Update changelog entry for API Shield 2025-03-18

cosgrove-cf · cosgrove-cf · commit 98ab6ab2008e · 2025-04-18T12:03:50.000-04:00
diff --git a/src/content/changelog/api-shield/2025-03-18-api-posture-management.mdx b/src/content/changelog/api-shield/2025-03-18-api-posture-management.mdx
@@ -7,11 +7,14 @@ date: 2025-03-18T11:00:00Z
 Now, API Shield **automatically** labels your API inventory with API-specific risks so that you can track and manage risks to your APIs.
 
 View these risks in [Endpoint Management](https://developers.cloudflare.com/api-shield/management-and-monitoring/) by label:
-![enter image description here](~/assets/images/changelog/api-shield/endpoint-management-label.png)
+
+![A list of endpoint management labels](~/assets/images/changelog/api-shield/endpoint-management-label.png)
+
  ...or in [Security Center Insights](https://developers.cloudflare.com/security-center/security-insights/):
-![Example Insight](~/assets/images/changelog/api-shield/posture-management-insight.png)
+
+![An example security center insight](~/assets/images/changelog/api-shield/posture-management-insight.png)
  
-API Shield will scan for risks on your API inventory daily. Here are the new risks we're scanning for and automatically adding labels to:
+API Shield will scan for risks on your API inventory daily. Here are the new risks we're scanning for and automatically labelling:
 - **cf-risk-sensitive**: applied if the customer is subscribed to the sensitive data detection ruleset and the WAF detects sensitive data returned on an endpoint in the last 7 days.
 - **cf-risk-missing-auth**: applied if the customer has configured a session ID and no successful requests to the endpoint contain the session ID. 
 - **cf-risk-mixed-auth**: applied if the customer has configured a session ID and some successful requests to the endpoint contain the session ID while some lack the session ID.
@@ -20,7 +23,7 @@ API Shield will scan for risks on your API inventory daily. Here are the new ris
 - **cf-risk-latency-anomaly**: added when an endpoint experiences a recent increase in response latency over the last 24 hours.
 - **cf-risk-size-anomaly**: added when an endpoint experiences a spike in response body size over the last 24 hours.
 
-In addition, API Shield has two new 'beta' scans for Broken Object Level Authorization (BOLA) attacks. These attacks can If you're in the beta, you'll see the following two labels when API Shield suspects an endpoint is suffering from a BOLA vulnerability:
+In addition, API Shield has two new 'beta' scans for **Broken Object Level Authorization (BOLA) attacks**. If you're in the beta, you'll see the following two labels when API Shield suspects an endpoint is suffering from a BOLA vulnerability:
  - **cf-risk-bola-enumeration**: added when an endpoint experiences successful responses with drastic differences in the number of unique elements requested by different user sessions.
  - **cf-risk-bola-pollution**: added when an endpoint experiences successful responses where parameters are found in multiple places in the request.
 
