What Is Graylog API Security?

Graylog API Security captures real API traffic to detect attacks, leaks, and other threats to your APIs. Graylog API Security discovers your APIs and the risks from their use by legitimate customers, malicious attackers, partners, and insiders. This protection is accomplished with built-in automated and custom signatures and alerts.

Hint: Graylog API Security is a separate product from Graylog Open, Graylog Enterprise, and Graylog Security. Graylog API Security is deployed on its own but can be used in combination with other Graylog products.

Why You Need to Monitor Your APIs

APIs are crucial for mobile apps and business-to-business integrations. However, many organizations have no idea how many APIs they have and don’t know how to manage this new and quickly growing attack surface. Most organizations use web application firewalls (WAFs) and API gateways to protect their digital assets, but these methods are not enough to prevent data exfiltration and other misuse of their APIs.

When APIs are properly monitored, security and application teams are alerted to attacks and problematic runtime behaviors, with all of the supporting details necessary to understand what went wrong and suggested remediation steps for immediate action. This level of insight allows organizations to properly manage their API attack surface, even when APIs change quickly over time.

Deployment and Installation Options

Graylog API Security is easily deployed on Kubernetes using Helm. Supported Kubernetes environments include:

  • Amazon Web Services (AWS)

  • Microsoft Azure

  • Google Cloud Platform (GPC)

  • IBM Cloud

  • Self-managed Kubernetes (such as MicroK8s)

Installation instructions for each of these environments are found in the installation section.

Graylog API Security Free Edition is a single node deployment requiring 6 cores and 18 GiB of RAM. Storage capacity is 16 GB, with the oldest stored data aged out over time.

In addition to the free edition, Graylog offers a full licensed edition that scales to multiple nodes (6 cores and 18 GiB each) and scales to many terabytes of storage using Apache Iceberg and object storage (MinIO or S3). Contact the Graylog Sales team for more information about this product.

Both the free and licensed editions integrate with other Graylog products and have the same installation and capture options.

Methods to Monitor API Calls

Graylog API Security can capture API calls from multiple sources simultaneously:

  • Sniffing on Kubernetes, or from physical or virtual networks

  • VPC Mirroring

  • Tyk API Gateway

  • IBM API Connect

  • Azure API Management

  • Logger Libraries

For more information, see Capture API Calls.

How to Get Your Free License

You can get your free license by filling out the online form here:

https://go2.graylog.org/api-security-free

Hint: This license is specific to Graylog API Security and cannot be used to activate other Graylog products.

Limitations and Cautions

A few notes to ensure a successful and compliant implementation of the free version of API Security:

  • The free license is good for 1 year, with unlimited renewals for as long as this program is available.

  • 1 free license per organization.

  • Storage capacity is limited to a local 16 GB rolling buffer, meaning that when the limit is reached, the oldest data rolls off as new data comes in. This roll-off includes all alerts associated with that data. This storage capacity limitation can be removed with the full licensed edtion. Contact the Graylog Sales team for more information.

  • Data can be manually exported for retention purposes but consumes local storage if imported back in.

  • Graylog API Security is a cloud-native architecture. It can be run on premises or in a private cloud, but it requires a minimum of 6 vCPUs and 18 GiB of RAM. Due to the sensitive nature of what is captured, Graylog does not offer a cloud hosted option.

  • The free license does not include Apache Iceberg storage. Iceberg integration can be used only with the full licensed edition. Contact the Graylog Sales team for more information.