Personas workflow - Cortex API security distributes responsibilities across SOC analysts, security practitioners, and workload owners. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Visibility: Reviews the Cases & Issues module for new attacks.

Investigate: Select a case or an issue, analyze involved APIs and their context, analyze request/response details, and distinguish normal from malicious activity.

To conduct a deeper investigation to eliminate or contain the threat, investigate the security issue

Decide and Act: Determine if it's a true attack. If so, initiate an immediate response (often outside the UI) and flag for fixes. Close the case in the UI.

Overview of API landscape: In the API Security Management dashboard, review emerging threats and understand the overall security of the API landscape.

Analyze APIs and Risks: Navigate to API endpoints to view all APIs, their risk factors (e.g., internet exposure, sensitive data, authentication/encryption status), and posture issues. Drill down for details.

Manage OpenAPI Specifications: Access the OpenAPI specification files. Review findings on the specification file itself (misconfigurations) and verify API traffic conformance to its specification.

Assign Remediation: Consolidate all findings, group them by application owner, and distribute tasks (via email/tickets with timelines) for fixes (code, gateway, specification updates).

Receive Tasks: Get detailed security tasks and timelines from the security practitioner.

Implement Fixes: Apply necessary fixes to application code, API configurations, or OpenAPI specifications.

Ensure Compliance: Bring their APIs and assets into alignment with security standards.