The AppSentinels API Security Platform is purpose-built for keeping the security needs of next-generation applications in mind. At the platform’s core is an AI/ML engine, AI Sentinels, which combines multiple intelligence inputs to completely understand and baseline unique application business logic, user contexts, and intents, as well as data flow within the application, to provide the complete protection your application needs.
AppSentinels
Third PartyRelated Documentation
Compatible Protocols
http
https
Third Party: This plugin is developed, tested, and maintained by Appsentinels.
How it works
The AppSentinels plugin performs logging and enforcement (blocking) of API transactions. The plugin seamlessly integrates with Kong Gateway to provide visibility and protection.
The AppSentinels plugin works in the following modes:
- Logging or transparent mode: A copy of the request and response transactions is made and asynchronously shared with AppSentinels Edge Controller to provide visibility and security. Integrations can help provide enforcement, such as blocking of bad IPs and threat actors.
- Enforcement mode: This mode provides transaction-level blocking. Incoming requests are held until the AppSentinels Edge Controller provides a verdict. If the Controller provides a negative enforcement response, the request is dropped from further processing. In case of higher latency of a verdict, the plugin performs a fail open to ensure business continuity.
Install the AppSentinels plugin
The AppSentinels plugin is provided as a set of Lua scripts.
-
Obtain the plugin directly from AppSentinels or a distributor.
-
Mount or copy the Lua files, or create a Kong Gateway container image with Lua files (usually at
/usr/local/share/lua/5.1/kong/plugins/appsentinels). -
Update your loaded plugins list in Kong Gateway.
In your
kong.conf, appendappsentinelsto thepluginsfield. Make sure the field isn’t commented out.plugins = bundled,appsentinels -
Restart Kong Gateway:
kong restart