1. Proposed title of this feature request
RHACS - detection of API scanning against Openshift API server

2. What is the nature and description of the request?
API scanning as a malicious activity. As part of security threat detection we request a feature to detect API scanning

3. Why does the customer need this? (List the business requirements here)
API scanning is usually performed by attackers who enumerate endpoints, methods, or parameters to identify vulnerabilities (e.g., missing authentication, excessive data exposure, weak rate-limiting).

• Unusual Request Volume
  • High rate of requests within a short timeframe
  • Requests exceed expected thresholds for normal users/applications
• Endpoint Enumeration
  • Requests to many different endpoints in rapid succession
  • Access attempts to non-existent endpoints (404 spikes)
• Parameter Fuzzing / Brute Forcing
  • Sequential parameter values in requests (id=1, id=2, …)
  • Injection-like payloads in query parameters

4. List any affected packages or components.
Red Hat ACS