Traceable AI Changelog

https://www.traceable.ai/

January 2022 Product Updates

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

AWS Marketplace listing Feature Announcement 

Traceable AI is now available in the AWS marketplace for AWS users to make purchases directly or through private offers. We already have support for protecting your API’s running in different AWS services - Amazon Elastic Kubernetes Service (EKS), Elastic Container Service (ECS), or EC2 instances. For customers who are looking for agentless deployment options we also support  AWS Traffic Mirroring. 

Public API’s for Traceable Announcement 

Public API’s are now available for most functionality which is available via the Traceable UI.  

  • GraphQL API’s for consistent, predictable API you can use across all of your clients
  • Create your Protection policies, rate limiting, IP/Geo Blocking rules and more.
  • Obtain the most relevant API’s based on threats, risk score, call volume and activity
  • Obtain updates for attackers based on threat level, active and blocked security events and more


Label Management Feature 

API Endpoints and Services are important entities in API Security. Customers can now label these entities based on static attributes or dynamic attributes using Labeling rules which can match specific attributes from traces. Labels can be used to solve important use cases like - 

  • Find all API Endpoints and Services in your deployment which are impacted by Log4Shell Vulnerability 
  • Label all API endpoints and/or services which are running in an AWS VPC or Kubernetes cluster
  • Label all external API endpoints which are carrying PCI, PII or other sensitive data. 




Jira Integration Feature 

Infosec and Product Security engineers who use Traceable need to indicate to developers which API’s are vulnerable, have an increased risk due to new security events which showed up in pre-production or production deployments. With the introduction of of Jira Integration, tickets can be created based on findings in - 

  • Security Events page including details on Threat actor, specific URI, service/endpoint etc where threat event was seen 
  • Vulnerabilities page including vulnerability type, total API’s impacted by it, mitigation details etc

Vulnerability Management Improvement 

Traceable users who are taking advantage of Traceable Vulnerability detection and management will appreciate improvements in this area introduced this months.

First, two additional vulnerability types are now detected including Lack of Encryption and Incorrect Security Headers vulnerabilities.

Second, the vulnerability product area has been made much more actionable.

The users now can focus specifically on the vulnerabilities on external APIs. Summary charts are provided. Further, vulnerabilities are grouped by service, so that it is easy to use the direct Jira integration feature to assign remediation to the team, which owns the service.

Trace Explorer Flexible Search Improvement 

Traces view now supports flexible searching including regular expressions and ‘~’ operator which searches for a substring within a larger field of a Trace.

This functionality will help with advanced configuration tasks such as session identification configuration as well as with root cause analysis on detected security issues. 


Data Collection Feature 

Agentless data collection is now also supported via

  • Pod level mirroring
  • Daemonset (Node) mirroring

Revamped Documentation Improvement 

We’ve also improved our documentation in a significant way by following an information architecture that is closer to the mental model of our customers. Users can now find and get to the content they are looking for much faster.