PingIntelligence

Discovery Subpaths

Before starting API discovery, it is important to configure the subpath depth which allows the AI Engine to accurately detect the API environment. Subpath depth provides the number of sub-paths for a unique API definition. Here are examples of discovery_subpath values:

  • “1”, example: /atmapp is basepath for /atmapp/zipcode, /atmapp/update, etc.

  • “2”, example: v1/atmapp is basepath for v1/atmapp/zipcode, v1/atmapp/update, etc.

  • “3”, example: v1/cust1/atmapp is basepath for v1/cust1/atmapp/zipcode, etc.

The discovery_subpath parameter is configured using the Global configuration update REST API and it defines the number of sub-paths in the basepath of the API. The default value is set to 1. The maximum allowed value is six when API Security Enforcer (ASE) is deployed in inline mode and it is 10 when ASE is deployed in sideband mode. The url_limit parameter defines the maximum number of URLs reported in a discovered API. The default value is 100.

You can also update the discovery sub-path using PingIntelligence for APIs Dashboard. For more information, see Discovered APIs.

Updating url_limit and discovery_subpath: You can update the url_limit and discovery_subpath by running the update.sh script. The update.sh script is available in the/opt/pingidentity/abs/util directory. Copy the script from the util directory to your MongoDB primary machine. NOTE: After executing the script, stop and start all ABS nodes for the updated values to take effect.

Example: Change the url_limit to 50

/opt/pingidentity/mongo/update.sh -u absuser -p abs123 --url_limit 50
updating url_limit to 50
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
The current values of the variables are:
attack_initial_training=48
attack_update_interval=24
api_discovery=false
discovery_update_interval=1
continuous_learning=true
discovery_initial_period=1
url_limit=50
response_size=100
window_length=24
discovery_subpath=3
percentage_diskusage_limit=80

You need to restart all the ABS node for your changes to take effect.

Update script help is available by logging into the MongoDB primary machine and running the following command:

/opt/pingidentity/mongo/update.sh help