Protecting APIs has different requirements than protecting from traditional web application attacks. This is the primary reason that WAFs and API gateways are not adequate to secure your APIs.
In order to effectively protect from both known and unknown attacks, a wider and deeper set of data is needed to understand the application logic and expected API and user behaviors.
Walk through the Traceable product, at your own pace, as you investigate security events and complete threat actor activity timelines, and then take immediate and direct action by blocking the threat actor.