The Security page is composed of three tabs namely Access Control Policy, Security Events, and Project Analytics. This page displays graphs and tables that facilitates the discovery, interpretation, and communication of meaningful patterns using the data detected by the system. It also entails applying the data patterns towards effective decision making. This page helps in understanding the data patterns at API, PII, and Attack level. The data patterns are represented in widgets. Each widget, when opened, displays a detailed view.

Access Control Policy

In the navigation panel on the left, select Security and select the Access Control Policies tab. This page maintains a list of all access control policies that allow/deny traffic based on the GNS scope, source group(s), and destination group(s).

Security Events

In the navigation panel on the left, select Security and select the Security Events tab. This displays the following information:

Description. The Security Events widget on per API page provides information about all the events logged when this API was sent out with new PII data.

Graph View. The graph view at the top displays the following details:

Name

Description

Total Events

The counts of events detected in the selected services.

PIIs Detected

The count of discovered PIIs.

Attacks Detected

The count of attacks detected between the services internal and external to the Tanzu Service Mesh.

Geolocations

The count of locations from where the attacks are detected.

Authn & Authz Failures

The count of active APIs discovered between the services internal and external to the Tanzu Service Mesh.

Total Users

The count of users whose accounts are compromised.

Detailed View. The detailed view provides the following information:

  • Timestamp. The time at which the selected event occurred.

  • Severity. The risk level of the selected API event. The risk levels are categorized into low, medium, and high. The events are categorized into three types based on the severity level:

    • Critical Events: Those events that are unlikely to occur and have the highest severity level.

    • Warning Events: Events with a medium level of severity are to be handled.

    • Non-Critical Events: Events that are most likely to occur and are of the lowest severity.

  • Event Title. Name of the event.

  • Source Workload. The workload to which the API call was made.

  • Destination Service. The destination service that was involved in the communication.

  • PII. The PII that was detected the most number of times in this API.

  • Attack. The top attacks detected in this API.

  • Geo. The locations that were sending this API request with PII.

  • User. The user who triggered this event.

Project Analytics

In the navigation panel on the left, select Security and select the Project Analytics tab. This displays the following information:

Risk Factors. This lists the API risks and Attack risks detected in the order of their severities.

Security Threats. This lists the following information:

  • Top PII. The Top PII (APIs) widget provides information about the APIs with PIIs and is under attack.

  • Top Attacks. The Top Attacks widget provides information about the attacks that were tried to perform on this project.

  • Geo-location Based Risks. This information about the locations that are sending requests with this attack.

Public and External Access. The Public and External Access widget provides information about the services and APIs that were accessed from the external world.

Operational Metrics. This section lists details such as active services, top APIs, top errors detected, top users, and event response codes.