Traceable

/

Blog
Releases

Traceable API Security Platform Updates - June & July 2024

Allison Averill
|

This past month’s releases include major improvements to data classification, UX improvements for API catalog, AST changes, and a new threat activity UI for improved visibility and more efficient analysis. 

Granular Data Classification Settings

Data classification lays the foundation for Traceable’s data flow mapping and sensitive data detection capabilities. We have released several changes to our data classification capabilities that improve the granularity of severity and suppression policies and data classification rules:

  • Sensitivity and suppression configurations can now be modified per datatype. Prior to this update, sensitivity and suppression policies were applied at the dataset level.
  • Data classification rules for each datatype can now be scoped to specific URLs. 
  • Data classification rules for each datatype can now be targeted to only leaf nodes in a nested JSON payload.

You can access these new features by navigating to Settings > Data Classification > Datatypes and creating a new datatype or editing an existing datatype. Read more in our docs.

New Threat Activity UI Available in Beta

As a security analyst or incident responder, the ability to quickly and effectively triage alerts is paramount. The less time you spend on false positives, and the sooner you can identify a true positive, the more quickly you can shut down an active threat. We are excited to release a new Threat Activity UI in beta. We’ve redesigned the threat activity experience with a focus on enabling customers to triage threat activities more efficiently, and focus on the ones that have the highest impact on APIs from a potential breach perspective. Traceable customers can experience the new UI today by navigating to Protection > Threat Activity V2 (Beta).

The new UI includes several key changes:

  • Improved Event Groupings: We’ve improved the way we group events into threat activities to reduce the total number of alerts and improve visibility into threats driven by the same actor or occurring on the same API endpoint. In the original version of Threat Activity, events were grouped based on rule type alone. In the new version, events are correlated and grouped by looking at account rule type, actor, threat behavior, and API endpoint over a time period. As repeated threats from the same actor on the same endpoint can be used to detect persistent attacks, this allows analysts to more easily identify related activity and saves time on triage and investigation. 
  • New Filters: We’ve expanded the set of filters available in Threat Activity to include more activity, threat actor, and endpoint attributes. Using these cascading filters can help analysts more easily prioritize threat activities and hone in on true positives and eliminate false positives. You can also save filters for easy reuse or to share with others on your team. 
  • Bulk Actions: You can now perform bulk actions on threat activities such as creating an exclusion, initiating a status change, creating a JIRA ticket, or pushing specific activities to a SIEM or a SOAR. For example, if you’ve identified that all threat activities associated with a particular actor are false positives, you can filter to activities associated with that actor, select all, and update the status to “False Threat.”
  • Detailed Summary and Evidence Per Threat Activity: For each threat activity identified, we will now display a detailed summary, including a description, mitigation steps, and an event timeline. We also auto populate the time range for each threat activity and clearly identify the anomalous attribute per event. 

We are excited for you to try out the new Threat Activity UI and eager to hear your feedback. Please try it out and let us know what you think. 

New and improved Threat Activity user interface.

UI Enhancements for API Catalog

We’ve made several usability enhancements to the API Catalog UI, including:

  • Reorganized and simplified left navigation menu. 
  • Updated “Inventory” page with separate tabs for API endpoints, domains, services, and backends.
  • Improvements to “Sensitive Data” page for quick insight into sensitive datatypes observed in your API endpoints.

We are staging the rollout of the new UI for existing Traceable customers over the next month. 

Updated API Inventory experience.

API Security Testing Custom Plugin Tests

Traceable’s API Security Testing allows you to create custom plugins to implement specific security rules or logic tailored to your requirements, such as enforcing particular security policies. We recently released an update to this feature that allows you to test custom plugins on a single API endpoint before saving them, so you can reduce potential configuration errors and utilize custom plugins more confidently. With custom plugin testing, you can compile and preview plugin results, providing an opportunity for review and adjustment before saving the plugin and configuring a scan run. 

Download Blog Post

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

Read more

Everything You Need to Know About Authentication and Authorization in Web APIs - Part 1

Traceable API Security Platform Updates - November 2023

How to Design Delightful API Architectures

How API Abuse Became the Top Vector for Data Breaches

See Traceable in Action

Learn how to elevate your API security today.

Get Started

Read more

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Enhance your threat detection capabilities with Traceable and Wiz's powerful integration. By uniting API and cloud security contexts, this partnership provides unparalleled threat correlation, prioritization, and incident response for cloud-native applications. Discover how eBPF technology and comprehensive data analysis secure your applications from code to cloud.

Cloud Native
Releases

January Software Release - Kicking off the New Year

It’s January and we kicking off the new year with a new set of features aimed at improving application security for our customers. Traceable AI has released a range of new features and deployment options with the continued aim to help our customers to have the best API security solution on the market.

Releases

Traceable AI Software Release – November 2021 Update

December has finally come and Traceable AI has released a whole new suite of software features for our customers, with the continued aim of ensuring the best API Security solution on the market.

API-Security
App Security
Cloud Native
Releases
View All Blogs
WHY TRACEABLE
Why TraceableOur CustomersOur PartnersAbout TraceableIn the NewsRequest DemoCompare Traceable
PLATFORM
API DiscoveryAttack ProtectionAttack DetectionFraud and Bot SecurityAPI Testing
USE CASES
API DiscoveryShift Left SecuritySensitive Data ExfiltrationAccount TakeoverBot MitigationIncident ResponseData Privacy and Compliance
RESOURCES
OverviewRelated API Resources BlogWebinarsCustomer Peer ReviewsCase StudiesWhite PaperDatasheetsDocumentationCustomer Success & Support
COMPANY
Sign In CareersPressPress KitASPEN LabsCustomer SupportSecurity and ComplianceLegalPrivacy Policy

© 2024 Traceable Inc.

548 Market Street PMB 83903, San Francisco, CA 94104-5401