Salt Security · Schema
Salt Security API Attack
An API attack event detected and analyzed by the Salt Security threat protection engine.
API SecurityAIAPI DiscoveryPosture GovernanceThreat ProtectionSecurity
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the attack event |
| attack_type | string | Type of API attack detected |
| severity | string | Severity level of the attack |
| status | string | Current status of the attack |
| source_ip | string | Source IP address of the attacker |
| target_endpoint | string | API endpoint being attacked |
| target_api_id | string | ID of the API being attacked |
| attack_signature | string | Pattern or signature that identified this as an attack |
| request_count | integer | Number of malicious requests in this attack |
| affected_users | array | User IDs or identifiers affected by this attack |
| data_exposed | boolean | Whether sensitive data was potentially exposed |
| mitigation_actions | array | |
| remediation | object | |
| detected_at | string | Timestamp when attack was first detected |
| resolved_at | string | Timestamp when attack was resolved |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://api-evangelist.github.io/salt-security/json-schema/salt-security-attack-schema.json",
"title": "Salt Security API Attack",
"description": "An API attack event detected and analyzed by the Salt Security threat protection engine.",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the attack event"
},
"attack_type": {
"type": "string",
"description": "Type of API attack detected",
"enum": [
"BOLA",
"BFLA",
"Injection",
"Authentication Bypass",
"Credential Stuffing",
"Account Takeover",
"Excessive Data Exposure",
"Mass Assignment",
"Rate Limiting Bypass",
"Shadow Parameter Exploitation",
"Unknown"
]
},
"severity": {
"type": "string",
"description": "Severity level of the attack",
"enum": ["critical", "high", "medium", "low"]
},
"status": {
"type": "string",
"description": "Current status of the attack",
"enum": ["active", "blocked", "resolved", "investigating"]
},
"source_ip": {
"type": "string",
"description": "Source IP address of the attacker"
},
"target_endpoint": {
"type": "string",
"description": "API endpoint being attacked"
},
"target_api_id": {
"type": "string",
"description": "ID of the API being attacked"
},
"attack_signature": {
"type": "string",
"description": "Pattern or signature that identified this as an attack"
},
"request_count": {
"type": "integer",
"description": "Number of malicious requests in this attack"
},
"affected_users": {
"type": "array",
"items": {
"type": "string"
},
"description": "User IDs or identifiers affected by this attack"
},
"data_exposed": {
"type": "boolean",
"description": "Whether sensitive data was potentially exposed"
},
"mitigation_actions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"action": {
"type": "string",
"description": "Mitigation action taken (e.g., block, alert, rate-limit)"
},
"timestamp": {
"type": "string",
"format": "date-time"
}
}
}
},
"remediation": {
"type": "object",
"properties": {
"recommendation": {
"type": "string",
"description": "Developer-friendly remediation recommendation"
},
"cwe": {
"type": "string",
"description": "Related CWE identifier"
},
"owasp": {
"type": "string",
"description": "Related OWASP API Security Top 10 category"
}
}
},
"detected_at": {
"type": "string",
"format": "date-time",
"description": "Timestamp when attack was first detected"
},
"resolved_at": {
"type": "string",
"format": "date-time",
"description": "Timestamp when attack was resolved"
}
},
"required": ["id", "attack_type", "severity", "target_endpoint"],
"additionalProperties": false
}