API Abuse Detection & Telemetry1 items

API Abuse Detection & Telemetry1 items
Signals and Detections
  • Behavioral: spikes per identity/IP/key; impossible sequences; schema anomalies.
  • Auth anomalies: repeated 401/403 with varied resources (BOLA probing).
  • Replay patterns: identical payloads with shifted timestamps; nonce reuse.
  • Data exfil indicators: large sequential exports; new untrusted destinations.
© API Abuse Detection & Telemetry1 items • Security Review Playbook — Corey Potter • Built for expert threat modeling