API assets - Learn about the API Endpoints and API Specifications inventories, helping you manage and safeguard your API landscape. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation
Product
Cortex XDR
License
XDR + Cloud
Creation date
2025-07-13
Last date published
2026-06-11
Category
Administrator Guide
Abstract

Learn about the API Endpoints and API Specifications inventories, helping you manage and safeguard your API landscape.

The API asset inventory provides an overview of API assets across cloud providers and data sources, enabling you to analyze, assess, and implement security measures to safeguard against risks.

API visibility and asset categories

Cortex XDR observes API traffic and extracts API specification files from gateways. The inventory includes:

  • Endpoints: Live API endpoint paths used by applications to communicate with servers.

  • Specifications: OpenAPI or Swagger specification files that are imported or extracted from gateways. You can use Cortex XDR to validate live traffic against these specifications to alert on surface deviations or undocumented endpoints.

Expanded API endpoint information

When you click on a specific API endpoint, a side card opens containing detailed information organized into the following tabs

  • Overview: This tab shows the highlights and properties of the API endpoint. It includes identifying information such as the Asset ID, Provider, and Cloud Region, related Business Applications, and a Relations graph showing the connections between the API endpoint, API gateway, and VMs.

  • Compliance: This tab displays the asset's overall compliance score and a breakdown of security controls to help you ensure the API aligns with assigned security standards.

  • Endpoint Data: This tab shows the details of the API endpoint, and the components associated with authentication, such as token type, request/response body schema, and usage statistics. It provides deep visibility into the following areas:

    • Endpoint metrics: Displays the Request Content Type, Response Content Type, the total number of Inspected Transactions, and timestamps for First Observed, Last Observed, and Last Changed.

    • Authentication: Displays a detailed table of detected authentication methods, including the Type (e.g., OAuth, Basic, API Key, Learning, OIDC), Token Type (e.g., Opaque, Base64, JWT), the Location in the payload (e.g., Query Parameters, Authentication Header), and its Status (e.g., Found, Not Found).

    • Request Body Schema and Response Body Schema: Displays the JSON structure, format, and expected data types for both the inbound requests and outbound responses.

    • Usage Statistics: Provides graphical bar charts to assess usage patterns, displaying distributions for Requests size distribution, Response size distribution, and Status code distribution.