PingIntelligence

ABS blacklist reporting

ABS Provides attacklist REST API to complete the following two operations:

  • List the various client identifiers (API Key, OAuth token, Username, Cookie, and IP address) which are related to probable attack

  • Delete the client identifiers which may be a cause of false positive

Reporting active and expired client identifiers

ABS provides an attacklist REST API with GET method to list of active attacks in the system, expired attacks, and consolidated (active and expired) attacks together. The list of detected client identifiers depends on the TTL set for the client identifiers. The attack list reports the detected client identifiers (active or expired) for the queried period. The time-period is part of the API query parameter.

URL: /v4/abs/attacklist

Report the active detected attacks: Use the following REST API URL to report the active client identifiers:

/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=active: The API lists the active client identifiers for a time-period between earlier_date and later_date. PingIntelligence ASE fetches the active client identifiers list from ABS for blocking the clients.

Report the expired detected attacks: Use the following REST API URL to report the expired client identifiers:

/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=expired: The API lists the expired client identifiers for a time-period between earlier_date and later_date. The expiry of detected attacks in the system depends on the configured TTL.

Report the consolidated (active and expired) detected attacks: Use the following REST API URL to report the consolidated client identifiers attacks:

/v4/abs/attacklist?earlier_date=<>&later_date=<>: The API lists all the client identifiers for a time-period between earlier_date and later_date.