Updated on 2025-08-12 GMT+08:00

Configuring an Account Analysis Rule

After applications are added to the API data security protection system, the system automatically sorts out their endpoints. After account analysis rules are configured, the system identifies and audits accounts.

You need to configure account analysis parameters for an application. After the configuration is complete, if a user logs in to the application through a proxy, the system identifies accounts based on the configured account analysis parameters and displays them on the account page. The account information is marked in the log details of the corresponding endpoint.

Prerequisites

A proxy application has been added. For details, see Adding a Proxy Application.

Procedure

  1. Log in to the web console of the API data security protection system as user sysadmin.
  2. In the navigation pane on the left, choose Assets > Accounts.
  3. Click Account Analysis.
  4. On the Account Analysis page, click Add.
  5. In the Add Account Analysis Rule dialog box, set account analysis parameters and click OK.

    Figure 1 Add account analysis rule
    Table 1 Account analysis rule parameters

    Parameter

    Description

    Rule Name

    Enter the rule name.

    Service Name

    Select the applications to which the rule applies. You can select All or Optional.
    • All: The rule applies to all applications.
    • Optional: Select an application to which the rule applies from the drop-down list.

    Endpoint Keywords

    Enter endpoint keywords. You can press F12 on the application page accessed by the proxy to view the endpoint information.

    Token Keywords

    Enter token keywords. You can press F12 on the application page accessed by the proxy to view the token information.

    Account Keywords

    Enter account keywords. You can press F12 on the application page accessed by the proxy to view the account information.

    Enabled/Disabled

    Enable or disable the rule.
    • Enabled status: The rule takes effect immediately after being added.
    • Disabled status: The rule does not takes effect after being added. You need to manually enable it.

    Extended Discovery

    Whether to enable extended discovery: Select whether to enable extended discovery for the account.

    After this function is enabled, you can configure the account source and specific parameters to discover accounts from the cache or pages.

Operation Results

After an account analysis rule is configured and enabled, if a user logs in to the application, the system identifies the account and displays it on the Account list tab.

Figure 2 Accounts identified