PingIntelligence

TTL for client identifiers in ABS

The ABS AI Engine blacklist supports configuring the length of time that a client identifier type (username, OAuth token, API Key, cookie, and IP address) remains on the blacklist. Each client identifier type can be configured with a different value in minutes. The default value of zero minutes means that the AI engine will not remove any client identifiers from the blacklist unless the TTL value is changed.

You can change the default value of TTL by using the admin ABS REST API which supports configuring a different TTL in minutes for each client identifier. Following are the recommended steps to managing client identifier TTL:

  1. Use the ABS admin REST API to fetch the current TTL values.

  2. Use the PUT method with the ABS admin REST API to configure the TTL.

When you update the TTL value, it applies to the client identifiers in the blacklist that the AI engine identified from that time onwards. For example, you set initial TTL of 120-minutes at 6 AM for 100 client identifiers in the blacklist, then the list will exist till 8 AM. Now, if you change the TTL at 7 AM to 30-minutes, then the initial list of 100 client identifier will still exist till 8 AM. The new 30-minute TTL will apply to the client identifiers reported from 7 AM onwards.

Fetch the current TTL value: Use the admin API to fetch the current TTL of the client identifiers:

The following is a sample output displaying the current TTL values:

{
	"company": "ping identity",
	"name": "api_admin",
	"description": "This report contains status information on all APIs, ABS clusters,
      and ASE logs",
      "license_info": {
        "tier": "Subscription",
        "expiry": "Wed Jan 15 00:00:00 UTC 2020",
        "max_transactions_per_month": 1000000000,
        "current_month_transactions": 98723545,
        "max_transactions_exceeded": false,
        "expired": false
    },
    "across_api_prediction_mode": true,
    "api_discovery": {
        "subpath_length": "1",
        "status": true
	"apis": [
    	{
        	"api_name": "app",
        	"host_name": "*",
        	"url": "/atm_app_oauth",
        	"api_type": "decoy-incontext",
        	"creation_date": "Thu Dec 26 09:51:10 UTC 2019",
        	"servers": 0,
        	"protocol": "http",
        	"cookie": "",
        	"token": true,
        	"training_started_at": "Thu Dec 26 09:52:29 UTC 2019",
        	"training_duration": "1 hour",
        	"prediction_mode": true,
        	"apikey_header": "",
        	"apikey_qs": ""
    	}
	],
	"abs_cluster": {
    	"abs_nodes": [
        	{
            	"node_ip": "172.17.0.1",
            	"os": "DISTRIB_ID=Ubuntu - ",
            	"cpu": "4",
            	"memory": "7.8G",
            	"filesystem": "19%",
            	"bootup_date": "Wed Dec 25 15:01:06 UTC 2019"
        	}
    	],
    	"mongodb_nodes": [
        	{
            	"node_ip": "172.17.0.1",
            	"status": "up"
        	}
    	]
	},
	"ase_logs": [
    	{
        	"ase_node": "8f9d07c5-c5c4-43c3-97be-9672c7fd2986",
        	"last_connected": "Thu Dec 26 10:51:13 UTC 2019",
        	"logs": {
            	"start_time": "Thu Dec 26 09:51:14 UTC 2019",
            	"end_time": "Thu Dec 26 10:51:13 UTC 2019",
            	"gzip_size": "429.96KB"
        	}
    	}
	],
	"percentage_diskusage_limit": "80%",
	"scale_config": {
    	"scale_up": {
        	"cpu_threshold": "70%",
        	"cpu_monitor_interval": "30 minutes",
        	"memory_threshold": "70%",
        	"memory_monitor_interval": "30 minutes",
        	"disk_threshold": "70%",
        	"disk_monitor_interval": "30 minutes"
    	},
    	"scale_down": {
        	"cpu_threshold": "10%",
        	"cpu_monitor_interval": "300 minutes",
        	"memory_threshold": "10%",
        	"memory_monitor_interval": "300 minutes",
        	"disk_threshold": "10%",
        	"disk_monitor_interval": "300 minutes"
    	}
	},
	 "attack_ttl": \{ "ids": [ \{ "id": "ip", "ttl": 0 }, \{ "id": "cookie", "ttl": 0 }, \{ "id": "access_token", "ttl": 0 }, \{ "id": "api_key", "ttl": 0 }, \{ "id": "username", "ttl": 0 } ] }
}

Configure the TTL: Use the PUT method with admin REST API to configure the TTL in minutes:

Method: PUT

Body:

{
 "ids" : [
 {
 "id" : "ip",
 "ttl" : 10
 },
 {
 "id" : "cookie",
 "ttl" : 10
 },
 {
 "id" : "access_token",
 "ttl" : 10
 },
 {
 "id" : "api_key",
 "ttl" : 10
 },
 {
 "id" : "username",
 "ttl" : 10
 }
 ]
}

Response:

{
	"message": "TTL updated successfully",
	"date": "Thu Dec 26 10:59:40 UTC 2019"
}

To verify the new TTL values, rerun the ABS admin REST API with the GET method.