Gain visibility and assess risk of API endpoints - Administrator Guide

Gain visibility and assess risk of API endpoints - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Category

Administrator Guide

Cortex Cloud API endpoints provide an overview of the API assets across cloud providers and data sources (for example: API Gateway, API specification), enabling you to analyze, assess, and implement security measures to safeguard against security risks and potential vulnerabilities.

In addition to observing API traffic, Cortex Cloud scans AWS and Azure API gateway, and extracts the API specification files. Once the specification files are in the inventory, Cortex Cloud scans them for misconfigurations and vulnerabilities, providing insights into your API landscape.

At a glance, we see a graphical representation of the APIs per cloud provider, including On-prem, and APIs per discovery source, including XDR agent.

You can filter in by provider or by discovery source.

The following table lists the fields that are available for each API endpoint.

Field	Description
Server	Hosting server of the API.
Path	API endpoint path is used by applications to communicate with the server, enabling you to access data and execute actions.
API Category	Associated category of the API. For example, the API could be associated with Payment.
HTTP method	The HTTP methods supported include: Get Post Put Patch Delete Head Options Trace Connect
Risk factors	Indication of the risk type associated with the API: Internet Exposure () Sensitive Data () No Authentication () No Encryption () Insecure Encryption Unknown Encryption
API spec name	API specification name is obtained from the `title` field of the specification imported to Cortex Cloud.
API spec conformance	Indicates if the endpoint was found/not found in the specification. Undefined: Indicates that the endpoint from the gateway is not found in any known specification document. Match: Indicates there's a match between the API path of the endpoint and a specification. Mismatch: Indicates that the API path is the same in the endpoint and specification, but there is a missing query parameter in the specification. Conflict: Indicates when the API endpoint matches more than one API specification file.
Provider	Gateway provider: GCP AWS Azure On-Prem
Source	Indicates the service from which the data was obtained: Kong Configuration : Indicates that the source is from the API specification. Azure API Management Apigee Amazon API Gateway XDR Agent F5 BIG-IP LTM
Inspected	Number of requests or connections that have been analyzed and verified by Cortex Cloud.
Request/Response Sensitive Data	Shows the sensitive data type in the request/response, such as passwords, credit card numbers, SSNs, or bank account numbers. Refer to What is Cortex Cloud Data Classification? for more information. Note Data classification findings are only available for enabled profiles.
Request/Response Content Types	Data format sent/received in the request/response of the API calls. application/json application/xml application/x-www-form-urlencoded multipart/form-data
Request/Response Data Patterns	Data pattern types such as Credit Card Numbers, SSN, Email Addresses, API Keys.
Request/Response Data Profiles	Data profile types such as PCI, GDPR, PII, HIPAA.
Schema	Protocol used to access the API resource: HTTP HTTPS
Authentication Types	Authentication methods include the following options: API key Basic OAuth OIDC Learning Note Indicates that a JSON Web Token was identified, but it is unknown how to determine its type from the given string. It could be a non-standard JSON Web Token creation algorithm. Unknown: Indicates that the authentication method couldn't be identified. Authentication not detected: Indicates that the API does not require authentication.
Discovery Method	Based on asset discovery: HTTP Logs Traffic mirroring Configuration Unknown
Asset Status	The API's status is Active only when both an API gateway and an API specification are present; otherwise, it's deleted. An Inactive status means the endpoint is defined in the specification but isn't receiving traffic via the gateway.
Cloud	Cloud provider where the agent is running. In case of on-prem, this field shows On-prem.
Provider Type	Indicates the cloud service provider: CSP On Prem
Region	Region of the hosting server.

When clicking on a specific API endpoint, a side card opens. Each tab includes detailed information as described.

Overview

Shows the highlights and properties of the API endpoint.

Field	Description
Highlights	Provides an overview of the status of the asset, such as severity type, internet exposure status, and if it includes sensitive data.
Asset ID	UAI (Unified Asset Inventory) ID
Provider	API Gateway: AWS GCP Azure Kong F5 BIG-IP LTM
Asset Category	Either API Endpoint or API Specification.
Cloud Region	Region of the cloud provider.
Asset Groups	Assigned asset groups to the API endpoint.
Applications	Shows the business applications related to the API endpoint. Clicking the application opens the business application page.Business application assets Note To link APIs to business applications, the two prerequisites must be met: The VM must have XDR agent with WAAS enabled. Applications must be defined in Application Security Posture Management (ASPM).
Relations	The Relations graph shows the connections between the API endpoint, API gateway, and VMs. This mirrors what's shown in the Graph Search.Graph Search Click the API Gateway or API Endpoint to view more details about the asset.
Account ID	Cloud account ID.
Cases/Issues/Findings	The link from the number opens the page where you can review the details. Refer to Cases and issues for detailed information.Cases and issues You can view all API security issues and cases detected by Cortex Cloud.
Related Assets Shows the data from the source of the traffic. If the source of the traffic is from the gateway, the related asset data shows AWS API Gateway or Azure Gateway, the name of the gateway, and the stage. If the source of the traffic is from a specification from the gateway, the related asset data shows the API specification, the name of the specification, and the gateway provider. If the source of the traffic is from the XDR agent, the related asset data shows the agent ID.
Type	API specification
Name	Name of the API specification.
Provider	Cloud provider of the API specification.

An issue is generated when the following Detection Method is triggered:

Deployment option	Detection Method and Type	Description
Agentless for Posture	Detection Method: API Posture Scanner	If Cortex Cloud detects security vulnerabilities or compliance issues in the posture of an API during scanning, an issue is generated.
Agentless	Detection Method: API Traffic Scanner	If Cortex Cloud detects anomalies, suspicious activities, or potential security threats in the network traffic of the APIs, an issue is generated.
Agent-based	Type: Security Detection Method: XDR Agent	If Cortex Cloud detects threats from cloud workloads, an issue is generated.

Deployment option

Detection Method and Type

Description

Agentless for Posture

Detection Method: API Posture Scanner

If Cortex Cloud detects security vulnerabilities or compliance issues in the posture of an API during scanning, an issue is generated.

Agentless

Detection Method: API Traffic Scanner

If Cortex Cloud detects anomalies, suspicious activities, or potential security threats in the network traffic of the APIs, an issue is generated.

Agent-based

Type: Security

Detection Method: XDR Agent

If Cortex Cloud detects threats from cloud workloads, an issue is generated.

Endpoint Data

Shows the details of the API endpoint, and the components associated with authentication, such as token type, request/response body schema, and usage statistics.

Field	Description
API Endpoint	API endpoint path used by applications to communicate with the server, enabling you to access data and execute actions.
Method	HTTP Method.
Server	Hosting server of the API.
Query Parameters	Parameters included in the API endpoint URL. Only the keys are stored to avoid saving personal identifiable information (PII)? For example, ID.
Response Content Type	Specifies the response type format transmitted from the server to the client, such as JSON or XML.
Inspected Transactions	Number of requests scanned by Cortex Cloud.
First Observed/Last Observed	Timestamp of the first and last time the API was accessed.
Last Changed	Timestamp of when the API was updated.
Sensitive Data Pattern	Identifies sensitive data exposure risks.
Authentication	Specified the authentication of the API endpoint. Refer to Authentication Types.
Request/Response Body Schema	Shows the structure and format of the data that's included in the request. It shows expected data types, format, and organization of the response payload, such as the fields, attributes, and valid values. The schema is created based on the request/response. Cortex utilizes the DSPM engine to analyze API traffic and classify sensitive data into two categories: Data Profiles and Data Patterns. Data Profiles: Represent the regulatory standards and compliance mandates that the API data is subject to. Example: PCI, GDPR, PII, HIPAA Data Patterns: specific data types and formats found within the API requests and responses. Example: Credit Card Numbers, SSN, Email Addresses, API Keys
Usage Statistics	Shows the metrics for Requests size distribution, Response size distribution, and Status code distribution. Using these statistics can help assess usage patterns, identify performance issues, and help optimize the API to enhance its security posture. You can hover over the metric bar to view details.

Note

Note

Overview

Note

Endpoint Data