Skip to main content
What's New

Search

Cequence UAP 7.7 release highlights

© 2024 Cequence Security. All Rights Reserved.

Cequence UAP 7.7 release highlights

  • Updated on
  • ~ minute read
Download PDF

The 7.7 release of the Cequence Unified API Protection (UAP) platform is generally available as of April 21, 2025. This release has several new features which are described below.

UX Improvements

The UX for the Cequence UAP platform has received the following notable updates to the API Risk Posture and API Inventory pages.

API Inventory UAP 7.7.pngAPI Risk Posture UAP 7.7.png

Enhanced Filtering Experience

The Inventory Settings Exposure tab has been renamed Scopes.

Added page-level sticky filters for API Hosts, App Tags, Labels, Scopes, and Auth types on the API Inventory and Risk Posture pages. These filters improve your ability to focus on specific assets while reducing navigation gestures such as scrolling or clicking. 

Issue Instance Visualization

The Risk Posture page now shows actual issue instances, rather than just issue types. This change provides a more actionable view of your API security posture with a new bar widget that replaces the previous pie chart.

Filter Count Indicators

Count indicators next to each filter option show the number of endpoints or issues that are associated with each selection, providing an overall view of your API distribution landscape.

Consistent Navigation

Filter settings persist when navigating between Risk Posture and API Inventory pages, maintaining your context as you move through different views of the API ecosystem.

Risk Details Reorganization

The new Risk Details page prioritizes affected endpoints above metadata (vectors, weaknesses, impacts), presenting actionable information first.

App Tags Enhancements

Standardized the implementation of App Tags with include and exclude functionality, giving you greater flexibility in filtering the API inventory.

Terminology Alignment

Renamed "Exposure Types" to "Scopes" throughout the platform for consistent terminology, including updates to the UI and documentation.

Executive Dashboard Integration

The Comply Widget on the Executive Dashboard now aligns with the new issue count methodology on the Risk Posture page, providing consistent metrics throughout the platform.

Enhanced Auto-Classification of APIs

The Cequence UAP platform's accuracy at classifying APIs as internal, external, or third-party has improved. Third-party API classification requires you to specify a set of domains under your control, and you must enable it explicitly after specifying such a set of domains.

You can now override an API's classification as third-party in the unlikely circumstance that an internal or external API is misclassified as third-party.

Request Count Visibility Improvements

  • Processed Requests: Total request count processed by data plane prior to sampling
  • Analyzed Requests: Total request count received by UAP platform from data plane components
  • Legitimate Requests: Request count below the configured confidence score threshold
  • Malicious Requests: Request count above the configured confidence score threshold
  • Successful Logins: Request count of requests matching successful auth expressions
  • Failed Logins: Request count of requests matching failed auth expressions
  • Mitigated Requests: Request count of requests that have been mitigated amongst the UAP-analyzed requests

Detection Tab Enhancements in Transactions Page

  • Consistent performance with Mitigated Transactions page in quick loading and pagination
  • Removed 10,000 count limit for better analysis of large datasets
  • Quick filters for defining transactions of interest
  • Export functionality for up to 1,000 transactions in CSV or XLS formats

Attack Feature Detection UI for Advanced Users

  • Run Attack Feature Detection model from the ML configuration page
  • Configurable parameters include:
    • Endpoint values
    • Fingerprints
    • Rules
    • Timeframe
  • Auto-creation of policy and rule after run (in disabled state by default)

Simplified Data Extraction Configuration

  • You can also specify a path hierarchy to enhance the configuration of your data extractions.
  • Hierarchical extraction example:
    • Global extraction setup (host:* uri:/**) applied across ALL requests
    • Host-specific extraction (host.example.com uri:/**) applied to all requests matching that host
    • Endpoint-specific extraction (host.example.com uri:/test/login) combines its own config with inherited keys from more generic data extractions
Was this article helpful?