We are excited to announce significant improvements to our API Sessions user experience, designed to help you find important API session details faster and more efficiently.

The following enhancements are now available:

• Performance Improvements: Faster loading times for sessions, eliminating waits for large datasets.
• Exclusion Filters: Filter API sessions with both included and excluded criteria.
• Sortable Columns: Sorting by date and number of requests is now supported.
• Separated Sections in Session Details: Improved data visibility with icons and highlights, making it easier to locate specific information.
• Collapsable Sections: Hide less frequently used data until needed, streamlining your view.
• Intelligent Linking: Navigate quickly between session details with intuitive linking.
• Attack Details Display: View detected attacks and attack details directly within the API sessions interface.

For more details, check out the documentation or see the demo data in the Wallarm Playground. 

We’re excited to introduce a major upgrade to how scans are configured in API Attack Surface Management (AASM). We’ve improved the user experience to deliver more flexibility, precision, and alignment with your unique API security needs.

You can now granularly define your scan scope, allowing for more targeted and accurate results. With this update, you’ll be able to cut through the noise and focus on what matters most.

Here’s what’s new:

• Bulk Import of Root Domains: Quickly onboard your assets by importing multiple domains at once.
• Expanded Scope Definition: Add additional hosts to ensure comprehensive coverage of your environments.
• Advanced Scheduler Control:
  • Turn on/off the auto-rescan scheduler per domain.
  • Globally manage the scan schedule (weekly, bi-weekly, or monthly).
  • Global scheduler settings override domain-level preferences for consistency.
• Scanning Profiles: Choose from pre-defined scanning profiles or create your own to match your risk posture.
• Modular Control: Enable or disable specific scanning modules as part of your scheduled scans.
  
  

These enhancements are built to help you minimize noise, sharpen findings, and focus your efforts where they matter most.

Start refining your scan scope now to take full advantage of the improved accuracy and control.

Wallarm is excited to announce a native integration method for customers who leverage IBM DataPower as their API Gateway or edge enforcement point.

The integration offers:

🔧 Simplified Deployment – No need for traffic mirroring or custom forwarding logic

🕒 Accelerated Time-to-Value – Get up and running with security coverage in just a few hours

🔐 Enhanced Security Posture – Detect and mitigate threats directly at the API ingress point

You can now forward API traffic from IBM DataPower to a Wallarm node with minimal manual steps. To get started, follow our step-by-step integration guide for detailed instructions.

We’re happy to announce that the Download Reports feature is now available in API Attack Surface Management. Users can download reports of the discovered APIs, scanned perimeter, WAF testing, vulnerabilities and much more. 🚀

Users can now export data in three different report formats:

1. DOCX Report: Provides detailed insights into both the Attack Surface and Security Issues. It now includes filtering options to select which risk levels of security issues are included.
2. CSV Reports: Export Attack Surface data in a tabular format, grouped by:

• Hosts
• Ports
• APIs

1. JSON Report: Machine-readable format for easy integration and automation.

Start exploring these new capabilities today and provide your feedback! 🎉

We are thrilled to announce the biggest update yet to the Wallarm API Attack Surface Management (AASM) platform, along with the General Availability of our API Vulnerability Scanner! 

Enhanced Vulnerability Detection

AASM now detects approximately 2,500 of the most widespread vulnerabilities affecting APIs, and it now scans for outdated versions of software across web servers, frameworks, libraries, CMS platforms, plugins, programming languages, network services, and API gateways. Users can see the expanded set of vulnerabilities discovered in the Security Issues section of AASM.

Vulnerability Intelligence Enrichment

We’ve integrated powerful Vulnerability Intelligence sources to provide deeper insights into detected vulnerabilities, including:

• Public exploit availability 🛠️
• In-the-wild exploitation 🌍
• Use in ransomware campaigns ☠️
• Exploit Prediction Scoring System (EPSS) ranking 🎯

AI-Powered CVE Classification

AASM now leverages AI and OpenAI's LLM to automatically classify detected CVEs, helping security teams prioritize and respond more effectively.

New Charts, New Security Insights

Understanding vulnerability trends over time is critical. AASM now provides two dynamic charts to enhance your security analysis:

• Historical Risk Analysis: Tracks monthly vulnerability trends based on risk levels, helping teams measure progress.
• Resolution Risk Analysis: Evaluates the efficiency of vulnerability management by visualizing how quickly issues are resolved over time.

Improved Reporting with CSV/JSON Export

Users can now download detailed security reports in CSV or JSON formats, choosing to export all issues or only filtered ones. 

Additional Enhancements Released in Jan-Feb:

• Upgraded from a 3-level to a 5-level risk model for better prioritization.
• Multi-select filters on AASM and Security Issues pages.
• Auto-reopening vulnerabilities if they are detected again.
• Security Posture widget updates with enhanced vulnerability statistics.

For more details, visit our documentation.

We’re excited to announce the launch of our improved Single Sign-On (SSO) Provisioning—a better way to manage users and permissions in Wallarm. This new enhancement to the platform’s existing SSO support allows customers to manage users and roles from within their SSO provider. 

Benefits at a Glance:

• Centralized Control: Manage all user access from one place.
• Faster Onboarding: Seamlessly add and update users via your SSO provider.
• Align groups in your SSO provider with Wallarm roles. Every new user added to an SSO group will automatically receive appropriate access to Wallarm!

You can read more in the documentation. To activate SSO Provisioning, contact the Wallarm support team.

We’re excited to announce that the latest Wallarm node now includes a full-fledged GraphQL parser!

With this enhancement, Wallarm significantly improves the detection of input validation attacks (e.g., SQL injections) within GraphQL requests, offering greater accuracy and minimal false positives.

Key Benefits:

• Improved detection of input validation attacks (e.g., SQL injections) 
• Detailed Parameter Insights: Extract and display values of GraphQL request parameters in API Sessions, utilizing them as Session Context Parameters. 
  

• Precise Attack Search: Precisely identify attacks in specific GraphQL request components, such as arguments, directives, and variables.

• Advanced Rule Application: Apply granular protection rules to specific GraphQL request parts. This enables fine-tuning and configuring exclusions for certain attack types in defined parts of GraphQL request

.

These capabilities are included in Wallarm node version 5.3.0+. 

Today we are excited to announce our new capability 

🔐 Sensitive Business Flows (SBF) & Advanced User Attribution in API Sessions

• Available in API Discovery & API Sessions: Automatically identify and tag critical endpoints related to key business functions like authentication, billing, and account management across both API Discovery and API Sessions.
• Customizable Tagging: Easily adjust and assign Sensitive Business Flows tags manually to meet your unique business requirements.

• Focused Security: Filter and prioritize the protection of your most vital API endpoints and user sessions, ensuring robust security where it matters most.
  
  

  

  👥 Advanced User Attribution in API Sessions

  • User & Role-Based Filtering: Attribute sessions to specific users and roles, enabling targeted monitoring and improved threat detection.

  • Granular Insights: Gain deeper visibility into API sessions to implement more effective analysis of user activity and take security measures faster.

    
    
    

    

    
    

    
    

    
    

    
    

We are proud to introduce a unique security feature tailored for the API economy—API Sessions. This a game-changing addition that gives you unmatched visibility into attacks, anomalies, and user behavior across your APIs, providing transparency into how users interact with your APIs and applications.

In the complex world of APIs, attackers often exploit vulnerable endpoints by blending their actions with legitimate user behavior. Without the full context of how those sessions unfold, identifying patterns or threats becomes a time-consuming process involving multiple tools and systems. Organizations simply don't have visibility at the API level at all. 

With API Sessions, security teams now have the ability to see all relevant activity grouped by user session, offering unparalleled visibility into attack sequences, user anomalies, and normal behaviors. Investigations that once took hours or days can now be conducted directly from the Wallarm Console in just minutes.

Key Features:

• Visibility into attacks, anomalies, and user behavior: View and analyze every request made in a session to track attack vectors and suspicious patterns.
• Support for both legacy and modern sessions: Whether your applications rely on cookie-based sessions or JWT/OAuth, Wallarm API Sessions ensures full compatibility and visibility.
• Seamlessly navigate between individual attacks and their sessions. 

With API Sessions, security teams can now easily:

• Investigate the full activity of threat actors to understand potential attack paths and compromised resources.
• Identify how shadow or zombie APIs are being accessed, mitigating risks from undocumented or outdated APIs.
• Share key insights with colleagues to foster collaboration during security investigations.

Stay ahead of emerging threats by leveraging Wallarm’s API Sessions to give your team the tools they need for faster, more efficient incident response. 

We’re excited to introduce the Native Node, a new deployment option for the Wallarm Node that operates independently of NGINX. This solution was developed for environments where NGINX is not required or where a platform-agnostic approach is preferred. 

The Native Node allows both request and response analysis with Wallarm connectors. It is currently designed for connectors and supports deployment with MuleSoft, Cloudflare, and CloudFront. 

In addition, the Native Node now supports new connectors, allowing you to secure APIs running through Kong API Gateway and Envoy, expanding its use for modern API management solutions.

To provide flexibility across various self-hosted environments, we have released several deployment artifacts for the Native Node:

• All-in-one installer for Linux-based machines
• Docker image for containerized environments
• Helm chart for Kubernetes deployments

If you are wondering if Native Node is right for your deployment, please contact support or read the documentation.