The Cequence Unified API Protection (UAP) platform 8.5 release introduces a comprehensive reporting framework alongside targeted improvements to mitigation controls, rule and policy management, and transaction visibility. This release strengthens operational oversight by enabling security teams to generate and schedule structured reports, fine-tune automated mitigation behavior, and manage policies more efficiently across the platform.
This release features a full end-to-end reporting capability built on Airflow-driven workflows and Elasticsearch aggregations. Teams can generate reports on demand or on a schedule across three predefined templates, export results as downloadable PDFs, and control access through role-based permissions. Report configurations and generation events are captured in audit logs.
Mitigation controls receive targeted enhancements in this release, including toggle dials for confidence-based auto mitigation thresholds and UI support for modifying Traffic-based Entity Behavior Analytics (TEBA) rule thresholds directly from the interface. Policy management workflows gain bulk deletion and undo capabilities, reducing the risk of accidental changes. Transaction screen improvements include CSV export for mitigated transactions and persistent column preferences.
Reporting
The Cequence UAP platform 8.5 release introduces a reporting framework that enables security teams to configure, generate, and download structured security reports. Three predefined report templates are available: Bot Protection Summary, Application Bot Summary, and Executive Summary. Reports support custom date ranges, app tag filtering, role-based access control, and audit logging. Generated reports can be exported as downloadable PDFs and ZIP archives directly from the UI.
Mitigation and policy controls
New toggle dials enable security operators to enable or disable confidence-based auto mitigation thresholds without navigating to backend configuration. UI support for modifying TEBA rule thresholds enables fine-tuning of detection sensitivity directly from the interface. Twelve system policies are now deployed automatically on platform startup through elasticsearch-init. The mitigation policy action field now accepts any value following general availability.
Rule and policy management
Two workflow improvements reduce the risk of accidental changes to rules and policies. A multi-delete capability enables bulk removal of rules and policies in a single operation. An undo capability for prior run operations enables recovery from unintended changes.
Transaction and detection enhancements
The transaction screen gains the ability to export mitigated transactions as CSV files. Column layout choices and resizing preferences are now stored in user preferences and persist across sessions.
Infrastructure and platform
NetworkIQ CIDR label lookup performance is optimized for faster IP address intelligence lookups. Kafka connectors receive Elasticsearch write method updates for more reliable data pipeline operations. Handling is added for 404 responses on endpoint classification downloads.
Known issues
CEQASP-11329: The Bot Protection Summary report does not include the Challenge action type. This issue will be addressed in a subsequent release.
Fixed issues
Release 8.5.1
CEQASP-11077: Processed count values now correctly reflect analyzed count values.
CEQASP-11224: Elasticsearch backup failures are now surfaced with an error rather than failing silently.
Release 8.5.0
CEQASP-7756: The reporting page is now available in the UI.
CEQASP-8893: The Application Bot Summary predefined report template is now available.
CEQASP-8894: The Executive Summary predefined report template is now available.
CEQASP-9051: Threat classification is now preserved when navigating to the mitigation page.
CEQASP-9067: Rules that produce parsing errors are now skipped rather than preventing policy processing.
CEQASP-9364: The API for report configurations now supports full create, read, update, and delete operations.
CEQASP-9372: On-demand report generation is now available.
CEQASP-9509: The API for generated reports now supports full create, read, update, and delete operations.
CEQASP-9566: The API for Bot Summary Report metrics is now available in Traffic Metrics.
CEQASP-9718: Fingerprint label average confidence values are now calculated and displayed correctly.
CEQASP-9764: Mitigated transactions can now be exported as CSV files.
CEQASP-9766: Transaction screen column choices and resizing preferences are now stored in user preferences and persist across sessions.
CEQASP-9933: Service account configuration for Helm chart deployments is corrected.
CEQASP-9968: Aggregation document queries now satisfy the data points required for report metrics.
CEQASP-9970: 404 responses on endpoint classification downloads are now handled correctly.
CEQASP-9994: Integration executor consumers are kept active, restoring reliable data export behavior.
CEQASP-10003: Audit logging is now enabled for report configuration operations and on-demand report generation.
CEQASP-10021: Failed report generation now displays an error message in the UI.
CEQASP-10053: Role-based permissions for report generation are now enforced.
CEQASP-10070: Additional time range options and custom date selection are now available in the reporting UI.
CEQASP-10178: The Detection report template is now available.
CEQASP-10203: The action field for mitigation policies now accepts any value following general availability.
CEQASP-10222: DAG deployment now uses Git sync branches rather than ConfigMaps.
CEQASP-10250: Out-of-box system dynamic fingerprint algorithms are now generated and updated through elasticsearch-init.
CEQASP-10307: The Bot Summary and Product Summary reports are now combined into a single report.
CEQASP-10432: Dynamic fingerprint data now appears correctly in the mitigation dashboard list view.
CEQASP-10480: Several minor UI issues are resolved.
CEQASP-10506: Adding an IP address to an existing policy from the Detection page action now works correctly.
CEQASP-10597: The HTTP CONNECT method is now supported in the pipeline.
CEQASP-10623: Toggle dials for confidence-based auto mitigation thresholds are now available in the UI.
CEQASP-10672: The Status filter on the Traffic Sources page no longer displays a count when single-select behavior is in effect.
CEQASP-10695: Disabling a policy from the Edit policy option now displays a warning message before the change is applied.
CEQASP-10708: TEBA rule thresholds can now be modified directly from the UI.
CEQASP-10711: Current and previous value comparisons now display correctly.
CEQASP-10717: Twelve system policies are now deployed automatically on platform startup through elasticsearch-init.
CEQASP-10722: Last seen user preferences in the mitigation dashboard now function as expected.
CEQASP-10732: Creating a custom algorithm now generates a single audit log entry rather than two.
CEQASP-10736: Disabling a dynamic fingerprint algorithm whose system pivot variable is referenced by aggregate pivots now produces an error.
CEQASP-10743: Backup restore operations no longer overwrite component configuration.
CEQASP-10760: An undo capability for prior run operations is now available.
CEQASP-10761: Multiple rules and policies can now be deleted in a single operation.
CEQASP-10764: NetworkIQ CIDR label lookup performance is improved for faster IP address intelligence queries.
CEQASP-10769: A white screen condition that occurred when editing WAF policy mitigator criteria on the mitigation policies page is resolved.
CEQASP-10787: Ordering audit log entries by time now functions correctly.
CEQASP-10910: A blank or empty host entry in the UI no longer causes a white screen on click.
CEQASP-10920: AI review findings and corrections across feature branches are addressed.
CEQASP-10929: The User Agent and Referrer columns are now visible in the Transaction Detection screen table.
CEQASP-10944: Empty request header criteria rows in mitigation policies are no longer saved or sent to the Policy Engine.
CEQASP-10963: All relevant fields are now visible in the row details panel of the Transaction Mitigation screen.
CEQASP-10968: Component configuration now starts and becomes ready more quickly.
CEQASP-11013: The Client Name field for Executive Summary reports is enhanced to support longer values.
CEQASP-11015: The label on page 2 of the Executive Summary report is updated to read "Active API Endpoints."
CEQASP-11062: A missing leading slash in the _cat/indices request that prevented the Policy Engine from starting when using external Elasticsearch through an nginx ingress is corrected.
CEQASP-11063: A startup condition that caused the Policy Engine to enter a CrashLoopBackOff state when Elasticsearch certificate verification was disabled is resolved.
CEQASP-11075: The reporting UI now displays a single tag for include and exclude tag fields, with remaining tags shown as a count.
CEQASP-11076: Download support for generated Executive Summary reports is now available.
CEQASP-11088: Filter synchronization between the Transaction screen and the Detection Dashboard is corrected.
CEQASP-11158: The Country field no longer appears twice in the Other Fields section of the Transaction Mitigation screen.
CEQASP-11160: The Save button is now disabled when editing system-created Bot Mitigation or WAF policies.
CEQASP-11165: The config-mitigator-module is excluded from backup restore operations.
CEQASP-11266: Attack Feature Detection can now be launched directly from the Detection page.
CEQASP-11339: Kafka connector Elasticsearch write methods are updated for more reliable data pipeline operations.
CEQASP-11352: The Documentation button on the Threat Protection Rules screen now functions correctly.