Product
Hosting Environment
Operating System
Capability
Task Type
Draft Beta
Close

PingIntelligence for APIs - Dashboard 3.2.1

Updated 95

Add to MyDocs | Hide Show Table of Contents

Access the ABS Dashboard

Access the main dashboard with a browser at this URL: https://<ip:port>/app/kibana#/dashboard/pingapiintelligence. In the above URL, <ip:port> is the IP address and port configured in kibana.yml. The default port is 443. Change the password of the two users ping_admin and ping_user by completing the following steps:

  1. Navigate to the ABS Dashboard URL and log in using elastic user and the password set during Elasticsearch configuration. The Kibana landing page is displayed.
  2. In the Kibana landing page, click Management. The Management page is displayed. In the Management tab, click Users. The Users page is displayed:
  3. On the Users page, click on ping_admin to change the email and password of ping_admin user.
  4. On the ping_admin Users page, update the Email and Password fields and click Save:

Repeat steps 2 through 4 for ping_user to update Email and Password. Then log in with ping_user credentials to view the dashboard. Here is a partial screen grab of the main dashboard:

The main dashboard provides the following information:

  • Attack Summary: total number of attacks, number of unique IP addresses and unique cookies generating attacks. Note: a single IP or cookie could generate more than one attack, so the sum of the unique IPs and cookies may be less than the total number of attacks.
  • Time series chart of attacks: total number of attacks on each API over time
  • Total number of attacks on each API
  • API Metrics: Activity generated on each API - Requests Accepted (green) and Requests Rejected (blue).
  • API Information: information on each API including:
    • Type – regular or decoy (see API Security Enforcer Admin Guide for decoy API explanation)
    • Protocol – HTTP, WebSocket
    • URL – URL to access API
    • Hostname – host name for the API.
    • Servers number of servers hosting the API

For each API, an API-specific Dashboard can be displayed using the menu on the left-hand side (see graphic to the right). Click Dashboard to display the list of APIs for which Dashboards are available.

Click on a listed API name to display the detailed graphs. You can open more than one API by opening each API dashboard in a new tab. A dashboard which is like the one shown below is displayed.

If graphs are not displayed due to Kibana errors, refresh your browser. Each dashboard displays the following API specific reports:

Attack reporting:

  • Attack summary: total number of attacks, number of unique IP addresses and unique cookies generating attacks. Note: a single IP or cookie could generate more than one attack, so the sum of the unique IPs and cookies may be less than the total number of attacks.
  • Attack types: count of each type of attack. Attack type examples include data exfiltration, stolen cookies, etc. See ABS Admin Guide for a complete list of attacks

API metric reporting

  • Requests/API URLs – number of requests on each valid API URL
  • Requests/Device-Type – number of requests per device type

Error and traffic control reporting

  • Server error codes – Count of each error code returned from API servers.
  • DoS/DDoS threshold exceeded per API – Count of traffic thresholds exceeded including Server Spike, Client Spike, and Connection Quota Exceeded (See API Security Enforcer Admin Guide for parameters).
  • Blocked connections – Count of each blocked connection type.
Note: The graphs displayed are reference Kibana graphs. You can create scripts and graphs that suit your deployment using REST API calls to the ABS engine.

Tags Product > PingIntelligence; Product > PingIntelligence > PingIntelligence 3.2