Feature/docs 2642 sbfa and user attribution in api sessions #1412
Conversation
✅ Deploy Preview for pensive-dubinsky-5f7a00 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
docs/4.10/api-discovery/overview.md
Outdated
| * SMS gateway functioning | ||
| * ...and others | ||
|
|
||
| Once tags are assigned, you can filter your endpoints by flow to regularly check them for vulnerabilities or breaches. |
There was a problem hiding this comment.
We need screenshots here to demonstrate to how do that in the interface.
docs/4.10/api-discovery/overview.md
Outdated
| * SMS gateway functioning | ||
| * ...and others | ||
|
|
||
| Once tags are assigned, you can filter your endpoints by flow to regularly check them for vulnerabilities or breaches. |
There was a problem hiding this comment.
There two different terms for the same things: 'tags' and 'marking'. I propose sticking to 'tags'.
docs/4.10/api-discovery/overview.md
Outdated
| @@ -88,6 +88,18 @@ API Discovery detects and highlights sensitive data consumed and carried by your | |||
| * Medical data like medical license number | |||
| * Personally identifiable information (PII) like full name, passport number or SSN | |||
|
|
|||
| ### Sensitive business flows | |||
|
|
|||
| API Discovery allows [marking](sbf.md) specific endpoints as the key ones for some sensitive business flows, such as: | |||
There was a problem hiding this comment.
As a pre-phrase, we need to explain the value of this i.e. a user might be interested in marking endpoints. I propose rephrasing this:
With the Sensitive business flow capability, API Discovery can identify endpoint which are critical to specific business flows and functions, such: authentication, account management, billing, and similar critical capabilities.
Once endpoints are assigned with the sensitive business flow tags, it becomes possible to filter all discovered endpoint by a specific business flow which makes it easier on protecting the most critical business capabilities.
docs/4.8/api-discovery/overview.md
Outdated
| ### Sensitive business flows | ||
|
|
||
| API Discovery allows [marking](sbf.md) specific endpoints as the key ones for some sensitive business flows, such as: | ||
|
|
||
| * Authentication | ||
| * Account management | ||
| * Billing | ||
| * SMS gateway functioning | ||
| * ...and others | ||
|
|
||
| Once tags are assigned, you can filter your endpoints by flow to regularly check them for vulnerabilities or breaches. | ||
|
|
There was a problem hiding this comment.
Ditto: docs/4.10/api-discovery/overview.md .
| ### Sensitive business flows | ||
|
|
||
| API Discovery automatically [marks](sbf.md) specific endpoints as the key ones for some sensitive business flows, such as: | ||
|
|
||
| * Authentication | ||
| * Account management | ||
| * Billing | ||
| * SMS gateway functioning | ||
| * ...and others | ||
|
|
||
| You can manually adjust the assigned tags and manually set tags for the endpoints of your choice. | ||
|
|
||
| Once tags are assigned, you can filter your endpoints by flow to regularly check them for vulnerabilities or breaches. | ||
|
|
There was a problem hiding this comment.
Ditto: docs/4.10/api-discovery/overview.md .
docs/latest/api-discovery/sbf.md
Outdated
|
|
||
| ## Business flows in Sessions | ||
|
|
||
| Wallarm's [API Sessions](../api-sessions/overview.md) group requests of your applications' traffic into user sessions. If some of these requests target the endpoints that in API Discovery were marked as important for some sensitive business flows, such session will be [marked](../api-sessions/exploring.md#sensitive-business-flows) as affecting this business flow as well. |
There was a problem hiding this comment.
group requests of your applications' traffic into user sessions.
So then what? We need to start with business value and then explain how Wallarm helps to achieve that with this capability.
docs/latest/api-discovery/sbf.md
Outdated
|
|
||
| ## Marking endpoints manually | ||
|
|
||
| To adjust the results of [automatic marking](#automatic-marking), you can manually edit the list of sensitive business flow the endpoint belongs to. You can also manually mark endpoints that do not directly fall under the keyword list. |
There was a problem hiding this comment.
Marking > tagging, manual > customization, stars with business value. The ability to customize == you can configure the solution in a way it fits our specific organization.
There was a problem hiding this comment.
Marking > tagging - ok
Business value in subsections - it is extra, we already mentioned in in intro.
We do not customize anything here, we manually adjust the results of automatic identification.
|
|
||
|  | ||
|
|
||
| ## Filtering by business flow |
There was a problem hiding this comment.
business flow or sensitive business flow ?
There was a problem hiding this comment.
To keep the heading short, I made this fix INSIDE section text.
docs/latest/api-discovery/sbf.md
Outdated
|
|
||
| ## Filtering by business flow | ||
|
|
||
| Once endpoints are marked with the business flow tags, you can quickly get the list of endpoints belonging to specific business flow to analyze their current state and data. |
There was a problem hiding this comment.
marked > tagged.
you can quickly get the list of endpoints belonging to specific business flow to analyze their current state and data.
Put value first: You can analyze risks associated with ... by .....
docs/latest/api-discovery/sbf.md
Outdated
|
|
||
| Once endpoints are marked with the business flow tags, you can quickly get the list of endpoints belonging to specific business flow to analyze their current state and data. | ||
|
|
||
| To do that, use the **Business flow** filter. |
|
|
||
| You can manually adjust the assigned tags and manually set tags for the endpoints of your choice. | ||
| Once endpoints are assigned with the sensitive business flow tags, it becomes possible to filter all discovered endpoint by a specific business flow which makes it easier on protecting the most critical business capabilities. |
There was a problem hiding this comment.
Grammar: Once endpoints are tagged with sensitive business flow labels, it's possible to filter all discovered endpoints by a specific business flow, making it easier to protect the most critical business capabilities.
docs/latest/api-discovery/sbf.md
Outdated
| @@ -1,6 +1,6 @@ | |||
| # Sensitive Business Flows <a href="../../about-wallarm/subscription-plans/#waap-and-advanced-api-security"><img src="../../images/api-security-tag.svg" style="border: none;"></a> | |||
|
|
|||
| Wallarm's [API Discovery](overview.md) automatically marks specific endpoints as the key ones for some sensitive business flows, such as authentication or account management, billing or SMS gateways functioning, and others. Learn from this article how to use the sensitive business flow functionality. | |||
| With the [sensitive business flow](sbf.md) capability, Wallarm's [API Discovery](overview.md) can automatically identify endpoints that are critical to specific business flows and functions, such as authentication, account management, billing, and similar critical capabilities. Learn from this article how to use the sensitive business flow functionality. | |||
There was a problem hiding this comment.
Sensitive Business Flow (with capital letters) - it's a name of a capability.
docs/latest/api-discovery/sbf.md
Outdated
| @@ -1,6 +1,6 @@ | |||
| # Sensitive Business Flows <a href="../../about-wallarm/subscription-plans/#waap-and-advanced-api-security"><img src="../../images/api-security-tag.svg" style="border: none;"></a> | |||
|
|
|||
| Wallarm's [API Discovery](overview.md) automatically marks specific endpoints as the key ones for some sensitive business flows, such as authentication or account management, billing or SMS gateways functioning, and others. Learn from this article how to use the sensitive business flow functionality. | |||
| With the [sensitive business flow](sbf.md) capability, Wallarm's [API Discovery](overview.md) can automatically identify endpoints that are critical to specific business flows and functions, such as authentication, account management, billing, and similar critical capabilities. Learn from this article how to use the sensitive business flow functionality. | |||
There was a problem hiding this comment.
use the sensitive business flow functionality to protect your business.
docs/latest/api-discovery/sbf.md
Outdated
|
|
||
| Automatic checking is performed based on the keywords from the endpoint URL, for example, `payment`, `subscription` `purchase`, etc. for the **Billing** flow or `auth`, `token`, `login`, etc. for **Authentication**. If matches are found, the endpoint is automatically assigned to the corresponding flow(s). | ||
|
|
||
| If necessary, later you can manually adjust the list of assigned business flows as described in the section below. |
There was a problem hiding this comment.
@MaximBashurov not fixed. "manually adjust" reads like I have to fix something, customize sounds better 'cause it implies meeting the unique needs of a customer.
|
|
||
| To do that, use the **Business flow** filter. | ||
|
|
||
| Once endpoints are assigned with the sensitive business flow tags, it becomes possible to filter all discovered endpoint by a specific business flow (the **Business flow** filter) which makes it easier on protecting the most critical business capabilities. |
There was a problem hiding this comment.
What's the name of the filter in the UI? AFAIK it's the Sensitive Business flow filter.
|
|
||
| To do that, use the **Business flow** filter. | ||
|
|
||
| Once endpoints are assigned with the sensitive business flow tags, it becomes possible to filter all discovered endpoint by a specific business flow (the **Business flow** filter) which makes it easier on protecting the most critical business capabilities. |
There was a problem hiding this comment.
Also, grammar: Once endpoints are assigned sensitive business flow tags, it becomes possible to filter all discovered endpoints by a specific business flow (using the Sensitive Business Flow filter), making it easier to protect the most critical business capabilities.
| @@ -47,7 +47,11 @@ Use the **Time,ms** and **Size,bytes** columns in the session request details to | |||
|
|
|||
| ## Sensitive business flows | |||
|
|
|||
| If some of the session requests target the endpoints that in [API Discovery](../api-discovery/overview.md) were [marked](../api-discovery/sbf.md) as important for some sensitive business flows, such session will be marked as affecting this business flow as well. | |||
| In [API Discovery](../api-discovery/overview.md), the [sensitive business flow](../api-discovery/sbf.md) capability allows automatic and manual identification of endpoints that are critical to specific business flows and functions, such as authentication, account management, billing, and similar critical capabilities. | |||
| If some of the session requests target the endpoints that in [API Discovery](../api-discovery/overview.md) were [marked](../api-discovery/sbf.md) as important for some sensitive business flows, such session will be marked as affecting this business flow as well. | ||
| In [API Discovery](../api-discovery/overview.md), the [sensitive business flow](../api-discovery/sbf.md) capability allows automatic and manual identification of endpoints that are critical to specific business flows and functions, such as authentication, account management, billing, and similar critical capabilities. | ||
|
|
||
| If the sessions' requests affect the endpoints that in API Discovery were tagged as important for some sensitive business flows, such sessions are automatically tagged as affecting this business flow as well. |
There was a problem hiding this comment.
Grammar: If a session's requests affect endpoints that were tagged as important for sensitive business flows in API Discovery, such sessions are automatically tagged as affecting the corresponding business flow as well.
|
|
||
| If the sessions' requests affect the endpoints that in API Discovery were tagged as important for some sensitive business flows, such sessions are automatically tagged as affecting this business flow as well. | ||
|
|
||
| Once sessions are assigned with the sensitive business flow tags, it becomes possible to filter them by a specific business flow which makes it easier to select the sessions that are most important to analyze. |
There was a problem hiding this comment.
Grammar: Once endpoints are assigned sensitive business flow tags, it becomes possible to filter all discovered endpoints by a specific business flow (using the Sensitive Business Flow filter), making it easier to protect the most critical business capabilities.
No description provided.