fatcousin
// industry vertical

API gateway / edge proxy forensics

Kong · AWS API Gateway · Apigee · NGINX Plus · Traefik · Envoy · Cloudflare API Shield · AWS WAF rule matches · API key abuse bursts · multi-gateway traffic correlation across access logs.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. kong gateway access log forensic analyzerdrop kong access log export · parse route + consumer + latency + status · runs locally
  2. aws api gateway access log forensic analyzerdrop aws api gateway access log export · parse stage + resource + api key id · runs locally
  3. api key abuse rate limit anomaly detectordrop api gateway access corpus · detect key burst + 429/403 patterns · runs locally
  4. multi gateway api traffic correlatordrop 2+ gateway access exports · correlate client ip + path overlap · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. apigee api proxy traffic forensic analyzerdrop apigee message log export · parse proxy + fault + spike arrest hits · runs locally
  2. nginx plus api gateway log forensic analyzerdrop nginx plus json access log · parse upstream + jwt claims + rate limit · runs locally
  3. traefik access log forensic analyzerdrop traefik access log export · parse router + middleware + tls client · runs locally
  4. envoy proxy access log forensic analyzerdrop envoy access log export · parse cluster + response flags + duration · runs locally
  5. cloudflare api shield log forensic analyzerdrop cloudflare api shield log export · parse schema validation + auth + endpoint · runs locally
  6. aws waf api gateway rule match forensic analyzerdrop aws waf log for api gateway · parse rule group + terminating rule + uri · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper API gateway coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready