Range: Start time and end time for the report.
  • Metrics: Metric for the report. 

You can use Metric to generate Security Reports as:

  • Bot
  • Bot_traffic
  • Message_count
  • response_size

And the dimensions as : 

Example Security Report Jobs 

  • bot IP addresses report

This example generates a security report that shows the IP addresses of detected bots. To create this report use configuration as : 

Metric –  bot

Aggregation function: count_distinct

Dimension: ax_resolved_client_ip

The report will show the bot detected data as : 

Security Report bot IP address report

Note:   the table shows the listed IP addresses that have been identified by Advanced API Security are identified as bots.

bot traffic by bot reason report

This report lets you know the number of requests from IP addresses that have been identified as the sources of bots by bot_reason.

To create this report use configuration as : 

Metric –  bot_traffic

Aggregation function: sum

Dimension: bot_reason

The report will show the bot detected data as : 

Note: As you can see in the above image , the bot reason that contributed to the largest amount of bot traffic is the following set of rules:

  • Flooder
  • Brute Guessor
  • Robot Abuser
  • Bot traffic report 

This report will display the total traffic from IP addresses that have been identified as sources of bots. Use configuration to generate this report as : 

Metric: bot traffic

Aggregation function: sum

Dimension: environment

Security Report of bot traffic report

Note: Using Dimension as environment because we are not grouping data by any dimension so we are setting environment in place of dimension.

One can also generate security  reports using different metrics and dimensions.

Follow Link to see the example list : 

https://jira.amway.com:8444/display/TGI/List+Of+Various+Examples+Of+Security+Reports

Now , if you want to generate Security Reports via API  refer Security Reports API 

https://cloud.google.com/apigee/docs/api-security/security-reports-api

Security Scores 

Security Scores are helpful in identifying API misconfigurations. 

The image below shows the Security Scores view with an environment that has a security profile attached:

The row for the environment env displays the latest security score, risk level, the number of recommendations for security actions to take, thee profile and the score’s Assessment Date.

The overall score is calculated from the individual scores in the three assessment types:

  • Source assessment
  • Proxy assessment
  • Target assessment

Note: that all scores are in the range 200 – 1200. The higher the score, the better the security assessment.

You can access the security score by clicking on the environmemnt eval .Then the  security score view looks like :

Now to more if you click on the VIEW ASSESSMENT DETAILS , it will show you the assessment for that type .

So in this way you can calculate the security scores of the proxies and provide the solutions to improve these scores.

Conclusion

So, In this blog we have seen How we can Monitor API’s Using API Security. You can ping me for any queries and let me know in context with the improvements.

Thank You!!!

Happy Learning!!!

Reference

https://cloud.google.com/apigee/docs/api-platform/analytics/analytics-reference

Written by 

Deeksha Tripathi is a Software Consultant at Knoldus Inc Software. She has a keen interest toward learning new technologies. Her practice area is DevOps. When not working, she will be busy in listening music , and spending time with her family .

Leave a Reply