Akto WebsiteStart freeBook a demoDiscordGitHub

Modify Data

API
Description

POST /api/modifyThreatActorStatus

Update the status of a threat actor (e.g., mark as active, inactive, or mitigated).

POST /api/saveFilterYamlTemplate

Save a custom filter YAML template for reuse in threat or issue analysis.

api/modifyThreatActorStatus

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY
Body
actorIpstringRequiredExample: 145.239.154.84
statusstringRequiredExample: blocked
Responses
200

description

application/json
post
POST /api/modifyThreatActorStatus HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 47

{
  "actorIp": "145.239.154.84",
  "status": "blocked"
}
200

description

{
  "country": "null",
  "splunkUrl": "null",
  "startTs": 0,
  "skip": 0,
  "eventType": "null",
  "splunkToken": "null",
  "sort": "null",
  "actorsCountPerCounty": "SUCCESS",
  "actorsCountPerCountry": "null",
  "actor": "null",
  "filterId": "null",
  "latestAttack": "null",
  "actors": "null",
  "total": 0,
  "actorId": "null",
  "endTs": 1757403731,
  "maliciousPayloadsResponses": "null",
  "refId": "null",
  "actorIp": "145.239.154.84",
  "status": "blocked"
}

api/saveFilterYamlTemplate

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APIs > Generate token

Example: API_KEY
Body
contentstringRequiredExample: id: LocalFileInclusionLFIRFI filter: or: - request_payload: regex: - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\.\.(?:/|\\|%2F|%5C))+\.?|(?:/|\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\.ini)|php://(?:filter|input)|(?:/|\\|%2F|%5C)\w+\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9]) - request_headers: regex: - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\.\.(?:/|\\|%2F|%5C))+\.?|(?:/|\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\.ini)|php://(?:filter|input)|(?:/|\\|%2F|%5C)\w+\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9]) - url: regex: - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\.\.(?:/|\\|%2F|%5C))+\.?|(?:/|\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\.ini)|php://(?:filter|input)|(?:/|\\|%2F|%5C)\w+\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9]) info: name: "LocalFileInclusionRFI_1" description: "Local File Inclusion (LFI) and Remote File Inclusion (RFI) are critical API threats that allow attackers to access or execute unauthorized files on a server. LFI exploits occur when APIs improperly handle user input, leading to the inclusion of sensitive local files, such as `/etc/passwd`. RFI extends this risk by allowing external malicious files to be executed, often resulting in remote code execution. Runtime API threat protection involves strict input validation, disabling dynamic file inclusion, and enforcing allowlists to prevent exploitation." details: "LFI and RFI vulnerabilities arise when APIs improperly process user-supplied file paths, allowing attackers to access sensitive local files (LFI) or execute remote malicious scripts (RFI). This can lead to data breaches, privilege escalation, or full server compromise. Effective runtime protection includes input sanitization, restricting file access permissions, and using allowlists to prevent unauthorized file inclusion." impact: "LFI and RFI attacks can lead to unauthorized access to sensitive files, leakage of credentials, and remote code execution. Attackers can exploit these vulnerabilities to escalate privileges, gain control over the server, or deploy malware. This can result in data breaches, system compromise, and severe business disruptions." category: name: "LFI_RFI" displayName: "LFI_RFI" subCategory: "LFI_RFI" severity: HIGH
Responses
200

description

application/json
post
POST /api/saveFilterYamlTemplate HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2405

{
  "content": "id: LocalFileInclusionLFIRFI\nfilter:\n  or:\n    - request_payload:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n    - request_headers:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n    - url:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n\ninfo:\n  name: \"LocalFileInclusionRFI_1\"\n  description: \"Local File Inclusion (LFI) and Remote File Inclusion (RFI) are critical API threats that allow attackers to access or execute unauthorized files on a server. LFI exploits occur when APIs improperly handle user input, leading to the inclusion of sensitive local files, such as `/etc/passwd`. RFI extends this risk by allowing external malicious files to be executed, often resulting in remote code execution. Runtime API threat protection involves strict input validation, disabling dynamic file inclusion, and enforcing allowlists to prevent exploitation.\"\n  details: \"LFI and RFI vulnerabilities arise when APIs improperly process user-supplied file paths, allowing attackers to access sensitive local files (LFI) or execute remote malicious scripts (RFI). This can lead to data breaches, privilege escalation, or full server compromise. Effective runtime protection includes input sanitization, restricting file access permissions, and using allowlists to prevent unauthorized file inclusion.\"\n  impact: \"LFI and RFI attacks can lead to unauthorized access to sensitive files, leakage of credentials, and remote code execution. Attackers can exploit these vulnerabilities to escalate privileges, gain control over the server, or deploy malware. This can result in data breaches, system compromise, and severe business disruptions.\"\n  category:\n    name: \"LFI_RFI\"\n    displayName: \"LFI_RFI\"\n  subCategory: \"LFI_RFI\"\n  severity: HIGH\n"
}
200

description

{
  "templates": "null",
  "content": "id: LocalFileInclusionLFIRFI\nfilter:\n  or:\n    - request_payload:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n    - request_headers:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n    - url:\n        regex:\n          - (?i)(?:^|[^a-zA-Z0-9])(?:(?:\\.\\.(?:/|\\\\|%2F|%5C))+\\.?|(?:/|\\\\|%2F|%5C)(?:etc/passwd|proc/self/environ|windows/system\\.ini)|php://(?:filter|input)|(?:/|\\\\|%2F|%5C)\\w+\\.(?:php|conf|ini|log)(?:%00)?)(?:$|[^a-zA-Z0-9])\n\ninfo:\n  name: \"LocalFileInclusionRFI_1\"\n  description: \"Local File Inclusion (LFI) and Remote File Inclusion (RFI) are critical API threats that allow attackers to access or execute unauthorized files on a server. LFI exploits occur when APIs improperly handle user input, leading to the inclusion of sensitive local files, such as `/etc/passwd`. RFI extends this risk by allowing external malicious files to be executed, often resulting in remote code execution. Runtime API threat protection involves strict input validation, disabling dynamic file inclusion, and enforcing allowlists to prevent exploitation.\"\n  details: \"LFI and RFI vulnerabilities arise when APIs improperly process user-supplied file paths, allowing attackers to access sensitive local files (LFI) or execute remote malicious scripts (RFI). This can lead to data breaches, privilege escalation, or full server compromise. Effective runtime protection includes input sanitization, restricting file access permissions, and using allowlists to prevent unauthorized file inclusion.\"\n  impact: \"LFI and RFI attacks can lead to unauthorized access to sensitive files, leakage of credentials, and remote code execution. Attackers can exploit these vulnerabilities to escalate privileges, gain control over the server, or deploy malware. This can result in data breaches, system compromise, and severe business disruptions.\"\n  category:\n    name: \"LFI_RFI\"\n    displayName: \"LFI_RFI\"\n  subCategory: \"LFI_RFI\"\n  severity: HIGH\n"
}
PreviousFetch DataNextDashboard

Last updated

Was this helpful?