* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Native Security Platform](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/)
* Web Application and API S...

# Web Application and API Security Enhancements: New Analytics Dashboards for Improved Visibility and Support for gRPC Protection

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fweb-app-and-api%2F)  
[](https://twitter.com/share?text=Web+Application+and+API+Security+Enhancements%3A+New+Analytics+Dashboards+for+Improved+Visibility+and+Support+for+gRPC+Protection&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fweb-app-and-api%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fweb-app-and-api%2F&title=Web+Application+and+API+Security+Enhancements%3A+New+Analytics+Dashboards+for+Improved+Visibility+and+Support+for+gRPC+Protection&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/web-app-and-api/&ts=markdown)  
\[\](mailto:?subject=Web Application and API Security Enhancements: New Analytics Dashboards for Improved Visibility and Support for gRPC Protection)  
Link copied  
By [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin")  
Jan 27, 2022  
5 minutes  
[Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)  
[Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)  
[CWPP](https://www.paloaltonetworks.com/blog/tag/cwpp/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)  
[WAAS](https://www.paloaltonetworks.com/blog/tag/waas/?ts=markdown)

According to Forrester's recent [Analytics Business Technology Survey, 2020](https://www.forrester.com/report/forrester-analytics-application-security-solutions-forecast-2020-to-2025/RES176225), web application exploits, such as SQL injection, cross-site scripting, and remote file inclusion, are the most common forms of external attack. Protection for web applications and APIs continues to evolve as organizations adopt containers, Kubernetes, and serverless architectures. In these ephemeral environments, managing additional agents, gateways, and appliances becomes challenging for traditional security and application security teams.

In order to provide integrated, best-in-class protection for modern applications, Prisma Cloud delivers powerful Web Application and API Security (WAAS) capabilities that include coverage for the OWASP Top 10, API protection, bot risk management, advanced DoS protection and more. Security architects, DevSecOps, and application security teams can confidently protect web apps and APIs through defense in depth with visibility, vulnerability detection, security posture management, and runtime protection.

## What's New in the Latest Release of Prisma Cloud

#### WAAS Dashboard Explorer

In the previous release of Prisma Cloud's Web Application and Security (WAAS) module, we added an automated API discovery capability that can automatically [discover API endpoints](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/waas_api_observation.html) in your environment, show an endpoint usage report, profiles normal API calls and lets you export all discovered endpoints as an OpenAPI 3.0 spec file. In addition, customers could [discover unprotected web apps](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/unprotected_web_apps.html) through automated scanning of their environment for containers and flagging the web apps that aren't protected by WAAS.

In the latest release of Prisma Cloud, we're delivering a Web Application and API Security (WAAS) dashboard to highlight real-time and historical metrics, alert details, and security coverage along with enhancements to API observations and unprotected web applications views. Users can leverage these dashboards to get an overview of their security posture for reporting purposes and sharing with their management chain.

Users can start off by discovering which web apps are protected and those that are unprotected (Figure 1). In addition, you can prioritize your mitigation efforts by leveraging the integrated vulnerability statistics related to unprotected web applications From there you can get an understanding of the amount of traffic (by requests or bytes) being inspected by WAAS (Figure 2). After understanding the overall traffic, take a look at the attacks by type that threaten your web apps and APIs as well as the rules in place to protect them (Figure 3). Lastly, to get to the granular details, you can even filter the traffic by source of the attack (Figure 4).
![Figure 1. Web App Protection Coverage](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-1-web-app-protection-coverage.png)
Figure 1. Web App Protection Coverage

![Figure 2. Inspected Traffic Overview](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-2-inspected-traffic-overview.png)
Figure 2. Inspected Traffic Overview

![Figure 3. Total Attack Per Type and Policy Overview](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-3-total-attack-per-type-and-policy-overvie.png)
Figure 3. Total Attack Per Type and Policy Overview

![Figure 4. Traffic and Attack Source by Location](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-4-traffic-and-attack-source-by-location.png)
Figure 4. Traffic and Attack Source by Location

## Added Support for gRPC

As part of our ongoing effort to help customers secure their cloud native applications, Prisma Cloud has added support for inspecting and protecting gRPC web applications and APIs against attacks.

[gRPC](https://grpc.io/) is a type of open-source communication protocol, so an application can directly call a method on a server application on a different machine as if it were a local object, making it easier for you to create distributed applications and services ([Introduction to gRPC](https://grpc.io/docs/what-is-grpc/introduction/)).

gRPC communication is carried over the HTTP/2 protocol, using a binary format that's interpreted based on the Protobuf contract.

Prisma Cloud's Web App and API Security solution now supports protection of gRPC endpoints without requiring any special configuration from the user. When you set up rules and want to protect the gRPC communications for APIs, simply enable the gRPC toggle to add the additional layer of protection. This seamless functionality gives customers additional security for another type of communication protocol that their web applications and APIs might leverage.

![Figure 5. gRPC Support Toggle](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-5-grpc-support-toggle.png)
Figure 5. gRPC Support Toggle

## API Deep Inspection

With the increase of APIs spanning the web, [API security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security) is a crucial part of a holistic security strategy. Today our solution helps you discover unprotected APIs automatically, so you can apply security with ease. To further help Application Security and Cloud Security teams secure APIs, we are further enhancing our API observations.

Users can now get granular details about the normal message structure of API calls, and related body parameters, based on automated profiling of API calls . If you plan to export this information, the OpenAPI definition file will include observed body content. There is also an additional protection flag that indicates which endpoints are protected and which are not, providing an extra layer of visibility.

![Figure 6. API Request’s Body Parameters](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/figure-6-api-requests-body-parameters.png)
Figure 6. API Request's Body Parameters

#### Event IDs

Tracking security incident events can be difficult because of the sheer amount of traffic passing through Web Apps and APIs. Searching through massive amounts of security events can be exhausting if you are trying to diagnose an attack.

We are now incorporating Event IDs into every response, allowing users to easily reference WAAS module events. The WAAS ID is included both in the response message body and in the response header. The event IDs can also be incorporated into user-created custom block pages so a user can reference the event for further troubleshooting. Users can search for specific events easily in the Events tab by referencing the Event ID filter field.
![Figure 7. Web App and API Event IDs](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/graphical-user-interface-application-description-1.png)
Figure 7. Web App and API Event IDs

## How to Get Started

To learn more about the latest innovations in Prisma Cloud's Web App and API Security solution, check out the following [techDocs](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas.html).

Existing customers on the SaaS platform can access the latest features in early February and self-hosted customers can access these features by upgrading to the latest version. New customers looking to get a free trial of Prisma Cloud's Web App and API Security solution can request a [free trial here](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Agentless Workload Scanning Gets Supercharged with Malware Scanning](https://www2.paloaltonetworks.com/blog/2023/06/agentless-malware-scanning/)

### [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### Mitigate GraphQL Risks and Secure Your APIs with Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/mitigating-graphql-risks-with-prisma-cloud-waas/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/category/web-application-api-security/?ts=markdown)

[#### Instant Protection with Virtual Patches](https://www2.paloaltonetworks.com/blog/cloud-security/protection-with-virtual-patches/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Prisma Cloud at Ignite '21: What to Know](https://www2.paloaltonetworks.com/blog/cloud-security/prisma-cloud-ignite-21/)

### [API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/api-security/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [CWPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cwpp/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### The Expanding API Attack Surface](https://www2.paloaltonetworks.com/blog/cloud-security/api-security-visibility-prioritization-protection/)

### [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### API Discovery Made Simple](https://www2.paloaltonetworks.com/blog/cloud-security/api-discovery-security/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language