Security

WAAP — Web App & API Protection

URL-decoded SQLi / XSS / SSRF / LFI / cmd-injection signatures on every ingest.

▸ How it works

Every inbound API request (telemetry, RUM, findings, anything) passes through the WAAP plug. The query string is URL-decoded (to defeat encoded-payload bypasses) and matched against a rule set. Matches are recorded as security audit events with the rule ID, request path, attacker IP, and matched substring. Per-project rule overrides let you disable a noisy signature without redeploying.

▸ What this lets you do

✓ Block obviously malicious payloads before they hit business logic
✓ Hit log shows every match with full request context
✓ Tune signatures per project — silence false positives in one click
✓ Auto-fires `security_alert` events into `/v1/findings` for SIEM

▸ Get it running

1 Enabled by default on every API endpoint — no setup
2 Open `WAAP` in the dashboard to see hits and tune rules
3 Optional: forward hits to PagerDuty via alert webhooks

▸ Code examples

# This request will be 200'd at the ingest layer (logs accepted)
# but produces an audit-log entry: rule=waap.sqli, severity=high.

curl -G https://funnel.example.com/v1/logs?q=%27%20OR%201%3D1--%20 \
  -H "Authorization: Bearer st_YOUR_KEY"

# Open /app/p/:org/:project/waap — the hit shows up under "Recent".

Where to find it

/app/p/:org/:project/waap

Open in app →