--- title: Real-time Detected attacks for inline ASE description: API Security Enforcer supports real time attack detection and blocking for: component: pingintelligence version: 5.1 page_id: pingintelligence:abs_ai_engine:pingintelligence_detected_attacks_inline_ase canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/abs_ai_engine/pingintelligence_detected_attacks_inline_ase.html revdate: April 3, 2024 section_ids: enable-ase-detected-attacks: Enable ASE detected attacks disable-ase-detected-attacks: Disable ASE detected attacks --- # Real-time Detected attacks for inline ASE API Security Enforcer supports real time attack detection and blocking for: * API Pattern Enforcement – validate traffic to ensure it is consistent with the API definition * API Deception – blocks hackers probing a Decoy API ## **Enable ASE detected attacks** Enable real-time ASE detected attacks by running the following command on the ASE command line: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_ase_detected_attack ASE Detected Attack is now enabled ``` ## **Disable ASE detected attacks** Disable real-time ASE detected attacks by running the following command on the ASE command line: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_ase_detected_attack ASE Detected Attack is now disabled ``` | | | | - | ---------------------------------------------------------------------------------- | | | When you disable ASE detected attacks, the attacks are deleted from the blacklist. | In real-time, ASE blocks hackers which violate pattern enforcement or probe decoy APIs. Hacker information is reported to ABS which generates ASE detected attack reports (type ID 101). Use the following ABS REST API to view the report: **Real-time ASE detected attack based on OAuth2 token activity** ```json { "company": "ping identity", "attack_type": "Invalid API Activity", "name": "api_attack_type", "description": "Clients using invalid method/protocol/content-type", "earlier_date": "Thu Jan 25 18:00:00:000 2018", "later_date": "Fri Dec 28 18:00:00:000 2018", "api_name": "atm_app_oauth", "ips": [], "cookies": [], "access_tokens": [ { "access_token": "token_protocol", "details": [ { "access_time": "Fri Jan 26 20:58:04:770 2018", "attack_code": "protocol" }, { "access_time": "Fri Jan 26 21:16:17:851 2018", "attack_code": "protocol" } ] }, { "access_token": "token_method", "details": [ { "access_time": "Fri Jan 26 20:58:04:819 2018", "attack_code": "method" }, { "access_time": "Fri Jan 26 21:16:17:903 2018", "attack_code": "method" } ] }, { "access_token": "token_contenttype", "details": [ { "access_time": "Fri Jan 26 20:58:04:819 2018", "attack_code": "content_type" }, { "access_time": "Fri Jan 26 21:16:17:903 2018", "attack_code": "content_type" } ] } ] } ``` **Real-time ASE detected attack based on pattern enforcement violation** ```json { "company": "ping identity", "attack_type": "Invalid API Activity", "cookie": "JSESSIONID", "name": "api_attack_type", "description": "Clients using invalid method/protocol/content-type", "earlier_date": "Thu Jan 25 18:00:00:000 2018", "later_date": "Fri Dec 28 18:00:00:000 2018", "api_name": "atm_app_public", "ips": [], "cookies": [ { "cookie": "session_contenttype1", "details": [ { "access_time": "Fri Jan 26 21:17:10:662 2018", "attack_code": "content_type" } ] }, { "cookie": "session_method", "details": [ { "access_time": "Fri Jan 26 20:58:06:656 2018", "attack_code": "method" }, { "access_time": "Fri Jan 26 21:17:10:662 2018", "attack_code": "method" } ] }, { "cookie": "session_contenttype", "details": [ { "access_time": "Fri Jan 26 20:58:06:656 2018", "attack_code": "content_type" }, { "access_time": "Fri Jan 26 21:17:10:662 2018", "attack_code": "content_type" } ] }, { "cookie": "session_protocol", "details": [ { "access_time": "Fri Jan 26 20:58:04:873 2018", "attack_code": "protocol" }, { "access_time": "Fri Jan 26 21:16:47:314 2018", "attack_code": "protocol" } ] }, { "cookie": "session_method1", "details": [ { "access_time": "Fri Jan 26 21:17:10:662 2018", "attack_code": "method" } ] }, { "cookie": "session_protocol1", "details": [ { "access_time": "Fri Jan 26 21:16:47:314 2018", "attack_code": "protocol" } ] } ], "access_tokens": [] } ```