API Trace Analysis

The Trace Analysis tab in the Risk Findings section shows security findings resulting from an analysis of actual API traffic, compared with an API spec. These findings can be, for example, weak passwords, bad IDs, etc.

Findings are shown in this tab, and in the Security Posture tab.

In order to run trace analyses, you must upload an API spec (see API Spec analysis), and enable trace analysis in the cluster.

Enable trace analysis in clusters

To run API trace analyses on your clusters, you must enable it in the cluster.
In the Cluster configuration (in Deploy on a Kubernetes Cluster), add Enable API Trace Analyzer in the Connection Controls.


Collect traces

Start trace collection for an API in the Trace Analysis tab. You can run trace analyses on Internal APIs only.

  1. Select the API from the list in the the INTERNAL APIS tab.
  2. Select RISK FINDINGS, and then select the TRACE ANALYSIS tab.
  3. Select the period of time for the collection, and then click OK.

If trace collection was already started for the selected API, you can choose to continue the collection, or restart it.
Click Resume detection to resume, or Reset to restart the collection (and discard any information already collected).


Traces will be collected for the API for the period of time selected. The tab will indicate that trace collection is in progress.
You can stop the collection at any time by clicking Stop analysis, and results will be shown based on the traces collected.


View Trace Analysis findings

When the collection is complete, findings will be shown. For each finding, a description of the issue is shown, the endpoint in the API, and the risk associated with the finding.
You can expand the listing to show more detail.


Findings are also shown in the Security Posture tab. There, they will be listed with findings from other sources. The source will show 'trace analysis' for trace analysis findings.