Current release: v7.4.1
Release Highlights
The 7.4 release of the Cequence Unified API Protection (UAP) platform is generally available as of Aug 26, 2024. The key highlights of this release are listed below.
New Features
The new features in the 7.4 release require version 7.4 or newer of Cequence Bridge and 5.2.1 or newer of Cequence Defender.
Advanced filtering configuration from the web UI: You can now configure advanced filters directly from the Cequence web UI. Using advanced filtering, you can configure query parameters, request headers, or response headers to decide whether to send traffic to Cequence UAP. Filtering configuration is now based on application tags instead of host and path values.
Configure traffic sampling in the web UI: You can configure traffic sampling directly from the web UI to send just a portion of the total application traffic to Cequence UAP instead of all traffic. This is particularly useful for API discovery and inventory use cases for which all API traffic need not be analyzed in order to discover, classify and inventory APIs. Sampling configuration includes a percentage value of traffic, which can be changed at any time by a Cequence administrator. Sampling is enforced at the API endpoint level.
Order traffic filter priority in the web UI: You can reorder the priority list of traffic filters directly from the UI. Filters are evaluated by the platform in the order in which they are configured from top to bottom on the UI. You can reorder the filters to list the higher priority filters at the top followed by lower priority filters.
Sensitive data masking: Cequence now supports masking sensitive data before transmitting to the Cequence UAP platform for analysis. This is particularly useful for SaaS deployments where customers may want to configure masking of sensitive data values in API request or response payloads before sending traffic to Cequence for analysis. This configuration is also part of the filtering configuration and can be configured per application tag.
Broken Object Level Authorization (BOLA) detection: Cequence now supports out-of-the-box detection of BOLA threat activity without custom rules. This capability saves administrator time and configuration effort as the platform automatically detects enumeration activity of path or query parameters at a the API endpoint level.
Changed functionality
Filters enforced as opt-out vs opt-in: In previous releases, only traffic that matched an existing filter would get sent for analysis (opt-in) to the Cequence UAP platform. Starting with the 7.4 release, all traffic is sent from data plane components to the Cequence UAP platform (opt-out). When no existing filter configuration exists for a particular host or path, the Cequence UAP platform samples traffic automatically at a reduced rate (10% of total traffic). Users can opt in to all traffic or exclude traffic entirely by configuring a filtering configuration for relevant hosts and/or paths.
On-Premises Deployments
Package | Version | Location |
Helm Chart | 7.4.0 | https://cequence.gitlab.io/helm-charts/ |