# Analysis

The **Analysis tab** in Akto’s API Security Posture provides a prioritized list of security issues across your API ecosystem. It converts raw scan data into actionable insights by highlighting risks, affected endpoints, and recommended remediation steps.

Instead of overwhelming teams with hundreds of alerts, **Analysis organizes issues into prioritized action items (P0, P1, P2)**, helping security and development teams focus on what matters most.

<figure><img src="/files/EQBJ0D8eK9UkSqjTtJv3" alt=""><figcaption></figcaption></figure>

***

### 🔎 Key Concepts

1. **Action Items**
   * Each issue is grouped into an **action item** (e.g., “APIs returning sensitive data” or “Missing authentication methods”).
   * Action items are designed to be **team-focused** so Dev, QA, and Security teams know exactly what to fix.
2. **Priority Levels (P0, P1, P2)**
   * **P0:** Immediate attention required, high business risk.
   * **P1:** High-severity issues with significant impact.
   * **P2:** Medium or low severity issues, often best handled in bulk remediation.
3. **Details per Action Item**
   * **Description** – Explains the issue and how many APIs are impacted.
   * **Team** – Suggests which team should handle remediation.
   * **Efforts** – Estimated effort (Low/Medium/High).
   * **Why It Matters** – Explains the risk (e.g., “Violates GDPR compliance” or “Exposes sensitive data”).
4. **Drill-Down View**
   * Clicking an action item reveals **specific endpoints** affected, with details such as:
     * Endpoint & method (GET, POST, etc.)
     * Sensitive parameters detected
     * Risk score
     * Type of issue (Sensitive Data, Auth, etc.)
     * Hostname

***

### ✅ Benefits

* **Prioritization:** Focus on the highest-risk issues first.
* **Collaboration:** Clearly assign issues to Dev, QA, or Security teams.
* **Compliance Alignment:** Map risks to regulatory concerns like GDPR, PCI-DSS, HIPAA.
* **Efficiency:** Reduce noise by grouping related issues instead of surfacing duplicates.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.akto.io/api-security-posture/concepts/analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.