Fetch Data

API

Description

POST /api/fetchSuspectSampleData

Fetch suspicious sample request/response data flagged during threat detection.

POST /api/fetchThreatActors

Retrieve details of identified threat actors (malicious sources).

POST /api/fetchFiltersThreatTable

Fetch available filters for organizing and querying the threat table.

POST /api/getThreatActivityTimeline

Retrieve the activity timeline of threats across a given period.

POST /api/fetchAggregateMaliciousRequests

Get aggregated statistics of malicious requests detected across APIs.

POST /api/fetchCountBySeverity

Retrieve counts of threats grouped by severity (Critical, High, Medium, Low).

POST /api/fetchRemediationInfo

Fetch remediation details and guidance for specific threats or issues.

POST /api/fetchThreatApis

Get the list of APIs targeted by threats or malicious traffic.

POST /api/fetchThreatCategoryCount

Retrieve the count of threats grouped by categories (e.g., Injection, Auth, DoS).

POST /api/fetchFilterYamlTemplate

Fetch the YAML template for building custom filters for threat analysis.

POST /api/fetchFiltersForThreatActors

Retrieve filter options for drilling into threat actor activity.

POST /api/getDailyThreatActorsCount

Get the count of active threat actors observed per day.

POST /api/getActorsCountPerCounty

Retrieve the distribution of threat actors grouped by country.

api/fetchSuspectSampleData

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

urlsstring[]RequiredExample: /portal/redlion

typesstring[]RequiredExample: Rule-Based

limitinteger · int32RequiredExample: 50

skipinteger · int32RequiredExample: 0

endTimestampinteger · int32RequiredExample: 1757442599

startTimestampinteger · int32RequiredExample: 1752172200

Responses

200

description

application/json

post

/api/fetchSuspectSampleData

POST /api/fetchSuspectSampleData HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 150

{
  "urls": [
    "/portal/redlion"
  ],
  "types": [
    "Rule-Based"
  ],
  "limit": 50,
  "skip": 0,
  "sort": {
    "detectedAt": -1
  },
  "endTimestamp": 1757442599,
  "startTimestamp": 1752172200
}

200

description

{
  "severity": "null",
  "total": 2,
  "urls": [
    "/portal/redlion"
  ],
  "subCategory": "null",
  "types": [
    "Rule-Based"
  ],
  "sampleData": "null",
  "maliciousEvents": [
    {
      "country": "US",
      "metadata": "country_code: \"US\"\n",
      "subCategory": "SecurityMisconfig",
      "method": "GET",
      "ip": "20.65.193.78",
      "eventType": "SINGLE",
      "apiCollectionId": 0,
      "type": "Rule-Based",
      "url": "/portal/redlion",
      "actor": "20.65.193.78",
      "filterId": "OSCommandInjection",
      "payload": "method: \"GET\"\npath: \"/portal/redlion\"\ntype: \"HTTP/1.1\"\nrequest_headers {\n  key: \"accept\"\n  value {\n    values: \"*/*\"\n  }\n}\nrequest_headers {\n  key: \"accept-encoding\"\n  value {\n    values: \"gzip\"\n  }\n}\nrequest_headers {\n  key: \"host\"\n  value {\n    values: \"34.54.187.118\"\n  }\n}\nrequest_headers {\n  key: \"user-agent\"\n  value {\n    values: \"Mozilla/5.0 zgrab/0.x\"\n  }\n}\nrequest_headers {\n  key: \"via\"\n  value {\n    values: \"1.1 google\"\n  }\n}\nrequest_headers {\n  key: \"x-cloud-trace-context\"\n  value {\n    values: \"223616523a5d7e23d186a9bef1f6e6d7/10875075389630637163\"\n  }\n}\nrequest_headers {\n  key: \"x-forwarded-for\"\n  value {\n    values: \"20.65.193.78,34.54.187.118\"\n  }\n}\nrequest_headers {\n  key: \"x-forwarded-proto\"\n  value {\n    values: \"http\"\n  }\n}\nstatus_code: 200\nstatus: \"200 OK\"\nresponse_headers {\n  key: \"accept-ranges\"\n  value {\n    values: \"bytes\"\n  }\n}\nresponse_headers {\n  key: \"access-control-allow-origin\"\n  value {\n    values: \"*\"\n  }\n}\nresponse_headers {\n  key: \"cache-control\"\n  value {\n    values: \"public, max-age=0\"\n  }\n}\nresponse_headers {\n  key: \"connection\"\n  value {\n    values: \"keep-alive\"\n  }\n}\nresponse_headers {\n  key: \"content-encoding\"\n  value {\n    values: \"gzip\"\n  }\n}\nresponse_headers {\n  key: \"content-type\"\n  value {\n    values: \"text/html; charset=UTF-8\"\n  }\n}\nresponse_headers {\n  key: \"date\"\n  value {\n    values: \"Sun, 27 Jul 2025 20:28:02 GMT\"\n  }\n}\nresponse_headers {\n  key: \"etag\"\n  value {\n    values: \"W/\\\"7c3-1982adf3355\\\"\"\n  }\n}\nresponse_headers {\n  key: \"feature-policy\"\n  value {\n    values: \"payment \\'self\\'\"\n  }\n}\nresponse_headers {\n  key: \"keep-alive\"\n  value {\n    values: \"timeout=5\"\n  }\n}\nresponse_headers {\n  key: \"last-modified\"\n  value {\n    values: \"Mon, 21 Jul 2025 02:45:27 GMT\"\n  }\n}\nresponse_headers {\n  key: \"vary\"\n  value {\n    values: \"Accept-Encoding\"\n  }\n}\nresponse_headers {\n  key: \"x-content-type-options\"\n  value {\n    values: \"nosniff\"\n  }\n}\nresponse_headers {\n  key: \"x-frame-options\"\n  value {\n    values: \"SAMEORIGIN\"\n  }\n}\nresponse_headers {\n  key: \"x-recruiting\"\n  value {\n    values: \"/#/jobs\"\n  }\n}\nresponse_payload: \"<!--\\n  ~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.\\n  ~ SPDX-License-Identifier: MIT\\n  --><!DOCTYPE html><html lang=\\\"en\\\"><head>\\n  <meta charset=\\\"utf-8\\\">\\n  <title>OWASP Juice Shop</title>\\n  <meta name=\\\"description\\\" content=\\\"Probably the most modern and sophisticated insecure web application\\\">\\n  <meta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=1\\\">\\n  <link id=\\\"favicon\\\" rel=\\\"icon\\\" type=\\\"image/x-icon\\\" href=\\\"assets/public/favicon_js.ico\\\">\\n  <link rel=\\\"stylesheet\\\" type=\\\"text/css\\\" href=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\\\">\\n  <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\\\"></script>\\n  <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\\\"></script>\\n  <script>\\n    window.addEventListener(\\\"load\\\", function(){\\n      window.cookieconsent.initialise({\\n        \\\"palette\\\": {\\n          \\\"popup\\\": { \\\"background\\\": \\\"#546e7a\\\", \\\"text\\\": \\\"#ffffff\\\" },\\n          \\\"button\\\": { \\\"background\\\": \\\"#558b2f\\\", \\\"text\\\": \\\"#ffffff\\\" }\\n        },\\n        \\\"theme\\\": \\\"classic\\\",\\n        \\\"position\\\": \\\"bottom-right\\\",\\n        \\\"content\\\": { \\\"message\\\": \\\"This website uses fruit cookies to ensure you get the juiciest tracking experience.\\\", \\\"dismiss\\\": \\\"Me want it!\\\", \\\"link\\\": \\\"But me wait!\\\", \\\"href\\\": \\\"https://www.youtube.com/watch?v=9PnbKL3wuH4\\\" }\\n      })});\\n  </script>\\n<style>.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@charset \\\"UTF-8\\\";@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\" media=\\\"print\\\" onload=\\\"this.media=\\'all\\'\\\"><noscript><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\"></noscript></head>\\n<body class=\\\"mat-app-background bluegrey-lightgreen-theme\\\">\\n  <app-root></app-root>\\n<script src=\\\"runtime.js\\\" type=\\\"module\\\"></script><script src=\\\"polyfills.js\\\" type=\\\"module\\\"></script><script src=\\\"vendor.js\\\" type=\\\"module\\\"></script><script src=\\\"main.js\\\" type=\\\"module\\\"></script>\\n\\n</body></html>\"\ntime: 1753648085\nakto_account_id: \"1000000\"\nip: \"20.65.193.78\"\nakto_vxlan_id: \"0\"\n",
      "id": "e6cb0490-d627-49cc-a592-7c53bebab799",
      "refId": "93069238-c27d-4ef1-b908-7db2b3157524",
      "category": "SecurityMisconfig",
      "timestamp": 1753648085
    }
  ],
  "limit": 50,
  "skip": 0,
  "sort": {
    "detectedAt": -1
  },
  "endTimestamp": 1757442599,
  "startTimestamp": 1752172200
}

api/fetchThreatActors

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1788978599

skipinteger · int32RequiredExample: 0

startTsinteger · int32RequiredExample: 0

Responses

200

description

application/json

post

/api/fetchThreatActors

POST /api/fetchThreatActors HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 68

{
  "endTs": 1788978599,
  "skip": 0,
  "startTs": 0,
  "sort": {
    "discoveredAt": -1
  }
}

200

description

{
  "splunkUrl": "null",
  "skip": 0,
  "startTs": 0,
  "actorsCountPerCounty": "SUCCESS",
  "sort": {
    "discoveredAt": -1
  },
  "eventType": "null",
  "splunkToken": "null",
  "actorsCountPerCountry": "null",
  "actor": "null",
  "filterId": "null",
  "actors": [
    {
      "latestAttack": "LocalFileInclusionLFIRFI",
      "country": "",
      "activity": [
        {
          "severity": "HIGH",
          "subCategory": "OSCommandInjection",
          "method": "POST",
          "detectedAt": 1754352524,
          "url": "/.chef/config.rb"
        }
      ],
      "latestApiEndpoint": "/config.php",
      "latestApiIp": "20.0.143.224:57796",
      "id": "20.0.143.224:57796",
      "latestApiMethod": "POST",
      "discoveredAt": 1755172371
    }
  ],
  "total": 13243,
  "endTs": 1788978599,
  "maliciousPayloadsResponses": "null",
  "refId": "null",
  "actorIp": "null",
  "status": "null"
}

api/fetchFiltersThreatTable

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

objectOptional

Responses

200

description

application/json

post

/api/fetchFiltersThreatTable

POST /api/fetchFiltersThreatTable HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

description

{
  "severity": "null",
  "subCategory": [
    "LocalFileInclusionLFIRFI"
  ],
  "types": "null",
  "apiCollectionIds": "null",
  "skip": 0,
  "sort": "null",
  "ips": [
    "35.191.238.163:646"
  ],
  "latestAttack": "null",
  "urls": [
    "/.env"
  ],
  "total": 0,
  "sampleData": "null",
  "maliciousEvents": "null",
  "limit": 50,
  "endTimestamp": 0,
  "startTimestamp": 0
}

api/getThreatActivityTimeline

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1757442599

startTsinteger · int32RequiredExample: 1756837800

Responses

200

description

application/json

post

/api/getThreatActivityTimeline

POST /api/getThreatActivityTimeline HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "endTs": 1757442599,
  "startTs": 1756837800
}

200

description

{}

api/fetchAggregateMaliciousRequests

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

actorstringRequiredExample: 51.159.103.236

filterIdstringRequiredExample: LocalFileInclusionLFIRFI

refIdstringRequiredExample: b302ed4c-a376-4cfe-9bcf-e566577afcf1

eventTypestringRequiredExample: SINGLE

Responses

200

description

application/json

post

/api/fetchAggregateMaliciousRequests

POST /api/fetchAggregateMaliciousRequests HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 132

{
  "actor": "51.159.103.236",
  "filterId": "LocalFileInclusionLFIRFI",
  "refId": "b302ed4c-a376-4cfe-9bcf-e566577afcf1",
  "eventType": "SINGLE"
}

200

description

{
  "country": "null",
  "splunkUrl": "null",
  "skip": 0,
  "startTs": 0,
  "sort": "null",
  "eventType": "SINGLE",
  "splunkToken": "null",
  "actorsCountPerCounty": "SUCCESS",
  "actorsCountPerCountry": "null",
  "actor": "51.159.103.236",
  "filterId": "LocalFileInclusionLFIRFI",
  "latestAttack": "null",
  "actors": "null",
  "total": 0,
  "actorId": "null",
  "endTs": 1757403774,
  "maliciousPayloadsResponses": [
    {
      "metadata": "{\n  \"countryCode\": \"FR\"\n}",
      "orig": "{\"method\":\"GET\",\"requestPayload\":\"\",\"responsePayload\":\"<!--\\n  ~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.\\n  ~ SPDX-License-Identifier: MIT\\n  --><!DOCTYPE html><html lang=\\\"en\\\"><head>\\n  <meta charset=\\\"utf-8\\\">\\n  <title>OWASP Juice Shop</title>\\n  <meta name=\\\"description\\\" content=\\\"Probably the most modern and sophisticated insecure web application\\\">\\n  <meta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=1\\\">\\n  <link id=\\\"favicon\\\" rel=\\\"icon\\\" type=\\\"image/x-icon\\\" href=\\\"assets/public/favicon_js.ico\\\">\\n  <link rel=\\\"stylesheet\\\" type=\\\"text/css\\\" href=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\\\">\\n  <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\\\"></script>\\n  <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\\\"></script>\\n  <script>\\n    window.addEventListener(\\\"load\\\", function(){\\n      window.cookieconsent.initialise({\\n        \\\"palette\\\": {\\n          \\\"popup\\\": { \\\"background\\\": \\\"#546e7a\\\", \\\"text\\\": \\\"#ffffff\\\" },\\n          \\\"button\\\": { \\\"background\\\": \\\"#558b2f\\\", \\\"text\\\": \\\"#ffffff\\\" }\\n        },\\n        \\\"theme\\\": \\\"classic\\\",\\n        \\\"position\\\": \\\"bottom-right\\\",\\n        \\\"content\\\": { \\\"message\\\": \\\"This website uses fruit cookies to ensure you get the juiciest tracking experience.\\\", \\\"dismiss\\\": \\\"Me want it!\\\", \\\"link\\\": \\\"But me wait!\\\", \\\"href\\\": \\\"https://www.youtube.com/watch?v=9PnbKL3wuH4\\\" }\\n      })});\\n  </script>\\n<style>.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@charset \\\"UTF-8\\\";@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\" media=\\\"print\\\" onload=\\\"this.media='all'\\\"><noscript><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\"></noscript></head>\\n<body class=\\\"mat-app-background bluegrey-lightgreen-theme\\\">\\n  <app-root></app-root>\\n<script src=\\\"runtime.js\\\" type=\\\"module\\\"></script><script src=\\\"polyfills.js\\\" type=\\\"module\\\"></script><script src=\\\"vendor.js\\\" type=\\\"module\\\"></script><script src=\\\"main.js\\\" type=\\\"module\\\"></script>\\n\\n</body></html>\",\"ip\":\"51.159.103.236\",\"destIp\":\"\",\"source\":\"OTHER\",\"type\":\"HTTP/1.1\",\"akto_vxlan_id\":\"0\",\"path\":\"/admin/config.php\",\"requestHeaders\":\"{\\\"x-forwarded-proto\\\":\\\"http\\\",\\\"x-cloud-trace-context\\\":\\\"31cd91249987ee62693548ac0036287b/8654995890002032028\\\",\\\"host\\\":\\\"34.54.187.118\\\",\\\"x-forwarded-for\\\":\\\"51.159.103.236,34.54.187.118\\\",\\\"accept\\\":\\\"*/*\\\",\\\"user-agent\\\":\\\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\\\",\\\"via\\\":\\\"1.1 google\\\"}\",\"responseHeaders\":\"{\\\"date\\\":\\\"Mon, 04 Aug 2025 15:33:35 GMT\\\",\\\"content-length\\\":\\\"1987\\\",\\\"vary\\\":\\\"Accept-Encoding\\\",\\\"x-frame-options\\\":\\\"SAMEORIGIN\\\",\\\"feature-policy\\\":\\\"payment 'self'\\\",\\\"access-control-allow-origin\\\":\\\"*\\\",\\\"last-modified\\\":\\\"Mon, 21 Jul 2025 02:45:27 GMT\\\",\\\"keep-alive\\\":\\\"timeout=5\\\",\\\"x-content-type-options\\\":\\\"nosniff\\\",\\\"x-recruiting\\\":\\\"/#/jobs\\\",\\\"connection\\\":\\\"keep-alive\\\",\\\"content-type\\\":\\\"text/html; charset=UTF-8\\\",\\\"etag\\\":\\\"W/\\\\\\\"7c3-1982adf3355\\\\\\\"\\\",\\\"accept-ranges\\\":\\\"bytes\\\",\\\"cache-control\\\":\\\"public, max-age=0\\\"}\",\"time\":1754321618,\"akto_account_id\":\"1000000\",\"statusCode\":200,\"status\":\"200 OK\"}",
      "ts": 1754321618
    }
  ],
  "refId": "b302ed4c-a376-4cfe-9bcf-e566577afcf1",
  "status": "null",
  "actorIp": "null"
}

api/fetchCountBySeverity

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1757442599

startTsinteger · int32RequiredExample: 1752172200

Responses

200

description

application/json

post

/api/fetchCountBySeverity

POST /api/fetchCountBySeverity HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "endTs": 1757442599,
  "startTs": 1752172200
}

200

description

{
  "categoryCounts": [
    {
      "subCategory": "HIGH",
      "count": 13089,
      "category": ""
    }
  ]
}

api/fetchRemediationInfo

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

testIdstringRequiredExample: LocalFileInclusionLFIRFI

Responses

200

description

application/json

post

/api/fetchRemediationInfo

POST /api/fetchRemediationInfo HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "testId": "LocalFileInclusionLFIRFI"
}

200

description

{}

api/fetchThreatApis

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

skipinteger · int32RequiredExample: 0

Responses

200

description

application/json

post

/api/fetchThreatApis

POST /api/fetchThreatApis HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "skip": 0,
  "sort": {
    "discoveredAt": -1
  }
}

200

description

{
  "total": 627,
  "threatActivityTimeline": "SUCCESS",
  "apis": [
    {
      "method": "HEAD",
      "requestsCount": 1,
      "actorsCount": 1,
      "api": "/.chef/config.rb",
      "discoveredAt": 1753476092
    }
  ],
  "dailyThreatActorsCount": "SUCCESS",
  "endTs": 0,
  "skip": 0,
  "startTs": 0,
  "sort": {
    "discoveredAt": -1
  },
  "actorsCounts": "null",
  "categoryCounts": "null"
}

api/fetchThreatCategoryCount

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1757442599

startTsinteger · int32RequiredExample: 1752172200

Responses

200

description

application/json

post

/api/fetchThreatCategoryCount

POST /api/fetchThreatCategoryCount HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "endTs": 1757442599,
  "startTs": 1752172200
}

200

description

{
  "categoryCounts": [
    {
      "subCategory": "NOSQL_INJECTION",
      "count": 1,
      "category": "NOSQL_INJECTION"
    }
  ]
}

api/fetchFilterYamlTemplate

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

objectOptional

Responses

200

description

application/json

post

/api/fetchFilterYamlTemplate

POST /api/fetchFilterYamlTemplate HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

description

{
  "templates": [
    {
      "createdAt": 1751743962,
      "author": "AKTO",
      "id": "IPCIDRAlertFilter",
      "content": "id: High4XXAlertFilter\nfilter:\n  response_code:\n    gte: 400\n    lt: 500\n\ninfo:\n  name: \"High4XXAlertFilter\"\n  description: \"The High4XXAlertFilter vulnerability in API threat protection at runtime occurs when security systems generate excessive alerts for 4XX response codes, potentially leading to alert fatigue and missed critical threats. Attackers can exploit this by flooding APIs with benign 4XX errors, masking real attacks in the noise. Proper rate limiting, anomaly detection, and intelligent alert filtering can help mitigate this risk.\"\n  details: \"The High4XXAlertFilter vulnerability affects API threat protection by overwhelming monitoring systems with excessive 4XX errors, making it harder to detect real threats. Attackers can abuse this by triggering numerous client-side errors (e.g., 401, 403, 404) to drown out malicious activity. Effective mitigation involves adaptive alerting, contextual analysis, and filtering noise from genuine security incidents.\"\n  impact: \"The High4XXAlertFilter vulnerability can lead to alert fatigue, causing security teams to overlook real threats hidden within a flood of 4XX errors. This increases the risk of undetected attacks, such as credential stuffing, API enumeration, or token abuse. It can also degrade API performance and overwhelm logging systems, impacting overall security visibility.\"\n  category:\n    name: \"RL\"\n    displayName: \"RL\"\n  subCategory: \"RL\"\n  severity: MEDIUM\n\naggregation_rules:\n  - rule:\n      name: \"Rule 1\"\n      condition:\n        matchCount: 50 \n        windowThreshold: 5\n  - rule:\n      name: \"Rule 2\"\n      condition:\n        matchCount: 100 \n        windowThreshold: 10\n\n",
      "info": {
        "severity": "HIGH",
        "subCategory": "NOSQL_INJECTION",
        "references": "null",
        "impact": "Exploiting security misconfigurations can lead to unauthorized access, data breaches, or full system compromise. Attackers may gain access to sensitive data, escalate privileges, or disrupt operations, causing financial loss, reputational damage, or regulatory penalties.",
        "description": "The High4XXAlertFilter vulnerability in API threat protection at runtime occurs when security systems generate excessive alerts for 4XX response codes, potentially leading to alert fatigue and missed critical threats. Attackers can exploit this by flooding APIs with benign 4XX errors, masking real attacks in the noise. Proper rate limiting, anomaly detection, and intelligent alert filtering can help mitigate this risk.",
        "tags": "null",
        "cwe": "null",
        "remediation": "null",
        "cve": "null",
        "compliance": "null",
        "name": "IPCIDRAlertFilter",
        "details": "XSS in API threat protection at runtime focuses on detecting and preventing malicious script injections in API requests and responses. Attackers exploit insufficient input validation to execute scripts, leading to data leaks or account compromise. Mitigation involves sanitizing inputs, enforcing strict content security policies, and using runtime monitoring to detect anomalies and block malicious payloads.",
        "category": {
          "displayName": "NOSQL_INJECTION",
          "name": "NOSQL_INJECTION",
          "shortName": "null"
        }
      },
      "updatedAt": 1751743962
    }
  ],
  "content": "null"
}

api/fetchFiltersForThreatActors

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

objectOptional

Responses

200

description

application/json

post

/api/fetchFiltersForThreatActors

POST /api/fetchFiltersForThreatActors HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

description

{
  "country": [
    ""
  ],
  "splunkUrl": "null",
  "startTs": 0,
  "skip": 0,
  "eventType": "null",
  "actorsCountPerCounty": "SUCCESS",
  "splunkToken": "null",
  "sort": "null",
  "actorsCountPerCountry": "null",
  "actor": "null",
  "filterId": "null",
  "latestAttack": [
    "LocalFileInclusionLFIRFI"
  ],
  "actors": "null",
  "total": 0,
  "actorId": [
    "42.232.235.138"
  ],
  "endTs": 1757403696,
  "maliciousPayloadsResponses": "null",
  "refId": "null",
  "actorIp": "null",
  "status": "null"
}

api/getDailyThreatActorsCount

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1757442599

startTsinteger · int32RequiredExample: 1756837800

Responses

200

description

application/json

post

/api/getDailyThreatActorsCount

POST /api/getDailyThreatActorsCount HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "endTs": 1757442599,
  "startTs": 1756837800
}

200

description

{}

api/getActorsCountPerCounty

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY

Body

endTsinteger · int32RequiredExample: 1757442599

startTsinteger · int32RequiredExample: 1756837800

Responses

200

description

application/json

post

/api/getActorsCountPerCounty

POST /api/getActorsCountPerCounty HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "endTs": 1757442599,
  "startTs": 1756837800
}

200

description

{}

PreviousThreat Protection NextModify Data

Last updated 4 months ago

Was this helpful?

hashtagapi/fetchSuspectSampleData

hashtagapi/fetchThreatActors

hashtagapi/fetchFiltersThreatTable

hashtagapi/getThreatActivityTimeline

hashtagapi/fetchAggregateMaliciousRequests

hashtagapi/fetchCountBySeverity

hashtagapi/fetchRemediationInfo

hashtagapi/fetchThreatApis

hashtagapi/fetchThreatCategoryCount

hashtagapi/fetchFilterYamlTemplate

hashtagapi/fetchFiltersForThreatActors

hashtagapi/getDailyThreatActorsCount

hashtagapi/getActorsCountPerCounty

api/fetchSuspectSampleData

api/fetchThreatActors

api/fetchFiltersThreatTable

api/getThreatActivityTimeline

api/fetchAggregateMaliciousRequests

api/fetchCountBySeverity

api/fetchRemediationInfo

api/fetchThreatApis

api/fetchThreatCategoryCount

api/fetchFilterYamlTemplate

api/fetchFiltersForThreatActors

api/getDailyThreatActorsCount

api/getActorsCountPerCounty