PingIntelligence

Automated ASE attack blocking

Automatic blocking of attacks with ASE

When the AI Engine detects an attack, it adds an entry to its blacklist which consists of usernames, tokens, API Keys, cookies, and IP addresses of clients which were detected executing attacks. If blocking is enabled for the API, the blacklist is automatically sent to ASE nodes which blocks the client’s future access using the identifiers on the list.

Activate log processing for ABS

To activate ABS log processing, execute the following ASE command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs

After log processing is enabled, ASE sends log data to ABS which processes the log data to look for attacks and generate reports.

Automatically block ABS detected attacks

ABS generates a list of clients that are suspected of executing attacks. ABS can be configured to automatically send the attack list to ASE which blocks client access. By default, automatic blocking is inactive, execute the following ASE command to activate automatic client blocking.

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack

Disable attack blocking

To disable automatic sending of ABS attack lists to ASE, execute the following ASE command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack