API Findings Tab

On the Business Transactions page, you can view the API Findings tab, which displays:

NameDescription
Panoptica Findings These findings are the vulnerabilities associated with the API. The type of Panoptica Findings you can find include:
  • Security configuration
  • Open ports
  • Vulnerability
  • TLS Version
  • Missing required headers
Note: The user interface will no longer retrieve API security findings from Cisco Panoptica due to Panoptica's end-of-sale and end-of-life announcement. Existing API security findings will remain but won't be updated. In other words:
  • If you update your services with any new APIs, will no longer be able to retrieve API security findings from Cisco Panoptica for those new APIs after the Cisco Panoptica end-of-life date, but will continue to display existing API security findings.
  • The business risk score will not include any new API security findings.
Category The category that the enlisted weakness, or vulnerability belongs to. For example, DNS, Network, etc.
Severity The severity level of the API Security Findings, which can have a status of:
  • Critical
  • High
  • Medium
  • Low
  • Unclassified
API Name The API name, usually a fully qualified domain name (FQDN). This can be logical, or can correspond to one of the endpoints where the API is reachable. For example, api.webex.com.
Tier The tier name from in the business transaction chain that is making the API calls.

To view more information of each category associated with an API, go the Details section of the Panoptica Finding, then go to Show X Occurrences.

Here is an example of the Occurrences with a Network category:

  • Assets: The IP address associated with the API.
  • Description: The description of the security findings associated with the API.
  • Module: The module that contributes to the security findings such as categorization and severity of the API.