PingIntelligence

Bulk delete client identifiers

Use the bulk delete option when you believe that a large number of false positives have been identified. You can also use the bulk delete option to clear the blacklist in case of a reset. To bulk delete client identifiers, use the ABS attacklist REST API with DELETE method. Following is the URL for the API:

URL: /v4/abs/attacklist

Method: DELETE

To bulk delete all the entries of a client identifier or all client identifier, configure the body of the attacklist API request as show below:

{
	delete_all: false,
	delete_all_ips: true,
	delete_all_cookies: true,
	delete_all_oauth_tokens: false,
	delete_all_api_keys: true,
	delete_all_usernames: false,
}

In the sample request body above, the attacklist API deletes all entries for IP, Cookie, and API Key. If, in the next time interval, the AI engine flags the same client identifiers, the blacklist is populated again. To permanently stop a false positive from being reported, tune the thresholds using the PingIntelligence Web GUI for the specific client identifier.

The following table describes the options:

Option Description

delete_all

This option overrides all the other configured options in the message body. If it is set to true, all the client identifiers are deleted irrespective of what their individual configuration is. Set it to false, if you wan to exercise other options.

delete_all_ips

Set it true to delete all the IP addresses across all attack types from the blacklist.

delete_all_cookies

Set it true to delete all the cookies across all attack types from the blacklist.

delete_all_oauth_tokens

Set it true to delete all the OAuth token across all attack types from the blacklist.

delete_all_api_keys

Set it true to delete all the API Keys across all attack types from the blacklist.

delete_all_usernames

Set it true to delete all the usernames across all attack types from the blacklist.