Manage Threat Policies

Overview

Threat policies are customizable filters that help you monitor API traffic in real time and detect harmful activity. These policies protect your applications by identifying threats such as Cross-Site Scripting (XSS), SQL Injection, and other attacks covered in the OWASP Core Rule Set.

You can also configure policies to enforce geofencing rules or block traffic from specific IP CIDR ranges. Each policy is defined in YAML, giving you full control over how Akto evaluates and flags suspicious behavior.

Accessing Threat Policies

To open your threat policies:

Sign in to your Akto account.
Head to API Security.
In the left sidebar, select API Threat Detection.
Click Threat Policies to view and manage all your policies.

Create a New Policy

Open the Threat Policies page.

In the code editor area, start by entering or modifying the configuration according to the behavior you want Akto to detect.

Set a unique value for the id key.

Important

The id key defines the policy template name.

When you create a policy, the id value becomes its official name.
When you modify a policy, changing the id value will create a new policy instead of updating the existing one.

Click Save. Akto will create a new policy template using the id you provided.

Modify a Policy

Use the search filter on the Threat Policies page to locate the policy you want to edit.

Update the YAML configuration to match your requirements.

Click Save to apply the changes.

If you change the id key, Akto will treat it as a new policy and creates a new template.

Delete a Policy

Use the search filter to find the policy you want to remove.

Click Delete in the top-right corner.

Select Yes to confirm the deletion.

Continue to Threat Activity

After you configure your threat policies, you can review Akto’s detections in the Threat Activity page.

PreviousHow To NextView Threat Activity Breakdown

Last updated 7 days ago

Was this helpful?