PingIntelligence

Blocked connection reporting

ABS Blocked Connection REST API reports all connections that are blocked by ASE. Two types of reports are provided:

  • Blocked Connection Summary Report

  • Blocked Connection Detail Report

The blocked connections are reported for the following categories:

  • API routing

  • DDoS flow control

  • ABS detected attacks

  • Custom blacklist

  • Decoy attacks

  • ASE detected attacks

Use the following ABS REST API for viewing the blocked connections report:

Blocked connection summary

URL: <ABS_IP>:port/v4/abs/bc?earlier_date=<>T<hh:mm>&later_date=<>T<hh:mm>

Following is a snippet of blocked connection summary report:

{
 "company": "ping identity",
 "name": "api_blockedconnections",
 "description": " This report contains a summary of all API traffic blocked
  by ASE for the following types: api_not_found, host_header_not_found,
  backend_not_found, client_spike, server_spike, bytes_in_threshold,
  bytes_out_threshold, quota_threshold, customer_blacklist,
  abs_detected_attacks, ase_detected_attacks, decoy_detected_attacks",
 "earlier_date": "Thu Jan 18 13:00:00:000 2018",
 "later_date": "Thu Feb 22 18:00:00:000 2018",
 "api_name": "global",
 "total_blocked_connections": 21222,
 "api_not_found": 0,
 "host_header_not_found": 0,
 "backend_not_found": 3501,
 "client_spike": 237,
 "server_spike": 6179,
 "bytes_in_threshold": 5938,
 "bytes_out_threshold": 18,
 "quota_threshold": 0,
 "customer_blacklist": 0,
 "abs_detected_attacks": 4576,
 "ase_detected_attacks": 773,
 "decoy_detected_attacks": 0

Blocked Connection Details

URL: <ABS_IP>:port/v4/abs/bc?later_date=<>T<hh:mm>&earlier_date=<> T<hh:mm>&details=true

Following is a snippet of Blocked Connection details report:

{
 "company": "ping identity",
 "name": "api_blockedconnections",
 "description": "This report contains details of all API traffic blocked by
  ASE for the following types: api_not_found, host_header_not_found,
  backend_not_found, client_spike, server_spike, bytes_in_threshold,
  bytes_out_threshold, quota_threshold, customer_blacklist,
  abs_detected_attacks,  ase_detected_attacks, decoy_detected_attacks,
 "earlier_date": "Thu Jan 18 13:00:00:000 2018",
 "later_date": "Thu Feb 22 18:00:00:000 2018",
 "api_blocked_connections": [
 {
 "category": "api_routing",
 "details": [
 {
 "source": "192.168.11.161",
 "type": "backend_not_found",
 "destination_api": "/v2/pet/55"
 },
 {
 "source": "192.168.11.161",
 "type": "backend_not_found",
 "destination_api": "/v2/store/inventory"
 }
 ]
 },
 {
 "category": "ddos_flowcontrol",
 "details": [
 {
 "source": "100.64.1.24",
 "type": "bytes_in_threshold",
 "destination_api": "/app/ws"
 },
 {
 "source": "100.64.3.213",
 "type": "protocol_violation",
 "destination_api": ""
 }
 ]
 },
 {
 "category": "abs_detected_attacks",
 "details": [
 {
 "source": "100.64.38.180",
 "type": "ioc_abs_ip_port",
 "destination_api": "/atmapp/zipcode"
 },
 {
 "source": "100.64.38.180",
 "type": "ioc_abs_ip_port",
 "destination_api": "/atmapp/zipcode"
 }
 ]
 },
 {
 "category": "customer_blacklist",
 "details": []
 },
 {
 "category": "decoy_detected_attacks",
 "details": []
 },
 {
 "category": "ase_detected_attacks",
 "details": [
 {
 "source": "100.64.8.252",
 "type": "protocol_violation",
 "destination_api": ""
 },
 {
 "source": "100.64.36.93",
 "type": "protocol_violation",
 "destination_api": ""
 }
 ]
 },
 ]
 }
 ]
}