Manage attack blocking
ASE and ABS work in tandem to detect and block attacks. ASE detects attacks in real-time, blocks the hacker, and reports attack information to ABS. ABS AI Engine uses behavioral analysis to look for advanced attacks.
Attack management is done in both ABS and ASE.
In ABS, you can:
-
List active, expired or a consolidated list of active and expired client identifiers for a specific time period. For more information see, ABS blacklist reporting.
-
Delete specific client identifiers from ABS blacklist or bulk delete a type of client identifier using ABS REST API. For more information, see Delete individual client identifiers and Bulk delete client identifiers.
-
Enable or disable a specific attack ID. When you disable an attack ID, ABS stops reporting attacks across all client identifiers for that attack ID. For more information, see Enable or disable attack IDs.
-
Configure the time-to-live (TTL) for each client identifier type. The TTL time applies to all the detected attacks for that client identifier. For more information, see TTL for client identifiers in ABS.
In ASE, you can:
-
Manually add or delete entries from whitelist and blacklist
-
Enable or disable automatic blocking of ABS detected attack types
-
Enable or disable ASE detected real-time attacks. ASE detects real time attacks only in an inline deployment.
For more information see, Attack management in ASE.