This topic describes the compliance check and tracing and auditing features of the API security module. You can use the features to monitor the cross-border transfer of sensitive data and trace sensitive data leaks.
1. Compliance check
The compliance check feature monitors and collects statistics on API-based cross-border data transfer to check whether risks exist. This helps you understand the cross-border transfer of sensitive data in your business. You can complete the security assessment and filing of cross-border data transfer based on the statistics. On the Compliance Check tab of the API Security page, you can view the compliance check data of the protected objects for which the feature is enabled within the period from January 1, 2023 to the current time.
The feature is supported only for subscription Web Application Firewall (WAF) instances that are deployed in regions in the Chinese mainland and support the API security module.
By default, the compliance check feature is disabled. To enable the feature, go to the Policy configurations.
tab on the API Security page, find the protected object that you want to manage, and then turn on the switch in the Compliance Check column. For more information, see
Configure protected objects
After you enable the compliance check feature for protected objects, the feature analyzes the traffic of the protected objects. If you no longer want to analyze the traffic of the protected objects, you can disable the feature for the protected objects. For more information, see Policy configurations.
View compliance check results and details
The following table describes the sections on the Compliance Check tab.
Deduplication is performed on the check results.
By default, the check data in the period from January 1, 2023 to the current time is displayed. You can select Last 1 Month, Last 3 Months, Last 6 Months, and Last 12 Months to display check data in sections other than the Detection Results and Detection Items sections on the Compliance Check tab.
Section | Description |
Detection Results | Displays statistical check results within a specific period of time, including personal information data types and personal sensitive data types.
You can click Detection Configurations in the upper-right corner of the Detection Results section. In the panel that appears, you can view sensitive data types on the Built-in and Custom tabs below Personal Information Data Type and Personal Sensitive Data Type. On the Custom tab, you can click Add to add custom sensitive data types. For more information, see Sensitive Data-related Configurations. |
Detection list | Displays statistical check results in the Required Compliance, Detection Item, and Evaluation Result columns. |
Outbound Transferred Data Trend | Displays the trend of entries of sensitive personal information that is transferred across borders, trend of total personal information entries, and trend of entries of personal information that is transferred across borders within a specific period of time in a chart. |
Top Distribution for Outbound Transferred Personal Information | Displays the top 10 countries to which the most data is transferred across borders and the number of entries of personal information that is transferred to each country in the left-side part. You can adjust the high-low slider to highlight specific countries on the map. The country rankings remain unchanged after the adjustment of the slider. This section also displays the distribution of data that is transferred across borders on a world map. A darker color indicates that more data is transferred to the country.
|
Statistics on Types of Outbound Transferred Personal Information | Displays the personal information and sensitive personal information that are transferred across borders at different data volume levels as well as the evaluation results within a specific period of time. The data is displayed in a list. You can filter statistics by using different attributes such as data types and sensitivity levels. For more information, see What are the standards for the security assessment and filing of cross-border data transfer? |
Statistics on Domain Names in Personal Information and API Names | Displays the numbers of entries of personal information and sensitive personal information that are transferred across borders by calling API operations at different sites within a specific period of time. The data is displayed in a list. |
2. Tracing and auditing
You can use the tracing and auditing feature to monitor sensitive data traffic within the previous 30 days and trace and query sensitive data. If a sensitive data leak occurs, you can use the feature to identify the possible point of time at which the data leak occurs and trace how the data is leaked. This helps you handle the leak at the earliest opportunity and reduce business loss. On the Tracing and Auditing tab of the API Security page, you can obtain information about tracing and auditing.
The feature is supported only for subscription WAF instances that are deployed in regions in the Chinese mainland and support the API security module.
By default, the tracing and auditing feature is disabled. To enable the feature, go to the Policy configurations.
tab on the API Security page, find the protected object that you want to manage, and then turn on the switch in the Tracing and Auditing column. For more information, see
Tab | Description |
Log Query | Allows you to obtain the IP addresses, APIs, domain names, and details of sensitive data leaks.
Note For more information about the types of sensitive data, see What types of sensitive data can be detected by the API security module? For more information about API sensitivity levels, see What are the sensitivity levels of the API security module? |
Data Traceability | Allows you to enter sample sensitive data that you want to query and obtain tracing results.
|