Skip to content

API Sessions

The API Sessions module depicts the interaction of individual actors with the business logic of APIs or applications. API Sessions allow identify various behavioral and business-logic flaws and facilitate investigations of security incidents. This article gives an overview of API Sessions: describes how it works, enabled and configured, which limitations it currently has.

How API Sessions work

API Sessions group all requests (legitimate and attacks) within a session according to predetermined rules. Only certain metadata is saved for requests, which eliminates the transfer and processing of sensitive information in the Wallarm Cloud. The identified sequence of requests allows you to analyze the context around a certain event and understand what the attacker did before the recorded incident and what happened after. API Sessions give the security team a convenient tool for conducting investigations and allow you to easily validate identified malicious behavioral patterns detected using Abuse Prevention.

Use the API Sessions section of the Wallarm Console to analyze session content. When working with data, consider existing limitations.

!API Sessions section - monitored sessions

Enabling and configuring

API Sessions operate in beta mode and is enabled and configured through Wallarm support. This functionality requires node version 4.10.2 or later.

To make the API Sessions functionality more precise, it is recommended to enable JA3 fingerprinting for better identification of the the unauthenticated traffic.

Limitations

Currently API Sessions have some limitations. In the API Sessions section: