API specification inventory - Administrator Guide

API specification inventory - Administrator Guide - Cortex CLOUD

Cortex Cloud Posture Management Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Posture Management

Creation date

2025-01-22

Last date published

2026-06-10

Category

Administrator Guide

Cortex Cloud offers the option to import API specifications that comply with the OpenAPI format, including format, file structure, and data types.

In addition to observing API traffic, Cortex Cloud scans AWS and Azure API gateways, and extracts the API specification files. Once the specification files are in the inventory, Cortex Cloud scans them for misconfigurations and vulnerabilities, providing insights into your API landscape.

Use Cortex Cloud to validate live traffic against specifications and alert on surface deviations, undocumented endpoints, or security gaps.

The following table describes the fields that are available for each API specification.

Field	Description
Sources	Source of the API specification: User API Gateway Configuration
Asset Name	Asset name is obtained from the `title` field in the specification.
Servers List	This field is automatically filled if the specification contains the server URL or host. You must manually add the URL or host address if there is no URL or host in the specification. Note Even if you have already imported the specification, you can edit the API specification in Cortex Cloud and add or update the server list.
API Versions	API version obtained from the API specification.
Associated Endpoints	Shows the number of endpoints that match the specification. You can right-click and select View Associated Endpoints to see the matched paths in the API Endpoints table.
Format & Version	OpenAPI or Swagger and the relative version.
Spec File Name	Specification file name that was imported to Cortex Cloud.
Findings	The total number of findings is broken down by severity, and findings with a severity of high trigger an issue.
Status	Indicates if the specification is: Unknown Active Recently Active Inactive Deleted

Click the API asset to open the side card. Each tab includes detailed information from the parsed data of the API.

You can add Comments () to the specification, providing additional context about the API endpoints or other relevant information.

Overview

Shows the highlights and properties of the API endpoint asset.

Field	Description
Asset ID	API asset ID.
Provider	Gateway provider: GCP AWS Azure On Prem
Asset Category	API Endpoint or API Specification
Account ID	Account ID of the API specification.
Asset Groups	Indicates the asset group that the API is associated with. For more information, go to Asset groups.
Cases/Issues/Findings	The page shows issues and cases. The link from the number opens the page where you can review the details. Refer to Cases and issues for detailed information.Cases and issues You can view all API security issues and cases detected by Cortex Cloud.
Evidence	Shows findings that provide visibility into the risks and vulnerabilities of your API landscape. By continuously analyzing findings, you can maintain an up-to-date view of the API asset’s security posture and support more informed decision-making for detection, prioritization, and remediation efforts.

An issue is generated when the following Detection Method is triggered.

Deployment option	Detection Method and Type	Description
Agentless for Posture	Detection Method: API Posture Scanner	If Cortex Cloud detects security vulnerabilities or compliance issues in the posture of an API during scanning, an issue is generated. The issue includes specification static scan findings relevant to the issue.

Deployment option

Detection Method and Type

Description

Agentless for Posture

Detection Method: API Posture Scanner

If Cortex Cloud detects security vulnerabilities or compliance issues in the posture of an API during scanning, an issue is generated.

The issue includes specification static scan findings relevant to the issue.

Code

The schema shows the actual API specification that includes the basic information of the API, the API path, method, and parameters.

Insights

At a glance, we see a graphical representation of the specification scan results by severity and by category.

You can filter in by severity or by category. Drill down to view details of the selected scan result.

The specification scan results by severity table include the following information:

Field	Description
Severity	Indicates the severity of the scan result issue.
Category	API category. The options are: Access Control Networking and Firewall Insecure Configurations Data Encryption Structure and Semantics
Name	Name of API specification.
Description	Details of the scan results.
Modification Time	Time stamp of when the API specification was modified
Finding ID	For every vulnerability, a finding is created.

You can drill down by clicking a severity to see the details/information of the findings (vulnerabilities).

Field	Description
Severity	Critical/High/Medium/Low Info
Category	API category.
Link to OpenAPI checks	.OpenAPI page of the scan results item includes a description of the issue and a link to Details You can:
Description	Details of the scan results.
Scan Result Issue	Refers to the number of findings.
Scan Results	Shows the findings in the API request. The issue is highlighted.

Note

Overview

Code

Insights