Introduction to security reporting

As more and more business-critical applications are exposed via APIs, operations teams need visibility into security attributes of APIs to:

  • Ensure adherence to security policies and configuration requirements.
  • Protect sensitive data from internal and external abuse.
  • Proactively identify, diagnose, and resolve security incidents.

About security reporting

Security reporting provides in-depth insights for operations teams to ensure adherence to policies and configuration requirements, protect APIs from internal and external abuse, and quickly identify and resolve security incidents.

With security reporting, you can quickly understand how your API proxies are configured for security, as well as the runtime conditions that might impact proxy security. Using this information, you can adjust the configuration to ensure you have the appropriate level of security for each proxy.

Security reporting also helps you protect sensitive data by providing insights into user access and behavior, letting you monitor who in your organization is accessing and exporting sensitive information, and identifying suspicious behavior.

Versions of security reporting

All Edge for Cloud Enterprise customers have access to the basic set of security reporting features available in the Edge UI. The data for these reports is also available to Enterprise customers by using the security reporting APIs.

Edge for Cloud customers without an Enterprise account cannot access security reporting. For more information on Edge pricing plans, see Apigee pricing.

About Advanced API Ops

Apigee provides an advanced set of operations and security features called Advanced API Ops available for purchase by Edge for Cloud Enterprise customers. Advanced API Ops adds enhanced security reporting to the Edge UI and APIs for accessing the data used by these reports. See the table below for a list of security reporting features added by Advanced API Ops.

Advanced API Ops includes anomaly detection which lets Edge detect traffic and performance issues instead of you having to predetermine them. Anomaly detection works by applying artificial intelligence (AI) and Machine Learning (ML) models to your historical API data. Anomaly detection can then raise alerts in real time for scenarios that you haven’t even thought of to improve your productivity and reduce the mean time to resolution (MTTR) of your API issues.

Advanced API Ops also adds new alert types that build on the API Monitoring alert mechanism. Advanced API Ops adds the following alert types:

  • Total traffic — Raise an alert when API traffic changes by a specified percentage over a time range.
  • Anomaly — Edge detects traffic and performance issues instead of you having to predetermine them yourself.
  • TLS Expiry — Raise an alert when a TLS cert is close to expiring.

About security reports

Security reports are graphical representations in the Edge UI of runtime and configuration data about your API proxies, apps, targets, and shared flows. For an introductory walkthrough, see Explore security reports.

The following table describes the security reporting features available to all Cloud Enterprise customers and the added features available in Advanced API Ops:

Report Security reporting Advanced API Ops - security reporting
Overview

A snapshot of the most prominent aspects of proxy security, including:

  • Total traffic from clients to proxies, by environment.
  • Traffic over time by region.
  • Potentially sensitive operations performed by users (Organization Administrators only).

Advanced API Ops adds snapshots for:

  • Error distribution by fault code.
Runtime

A drilldown on runtime traffic conditions, including:

  • Traffic for each proxy and target.
  • Proxy and target traffic over non-HTTPS, rather than HTTPS.
  • Active proxies for each target.
  • Traffic per proxy for each target.

Advanced API Ops adds drilldowns for:

  • Traffic for each app.
  • Traffic per proxy for each app.
  • Error count by fault code.
  • Error count by fault code over time.
  • Error count per proxy by fault code.
Configuration

A drilldown on how your proxies and shared flows are configured for security configuration, including:

  • Security-related policies, such as OAuthv2, SpikeArrest, and FlowCallout, configured in your proxies.
  • Virtual host configuration (non-HTTPS/HTTPS) per proxy.
  • Shared flow count and list per proxy.
  • Virtual host configuration per proxy.

Advanced API Ops adds drilldowns for:

  • List of shared flows.
  • Policies per shared flow, including security-related policies.
  • Proxies per shared flows.
User Activity N/A

A table of the potentially sensitive operations performed by organization users.

Only Organization Administrators can access this UI page. No other roles, including Read-Only Organization Administrator, can access this page.

For each user view:

  • Number of logins.
  • Number and percentage of potentially sensitive operations performed in the Edge UI and Edge API.
  • Change in user activity over a time period.
  • Drilldown for information about individual user activity.

About security reports APIs

Use the Edge UI to view the security reporting dashboards as described in Explore security reports. However, you can also use the security reports APIs to access the same information used to populate the UI.

For a complete list of the security reports APIs, see: API Security Reporting.