Distil Portal Walkthrough – Bot Defense for Web & Mobile App APIs

July 10, 2017
Distil’s Bot Defense for API prevents bots from accessing API servers, whether it be through a publicly-facing website or mobile app. This video walks you through the Bot Defense for API configuration features and reports available in the Distil Portal. Use the API URL dashboard as a handy way to locate and manage various API domains within your account. View a graphical representation of traffic across all of your managed API domains—including good requests, bad requests, and total requests. Click Add API URL to quickly add and configure a new API URL to be protected by Distil. The Identity Provider to set the type of traffic allowed to access the API. All allows both web security traffic and mobile SDK traffic types. Web Security allows only requests having a web security token. Does not allow requests having a mobile SDK token. Mobile SDK allows only requests having a mobile SDK token. Does not allow requests having a web security token. Set a specific traffic date range highlighted on the API Domains dashboard using the Date Filter. If an API URL has multiple paths, click the number in the Path column to access extensive reports and settings for your protected API URLs. The settings page provides a series of simplified options to let you configure more granular detection. Click Edit Settings by Path to edit settings by specific API URL paths—including policies for automated threats, rate limiting, and mobile. Use the path table to manage your content protection settings, including: The specific path configured for the content protection setting. The path match type (either Contains or Pattern). And the path priority in relation to other configured paths. You can re-order the priority by manually changing the number, or clicking Edit and re-arranging the order. Ready to add an API URL path? Click + Add an API URL. Enter the path you are configuring. Select a Match Type. Pattern Match applies the content protection setting to any path matching the Lua pattern entered in the Path field (above). Contains applies the content protection setting to any path containing the string entered in the Path field. Then, configure the path content protection settings, where applicable. In the Automated Threats policy, set the automated response triggered if a request is either missing a Distil identifier (either web or mobile SDK), or has an improper Distil identifier. Also, set the response triggered when a request is made from a known threat which has already been detected across our network, including a mix of known violators, data centers, identities, aggregator user agents, and automated browsers. In the Rate Limiting policy, set the max number of requests per minute and requests per session as well as the automated response Distil takes if a user bypasses the threshold. The Mobile policy is specifically related to requests made using a mobile app built with the Distil SDK. Set the automated response Distil takes if a request is made using a bad client, such as an emulator, simulator, rooted or jailbroken device, or an automation tool. Also set the response if a request is made using an invalid or expired token. Similar to Distil’s Bot Defense for Web reports, API Security reports provide integral information about the traffic and actions protecting your APIs. Traffic Analysis lets you view your API requests and take additional action on offending violators. Total Daily Requests provides a graphical representation of all API request traffic for a path and specific date range, including good requests, bad or malicious requests, and the total number of requests. Use the top filter menu to drill down to a specific API path and focus on a given date range. And view more request information, such as the paths being hit by malicious requests, the top IPs with malicious requests, and the top violations for all requests accessing your API domain. Click Show All or select a record from any of these graphs to drill even deeper into the Bot report. Using the Bot report, you can filter your API traffic even further by: Isolating the data for a specific path, setting a specific date range for the data, and searching for a specific data point. For more information, check out www.distilnetworks.com
Previous Video
Bot Defense for API & Mobile Apps
Bot Defense for API & Mobile Apps

This video explores Distil Networks' two latest protection products: Bot Defense for API and Bot Defense fo...

Next Video
Interview6
Interview6