Findings

Average Combined Payload Size Reduced

Updated: June 19, 2025

findings log based findings api finding

Description

Severity: Info

The average combined request and response payload size has decreased during the current observation period.

Although payloads for individual request may change and vary between endpoints, the overall average size of payloads for an application should be fairly stable. Fluctuations in the  payload size may be an indicator of higher than normal usage, changed usage patterns, changed data content, etc. Any of these can be indicators for malicious behaviour.

Example Attack

An attacker may have completely abnormal usage pattern, such as only using a single list endpoint to exfiltrate data and hitting that endpoint much mor efrequently than a normal user would. The proportionally higher number of these requests will affect the average payload size for the whole service.

Remediation

Investigate what has caused the combined request and response payloads sent to this API to decrease significantly in size.

Need help?

Contact FireTail support

Previous (Findings - Log based findings)
Average Combined Payload Size Elevated
Next (Findings - Log based findings)
Average Execution Time Elevated