--- title: Manage ASE blacklist description: Valid ASE operations for IP addresses, Cookies, OAuth2 Tokens, Username, and API Keys on a black list include: component: pingintelligence version: 5.1 page_id: pingintelligence:abs_ai_engine:pingintelligence_managing_ase_deny_list canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/abs_ai_engine/pingintelligence_managing_ase_deny_list.html revdate: April 3, 2024 section_ids: add-an-entry: Add an entry view-blacklist: View blacklist view-entire-blacklist-or-based-on-the-type-of-real-time-violation: View entire blacklist or based on the type of real time violation. view-blacklist-based-on-decoy-ip-addresses: View blacklist based on decoy IP addresses view-blacklist-based-on-protocol-violations: View blacklist based on protocol violations view-blacklist-based-on-method-violations: View Blacklist based on method violations view-blacklist-based-on-content-type-violation: View Blacklist based on content-type violation view-automated-blacklist-abs-detected-attacks: View automated blacklist (ABS detected attacks) delete-an-entry: Delete an entry clearing-the-blacklist: Clearing the blacklist --- # Manage ASE blacklist Valid ASE operations for IP addresses, Cookies, OAuth2 Tokens, Username, and API Keys on a black list include: ## Add an entry ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1 ip 1.1.1.1 added to blacklist ``` ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist ``` ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew token ad233edqsd1d23redwefew added to blacklist ``` ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist ``` ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username user1 username user1 added to blacklist ``` ## View blacklist ### View entire blacklist or based on the type of real time violation. ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all Manual Blacklist 1) type : ip, value : 10.10.10.10 2) type : cookie, name : JSESSIONID, value : cookie_1.4 3) type : token, value : token1.4 4) type : api_key, name : X-API-KEY, value : key_1.4 Realtime Decoy Blacklist 1) type : ip, value : 4.4.4.4 Realtime Protocol Blacklist 1) type : token, value : token1.1 2) type : ip, value : 1.1.1.1 3) type : cookie, name : JSESSIONID, value : cookie_1.1 Realtime Method Blacklist 1) type : token, value : token1.3 2) type : ip, value : 3.3.3.3 3) type : cookie, name : JSESSIONID, value : cookie_1.3 Realtime Content-Type Blacklist 1) type : token, value : token1.2 2) type : ip, value : 2.2.2.2 3) type : cookie, name : JSESSIONID, value : cookie_1.2 ``` ### View blacklist based on decoy IP addresses ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy Realtime Decoy Blacklist 1) type : ip, value : 4.4.4.4 ``` ### View blacklist based on protocol violations ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol Realtime Protocol Blacklist 1) type : token, value : token1.1 2) type : ip, value : 1.1.1.1 3) type : cookie, name : JSESSIONID, value : cookie_1.1 ``` ### View Blacklist based on method violations ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method Realtime Method Blacklist 1) type : token, value : token1.3 2) type : ip, value : 3.3.3.3 3) type : cookie, name : JSESSIONID, value : cookie_1.3 ``` ### View Blacklist based on content-type violation ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type Realtime Content-Type Blacklist 1) type : token, value : token1.2 2) type : ip, value : 2.2.2.2 3) type : cookie, name : JSESSIONID, value : cookie_1.2 ``` ### View automated blacklist (ABS detected attacks) ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected No Blacklist ``` ## Delete an entry ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1 ip 1.1.1.1 deleted from blacklist ``` ``` ./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd cookie JSESSIONID avbry47wdfgd deleted from blacklist ``` ``` ./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35 token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist ``` ## Clearing the blacklist ``` ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :y Blacklist cleared ./bin/cli.sh -u admin -p admin clear_blacklist This will delete all blacklist Attacks, Are you sure (y/n) :n Action canceled ``` When clearing the Blacklist, make sure that [real-time ASE detected](pingintelligence_detected_attacks_inline_ase.html) attacks and ABS detected attacks are disabled. If not disabled, the blacklist gets populated again as both ASE and ABS are continuously detecting attacks.