42Crunch API Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | 42Crunch API Protection |
| Support Tier | Partner |
| Support Link | https://42crunch.com/ |
| Categories | domains |
| Version | 2.0.3 |
| Author | 42Crunch - plugins@42crunch.com |
| First Published | 2022-09-21 |
| Solution Folder | 42Crunch API Protection |
The 42Crunch API Protection solution protects APIs by installing a microfirewall inline with the API server. Access logs from the microfirewall are emitted to Microsoft Sentinel allowing analysis and investigation of attacks.
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
apifirewall_log_1_CL 🔶 |
API Protection | Analytics, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 12 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 11 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| API - API Scraping | High | Reconnaissance, Collection | apifirewall_log_1_CL |
| API - Account Takeover | High | CredentialAccess, Discovery | apifirewall_log_1_CL |
| API - Anomaly Detection | Low | Reconnaissance | apifirewall_log_1_CL |
| API - BOLA | Medium | Exfiltration | apifirewall_log_1_CL |
| API - Invalid host access | Low | Reconnaissance | apifirewall_log_1_CL |
| API - JWT validation | Low | InitialAccess, CredentialAccess | apifirewall_log_1_CL |
| API - Kiterunner detection | Medium | Reconnaissance, Discovery | apifirewall_log_1_CL |
| API - Password Cracking | High | CredentialAccess | apifirewall_log_1_CL |
| API - Rate limiting | Low | Discovery, InitialAccess | apifirewall_log_1_CL |
| API - Rate limiting | Medium | Impact | apifirewall_log_1_CL |
| API - Suspicious Login | High | CredentialAccess, InitialAccess | apifirewall_log_1_CL |
Workbooks
| Name | Tables Used |
|---|---|
| 42CrunchAPIProtectionWorkbook | apifirewall_log_1_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 15-07-2024 | Missing Tactics and Techniques added |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊