Getting notifications from Sense

You can configure Apigee Sense to notify you with a list of detected API requests that might be unwanted. Once you've set up notifications, Apigee Sense sends a report every 5 minutes to a webhook URI you specify.

Using the webhook URI, Apigee Sense will send a string in JSON form (you will need code that parses the string to JSON). The following brief example of a report has been formatted from string to JSON for readability:

{
    "text": {
        "metadata": {
            "org": "my-org",
            "env": "prod",
            "reportTimestamp": "2018-10-09T17:25:12Z",
            "messageId": "1539105912220"
        },
        "totalNumberOfBots": 1,
        "bots": [
            {
                "ipAddress": "11.111.111.11",
                "botDetectedLast": "2018-10-0917:04:48Z",
                "ipIsp": "Their ISP",
                "ipCountry": "United States",
                "botReason": [
                    "Flooder",
                    "Content Robber"
                ],
                "callCount": "274529",
                "topUrl": "/v1/my/url",
                "ipCity": "Los Angeles"
            }
        ]
    }
}

The report captures the following information about possible unwanted attacks to your APIs:

  • The Apigee organization and environment where there reported requests were collected.
  • The report's timestamp.
  • ID of the report message.
  • The number of IP addresses making requests that might be unwanted.
  • An array of the client data for the IP addresses making potentially unwanted requests (such as bots). For each client, the report includes:

    Client Characteristic Description
    ipAddress IP address of the client.
    botDetectedLast Timestamp of the most recent request from the client.
    ipIsp ISP of the client making requests.
    ipCountry Country where requests from the client originated.
    botReason The Apigee Sense detection rules to which requests from this IP address conformed.
    callCount Number of requests from this IP address.
    topUrl The most common URL requested by the client IP. This is the API requested by the client.
    ipCity City from which the request was received.

To set up notifications

  1. Open the New Edge experience.
  2. In the New Edge experience, click the Analyze menu, then click Sense.
  3. Click the Settings menu.
  4. On the Settings page, enter values to configure notifications:

    Setting Description
    Notification Click to enable or disable this notification.
    URI The URI that you would like Apigee Sense to use when sending notifications. This is typically a monitoring system that accepts incoming webhooks. Reports from Apigee Sense will be sent to this URI.
    API Key Name Optional. Key name Apigee Sense should use when authenticating with your system. Use an API key to improve security.
    API Key Value Optional. Key value Apigee Sense should use when authenticating with your system. Use an API key to improve security.
    Max number of IPs Maximum number (from 1 to 300) of client IP addresses to include in the report. Apigee Sense will include IP addresses in order of number of suspect requests, from the most number of requests to the least, up to the number of IPs you specify here.