View Threat Activity Breakdown
Overview
Use Threat Activity Breakdown to investigate API threats detected by Akto. You can move from high-level monitoring to detailed drilldowns, apply filters, review complete request–response data, and take targeted remediation actions.
Access the Threat Activity View
Log in to your Akto account.
Head to API Security.
From the side navigation bar and select API Threat Detection.
Click on Threat Activity.
Review activities under Active, Under Review, and Ignored.
Select an activity to open its drilldown view.
Refine Threats Using Filters
Use the search and filter option in the upper-right corner of the activity list to refine the displayed results.
You can filter by:
Actor
URL
Host
Type (Rule-Based / Anomaly)
Latest Attack Subcategory
Successful Exploit
Explore the Detailed View
The drilldown view presents all relevant information for a selected threat activity, including severity, impacted API endpoint, and detected attack category.
The view contains four tabs that structure the investigation flow:
Presents the description, details, and impact of the activity, giving you a clear understanding of the threat.
Displays a visual timeline that helps you identify patterns, timing, and frequency of the attempts.
Shows the attempted request and its response.
You can now copy the request in two formats:
Curl
Burp
Offers actionable steps you can follow to resolve the activity and reduce repeated exposure.
Update the Status
Use Event Actions option to update the status of an activity:
Mark for Review – Move the activity into the review workflow.
Ignore – Remove the activity from the active threat list.
Once ignored, Akto will not flag the same actor and API endpoint again based on the threat policy that originally detected it.
Block the Traffic From the Source IP
Use Block IP button to immediately stop further activity from the malicious source.
For more details, continue to the 1. Block an IP from Threat Actors learn more.
Create Internal Workflow Item
You can create a Jira ticket or a Work Item directly from the threat activity view to support internal tracking, ticketing, and coordinated remediation.
To learn more about creating and configuring these items, head to the Create Internal Workflow Item.
Last updated
Was this helpful?