Skip to content

Configurations

It is used for APIFORT Settings, and includes Parameters, Integrations, Reports, Rules, Brute Force, Organizations, and License submenus.

Parameters

General parameter definitions are listed. The purpose of these parameters is to allow the user to make decisions or take actions within the application.

alt text

To add a new parameter, click + Add. Enter the Parameter Key, Value, and Description fields, then click OK.

alt text

To edit an existing parameter, click the Edit button under Actions. After necessary changes are made, click OK to save them.

To delete a parameter, click the trash bin under Actions and click OK to confirm deletion.

Parameters’ List

Key Value
ignore.header Indicates that they do not want to see header parameters in discovered APIs.
ignore.url.suffix Does not discover APIs ending with
secure.url.key It searches for the trusted parameter among the URL keys of the API. It is used to understand whether the API is trusted or not.
ignore.http.method Discover unwanted HTTP method requests
defaultJiralIntegrationId Used to open a Jira task from the attacks page
secure.header.value It searches for the trusted parameter among the header values of the API. It is used to understand whether the API is trusted or not.
apifort.traffic.analyzer AI service Kafka topic
secure.header.key It searches for the trusted parameter among the header keys of the API. It is used to understand whether the API is trusted or not.
alert.kafka.topic Attack notification topic
ai.rs.prediction.activate Activates/deactivates the RS (Context Engine) prediction engine. (Activate: 1 or Deactivate: 0)
ai.rs.train.activate Activates/deactivates the RS (Context Engine) training engine. (Activate: 1, Deactivate: 0)
ai.rs.retrieval.duration Sets duration for complete RS (Context Engine) data retrieval. (Integer: number of days)
ai.rs.anomaly.sensitivity Sets sensitivity level for RS (Context Engine) anomaly detection. (Low: 0.5, Medium: 1, High: 1.5, Very High: 2)
ai.rs.prediction.frequency Sets recurring frequency of RS (Context Engine) prediction. (Integer: number of minutes)
ai.rs.train.frequency Sets recurring frequency of RS (Context Engine) training. (Integer: number of minutes)
internal Used to parse internal IPs
ai.hit.anomaly.sensitivity Sets sensitivity level for Hit (Interval Engine) anomaly detection. (Low: 0.5, Medium: 1, High: 1.5, Very High: 2)
ai.hit.prediction.frequency Sets recurring frequency of Hit (Interval Engine) prediction. (Integer: number of minutes)
ai.hit.train.frequency Sets recurring frequency of Hit (Interval Engine) training. (Integer: number of minutes)
hits.expireDay Sets the information about how many days the hit data will be logged
ai.rs.train.duration Sets duration for complete RS (Context Engine) training. (Integer: number of days)
ai.hit.train.duration Sets duration for complete Hit (Interval Engine) training. (Integer: number of days)
ignore.http.header.key.value Discover unwanted HTTP requests header keys
ignore.http.method //duplicate
ai.rs.retrieval.duration Sets duration for complete RS (Context Engine) data retrieval. (Integer: number of days)
ai.status.train.duration Sets duration for complete Hit (Interval Engine) training. (Integer: number of days)
alert.attack.successfull 0 -> only false, 1 -> only true, 2 -> true or false, 3 -> close – Setting to create notifications based on whether the attack is successful or not
traffic.analyzer.thread.count How many threads will Kafka use to listen to traffic?
ai.clean.sights.data Sets frequency of deletion of unused data (day)

Integrations

APIFORT can integrate with Fluentd, Logstash, Jira V2, QRadar, WebSocket, Webhook, MS Teams, Slack, and Email applications. The Integrations menu is where these integrations are managed and contains the Integration, Events and Templates tabs.

Integration Tab

It is used for adding and managing integrations.

  • Add Integration field shows the available integrations for adding.

  • My Integrations field lists the added integrations. The integration status can be adjusted using the Active/Passive toggle.

alt text

To add an integration, click the + button at the top right of the relevant integration. After filling in the required fields, the connection can be tested with the Test Connection button. Then, click the + Add Integration button.

alt text

  • To edit an existing integration, click the Edit button that appears when you hover over the relevant integration. After necessary changes are made, click Update Integration to save them.

  • To delete an existing integration, click the trash bin button at the bottom left of the relevant integration in the My Integrations window. Click OK to confirm deletion.

Events Tab

Events are the core components of the integration module. Each event is linked to a specific action, which defines the integration process. For example, a C-Level Security Reports event can be configured to trigger an E-Mail action upon execution.

The Events tab allows users to create new events and manage existing ones.

alt text

With the CHILDREN LIST button, child events of the event are displayed. By clicking the + button next to the Children List button, a new child event can be added.

alt text

To add a new event, click the + ADD button in the top right corner. Fill in the Event Key, Event Name, and Description fields in the pop-up window, then click + ADD EVENT.

alt text

  • The alt text button is used to add event data. Event data can be added separately to both events and child events.

  • Existing event data can be edited or deleted from the Actions section.

  • With the Copy Key (alt text) button in the Actions section, the key of the event data can be copied.

alt text

Templates Tab

Templates are the message bodies tied to the desired integrations. Any triggered event will be binded with the corresponding template and then delivered with the desired integration. For example, when a C-Level Security Reports event is triggered, the event is added into the specified e-mail template, including the desired message body and the information regarding the event (and even the report as an attachment) and then sent via the e-mail system.

alt text

There are two ways to create a new template: by cloning an existing template or by creating a new one from scratch.

  • To clone a template, click the Clone button in the Actions section of the existing template. The pop-up window will display the template's properties, which can be modified or left unchanged. Then, click the Add Template button.

  • To create a template from scratch, click the + ADD button in the top right. Fill in the Template Name, Integration Type, Event Type, and Templates fields, then click the + ADD TEMPLATE button.

alt text

The event variables related to the vulnerability are shown below.

alt text

The general variables related to the vulnerability are shown below.

alt text

Reports

It is used to list and manage reports.

alt text

To add a new report, click + Add button. Choose Report Type and Application, enter description, schedule cron, active/passive status, and Recepient List, then click OK.

alt text

To access the Report History, click the History (alt text) button under Actions. This section lists previously generated reports along with their run time details and provides downloadable PDFs.

alt text

  • To edit an existing report, click the Edit button under Actions.

  • After necessary changes are made, click OK to save them.

  • To delete a report, click the trash bin under Actions and click OK to confirm deletion.

Rules

It is used to list and manage Rules.

alt text

To add a new rule, click + Add button. Select active/passive status and enter the code, then click OK to save.

alt text

  • To edit an existing rule, click the Edit button under Actions. After necessary changes are made, click OK to save them.

  • To delete a rule, click the trash bin under Actions and click OK to confirm deletion.

Brute Force

It is used to list and manage Brute Force Definitions.

alt text

If multiple definitions contain conflicting rules for the same endpoint, the most recently saved rule will take precedence for that endpoint.

To add a new Brute Force definition, click the + Add button located at the top right corner. Fill in the Capacity, Duration, and Description fields. Then, select the IP Based, Active, and Apply All Traffics options. The entered settings will apply to all traffic across all applications.

The default configuration is shown in the image below.

alt text

The descriptions of the relevant fields are as follows:

  • Capacity: Indicates the number of hits received by the endpoint.
  • Duration In Minutes: Specifies the time period (in minutes) during which the rule is valid; this defines a monitoring window.
  • Description: Used to add a description for the rule.
  • IP Based: When enabled, monitoring is done per IP address. If disabled, all IPs are evaluated collectively without separate counting per IP.
  • Active: Indicates whether the definition is active or not.
  • Apply All Traffics: When enabled, the rule applies to all applications, catalogs, and traffic. If disabled, it applies only to the selected application(s) or catalog(s). You can also create endpoint-specific rules using the + Add Endpoint option.

alt text

You can define separate rules for specific endpoints using the + Add Endpoint option.

  • The first option is the Method field.

  • If "-" is selected, the rule applies to all HTTP methods.

  • If a specific method is selected (e.g., GET, POST), the rule applies only to that method.

  • The second option defines how the endpoint will be matched, using operators such as = (equals), ≠ (not equals), and *. (contains)**.

Examples:

  • If you enter /api/user in the Endpoint field and select ≠ (not equals), the rule will apply to all selected applications and catalogs except the specified endpoint.

  • If you select = (equals) or *. (contains)**, the rule will apply only to that endpoint across the selected applications and catalogs.

  • If no application or catalog is selected, the entered endpoint rule applies to all applications and catalogs.

alt text

To edit a brute force definition, click the Edit button under the Actions section on the Brute Force Definition page. After making the necessary changes, click the Save button to apply and save your updates.

When you update a brute force definition, any hit counting that was done based on the previous settings will be reset and start over with the new configuration.

Organizations

It is used to list and manage Organizations. alt text

To add a new organization, click + Add button. Enter the Organization Name and Email, Select Users, Applications and Catalogs fields, then click Save.

alt text

  • To edit an existing organization, click the Edit button under Actions. After necessary changes are made, click OK to save them.

  • To delete an organization, click the trash bin under Actions and click OK to confirm deletion.

License

It is used to view details about the APIFORT license.

alt text

  • Daily Hits: Shows the number of API hits per day.
  • Monthly Hits: Shows the number of API hits per month.
  • Daily request limit: Indicates the maximum number of API requests allowed per day.
  • Monthly request limit: Indicates the maximum number of API requests allowed per month.
  • Validity Date: Allows users to track the license expiration.