Bulk delete client identifiers
Use the bulk delete option when you believe that a large number of false positives have been identified. You can also use the bulk delete option to clear the blacklist in case of a reset. To bulk delete client identifiers, use the ABS attacklist REST API with DELETE method. Following is the URL for the API:
URL: /v4/abs/attacklist
Method: DELETE
To bulk delete all the entries of a client identifier or all client identifier, configure the body of the attacklist API request as show below:
{
delete_all: false,
delete_all_ips: true,
delete_all_cookies: true,
delete_all_oauth_tokens: false,
delete_all_api_keys: true,
delete_all_usernames: false,
}In the sample request body above, the attacklist API deletes all entries for IP, Cookie, and API Key. If, in the next time interval, the AI engine flags the same client identifiers, the blacklist is populated again. To permanently stop a false positive from being reported, tune the thresholds using the PingIntelligence Web GUI for the specific client identifier.
The following table describes the options:
| Option | Description |
|---|---|
|
This option overrides all the other configured options in the message body. If it is set to |
|
Set it true to delete all the IP addresses across all attack types from the blacklist. |
|
Set it true to delete all the cookies across all attack types from the blacklist. |
|
Set it true to delete all the OAuth token across all attack types from the blacklist. |
|
Set it true to delete all the API Keys across all attack types from the blacklist. |
|
Set it true to delete all the usernames across all attack types from the blacklist. |