/

Console

• English
• Deutsch
• Español
• Español – América Latina
• Français
• Indonesia
• Italiano
• Português
• Português – Brasil
• עברית
• 中文 – 简体
• 中文 – 繁體
• 日本語
• 한국어

Sign in

• Apigee

Start free

Security alerts

View Apigee Edge documentation.

Advanced API Security Alerts lets you create alerts for events related to API security, such as changes to your security scores or incidents of detected API abuse. You create alerts using Cloud Monitoring. You can configure an alert to send you a notification by text, email, or other channels, when the alert is triggered.

See Create metric-threshold alerting policies for more information on creating alerts and Incidents for metric-based alertings policies for information on managing generated alerts.

Required roles

To set up alerts and notification channels in Cloud Monitoring, you need to be assigned the following roles:

• roles/monitoring.alertPolicyEditor
• roles/monitoring.notificationChannelEditor

Limitations

For alerting, the following limitations apply:

• The maximum number of alerting policies is 500 for all Apigee subscription levels.
• Metrics data is stored for 6 weeks.
• Maximum time period that a metric-threshold condition evaluates is 23 hours 30 minutes.
• There can be up to a 4-minute delay from the time an event that triggers an alert occurs until the time the alert is created and a notification is sent.

See Limits for alerting for a complete list of limits for alerting.

The following sections present examples that show how to create alerts.

Example: Create an alert for a decrease in proxy security score (Risk Assessment v1)

This example creates an alert when a proxy security score falls below a specified threshold. To create the alert, do the following steps:

1. In the Google Cloud console, go to the Monitoring >Alerting > Policies > Create alerting policy page.

   Go to Create alerting policy

2. Click Select a Metric.
3. Deselect Show only active resources & metrics.

   Note: If there is no recent API traffic data in your organization, the metric in the next step won't be displayed unless this option is unselected.

4. Select a metric as follows:
   1. Select Apigee API Security Profile Environment Association.
   2. In the pane that opens to the right, select Security.
   3. In the next pane to the right, select Security score of Apigee API proxy.
   4. Click Apply.
5. (Optional) To restrict the data for the alert, say to a specified environment, you can create a filter as follows:
   1. Under Add filters > New filter, click in the Filter field and select a resource label to filter on, such as env.
   2. In the Comparator field, select a comparator, such as =.
   3. In the Value field, select a value for the resource label, such as an environment name.

   With this filter, an alert will only be triggered by data that passes the filter condition. See Filters for a list of available filters.

6. Under Transform data, in the Rolling window function field, select sum.
7. Click Next.
8. In the Configure alert trigger pane, set the following:
   • Under Condition Types, select Threshold.
   • Under Alert trigger, select Any time series violates.
   • Under Threshold position, select Below threshold.
   • In the Threshold value field, enter a threshold that triggers the alert, such as 600.
9. Click Next.
10. In the Configure notifications field, click in the Notification Channels field and select channels, such as text message or email, for the notification. If you have not configured any channels, click Manage Notification Channels and add a channel or channels.
11. Click OK.
12. In the Documentation field, enter any text that you want delivered with the notification, such as a description of what triggered the alert. For example, you could enter "A security score has fallen below 600."
13. Under Name the alert policy, enter a name for the alert policy.
14. Click Next and review the details of the alert policy.
15. If everything looks good, click Create Policy to create the alert policy.

Example: Create an alert for increase in detected abuse traffic for a detection rule

This example shows how to create an alert when the number of requests with detected abuse traffic exceeds a specified threshold for any single detection rule. To create the alert, do the following steps:

1. In the Google Cloud console, go to the Monitoring >Alerting > Policies > Create alerting policy page.

   Go to Create alerting policy

   

2. Click Select a Metric.
3. Deselect Show only active resources & metrics.

   Note: If there is no recent API traffic data in your organization, the metric in the next step won't be displayed unless this option is unselected.

4. Select a metric as follows:
   1. Select Apigee API Security Detection Rule.
   2. In the pane that opens to the right, select Security.
   3. In the next pane to the right, select Apigee API Security detected request count by rule.
   4. Click Apply.
5. (Optional) To restrict the data for the alert, say to a specified environment, you can create a filter as follows:
   1. Under Add filters > New filter, click in the Filter field and select a resource label to filter on, such as env.
   2. In the Comparator field, select a comparator, such as =.
   3. In the Value field, select a value for the resource label, such as an environment name.

   With this filter, an alert will only be triggered by data that passes the filter condition, such as data in an environment. See Filters for a list of available filters.

6. Under Transform data, in the Rolling window function field, select sum.
7. Click Next.
8. In the Configure alert trigger pane, set the following:
   • Under Condition Types, select Threshold.
   • Under Alert trigger, select Any time series violates.
   • Under Threshold position, select Above threshold.
   • In the Threshold value field, enter a threshold that triggers the alert, such as 100.
9. Click Next.
10. In the Configure notifications field, click in the Notification Channels field and select channels, such as text message or email, for the notification. If you have not configured any channels, click Manage Notification Channels and add a channel or channels.
11. Click OK.
12. In the Documentation field, enter any text that you want delivered with the notification, such as a description of what triggered the alert. For example, you could enter "Detected abuse traffic exceeded 100 for $(resource.label.env)." This uses the label $(resource.label.env), which displays the environment whose data triggered the alert.
13. Under Name the alert policy, enter a name for the alert policy.
14. Click Next and review the details of the alert policy.
15. If everything looks good, click Create Policy to create the alert policy.

Example: Create a risk assessment monitoring condition monitoring alert (Risk Assessment v2)

This example creates a new Cloud Monitoring alerting policy for a Risk Assessment monitoring condition that alerts if the security score on any of its monitored proxies falls below a certain threshold.

1. Create a monitoring condition.
2. Follow the instructions in Create a monitoring alert to create a new monitoring alert. Apigee prepopulates some fields for you when the page loads.
3. If desired, you can change settings to customize the alerting policy. Follow the guidance in Create alerting policy. You must provide a name for the alerting policy.
4. Click Create policy to save the new alerting policy.

Metrics for security alerts

The table below describes the available metrics for creating security alerts:

Filters