Explore security reports

Use this walkthrough to understand how you can better understand current and potential security vulnerabilities. This topic describes the reports you'll see in the user interface, offering ways to think about security for your API proxies.

Get a snapshot of runtime activity and configuration

You can use the Overview page to get a security snapshot of configuration and runtime traffic. With a picture of the largest amounts of activity -- particularly activity that represents a possible security vulnerabilities -- you can explore more detailed data about configuration and traffic.

  1. In the side navigation menu, click Analyze > API Security > Overview.

  2. In the upper-left corner, click the environment for which you want to view data.

  3. In the upper-right corner, click the time period dropdown, then select the preceding period for which you want to view data.

  4. Below the Total traffic chart, you'll find charts that show the most prominent details behind the totals.

    For more about policy groups, see Policy reference overview.

Ask questions about what you're seeing

The high-level snapshot provided by the Overview page is designed to help you more easily see prominent characteristics related to your system's security. Based on what you see, you might ask yourself the following questions:

  • Does the percentage of non-HTTPS requests exceed your expectations? Should you take a closer look at which API proxies are getting those requests?
  • Does the percentage of API proxies using security policies seem low? Should you audit proxies for their use of security policies?

Get runtime traffic details

Moving on to get a detailed report about runtime traffic, you can begin to identify current security vulnerabilities. You can identify how much traffic to your proxies, and from your proxies to their targets, is potentially not as secure as it should be.

  1. To look at detailed information about runtime traffic, in the side navigation menu, click API Security > Runtime.

  2. To set the scope for the data you want to see, at the top of the page select the environment, region, and time period for which you want to see data.

  3. Make sure the dropdown beside the environment dropdown says "Proxy" (not "Target" -- you'll look at that in a moment), and leave its value as "Any".

  4. Note that the table lists API proxies within the scope you set, along with their total traffic for the period. In particular, notice the column listing non-HTTPS traffic. This represents requests sent to the listed proxy that are coming in over non-HTTPS, rather than HTTPS. This is a security vulnerability.

    You can sort the data by each of the columns.

  5. Click a row in the table to view more information about the proxy. As with the Total traffic chart, you can hover over bars in the Northbound Traffic chart to view the underlying data.

  6. At the top of the page, click the Proxy dropdown, then click Target.

  7. Notice that the table lists similar information for proxy targets that the previous table listed for proxies.

  8. Click a row in the table to view details about the target.

Ask questions about what you're seeing

The Runtime page illustrates how your proxies are behaving in the current traffic context -- requests from clients, requests to targets. Use what's shown to ask yourself questions about whether your proxies are behaving as they should.

  • Look at the details for each proxy receiving non-HTTPS traffic. Does the portion of that traffic seem appropriate for that proxy? Should the proxy be reconfigured to receive requests over HTTPS?
  • Look at the data from a variety of scopes, such as more or less history. Is there a trend you could be responding to?
  • Are there any significant increases in traffic from a proxy to a target? Should that traffic be mediated by traffic management policies?

Get configuration details

With details about configuration from a security perspective, you can start to identify places where you can improve security by changing how your proxies are configured. The configuration report gives you a detailed view of how your proxies and targets use the tools available in Apigee Edge.

  1. To look at detailed information about configuration, in the side navigation menu, click the API Security > Configuration menu item.

  2. To set the scope for the data you want to see, at the top of the page select the environment for which you want to see data.

  3. Make sure the dropdown beside the environment dropdown says "Proxy" (not "Target" just yet), and leave its value as "Any".

  4. Click the dropdown just above the table to sort the list by values in one of the columns.

  5. Note that the table lists API proxies within the scope you set. For each proxy, the table indicates whether the proxy uses policies from the security-related policy groups. The policy groups are traffic management, security, and extension. For more about the groups, see Policy reference overview. The table also indicates whether a proxy makes calls to shared flows and whether its virtuals hosts are set up to receive requests at port 80, port 443, or both.

  6. Click a row in the table to view more information about the proxy's configuration.

  7. If the proxy you've selected includes shared flows, on the right click Shared Flows to view the list of security-related policies that are configured in shared flows called by this proxy.

    Note that the presence of policies in shared flows isn't reflected under the Security Policies columns in the table. But you can view the policy list by clicking the Shared Flows tab at the right.

  8. At the top of the page, click the Proxy dropdown, then click Target.

  9. Notice that the table indicates whether targets are being reached by .

Ask questions about what you're seeing

Where the Runtime page illustrates how your proxies are behaving in runtime conditions, the Configuration reports illustrate how you've configured them to handle those conditions. In looking over the reports, take a closer look at configuration proxy by proxy.

  • Do your proxies have the appropriate security policies included? Not all proxies should be configured identically when it comes to security. For example, a proxy receiving a heavy request load, or whose request quantity fluctuates dramatically, should probably have traffic control policies such as SpikeArrest configured.
  • If shared flow use is low, why is that? Shared flows can be a useful way to create reusable security-related functionality. For more about shared flows, see Reusable shared flows.
  • Are you using shared flows attached to flow hooks? By attaching a shared flow that contains security-related policies to a flow hook, you can have that security functionality enforced across proxies in an environment. For more about flow hooks, see Attaching a shared flow using a flow hook.
  • Should the proxy be allowed to have a virtual host open at port 80?