PingIntelligence

CLI for sideband ASE

Start ASE

Start ASE

Syntax

./start.sh

Stop ASE

Stop ASE

Syntax

./stop.sh

Help

Displays cli.sh help

Syntax

./cli.sh help

Version

Displays the version number of ASE

Syntax

./cli.sh version

Status

Displays the running status of ASE

Syntax

./cli.sh status

Update Password

Change ASE admin password

Syntax

./cli.sh update_password -u admin - p

Change log level

Change balancer.log and controller.log log level

Syntax

./cli.sh log_level -u admin -p

Options

warn, info, error, fatal, debug

Get Authentication Method

Display the current authentication method

Syntax

./cli.sh get_auth_method -u admin -p

Update Authentication Method

Update ASE authentication method

Syntax

./cli.sh update_auth_method {method} -u admin -p

Enable Sideband Authentication

Enable authentication between API gateway and ASE when ASE is deployed in sideband mode

Syntax

./cli.sh enable_sideband_authentication -u admin – p

Disable Sideband Authentication

Disable authentication between API gateway and ASE when ASE is deployed in sideband mode

Syntax

./cli.sh disable_sideband_authentication -u admin – p

Create ASE Authentication Token

Create the ASE token that is used to authenticate between the API gateway and ASE

Syntax

./cli.sh create_sideband_token -u admin – p

List ASE Authentication Token

List the ASE token that is used to authenticate between the API gateway and ASE

Syntax

./cli.sh list_sideband_token -u admin – p

Import ASE Authentication Token

Import ASE token that is used for authentication between ASE and API gateway. The token should be 32 character long, and the allowable characters in the token are: alphabets in small case and digits 0-9.

Syntax

./cli.sh import_sideband_token {token} -u admin – p admin

Delete ASE Authentication Token

Delete the ASE token that is used to authenticate between the API gateway and ASE

Syntax

./cli.sh delete_sideband_token {token} -u admin – p

Enable Audit Logging

Enable audit logging

Syntax

./cli.sh enable_audit -u admin -p admin

Disable Audit Logging

Disable audit logging

Syntax

./cli.sh disable_audit -u admin -p admin

Add Syslog Server

Add a new syslog server

Syntax

./cli.sh –u admin -p admin add_syslog_server host:port

Delete Syslog Server

Delete the syslog server

Syntax

./cli.sh –u admin -p admin delete_syslog_server host:port

List Syslog Server

List the current syslog server

Syntax

./cli.sh –u admin -p admin list_syslog_server

Add API

Add a new API file in JSON format. File should have .json extension. Provide the complete path where you have stored the API JSON file. After running the command, API is added to /opt/pingindentity/ase/config/api directory

Syntax

./cli.sh –u admin -p admin add_api {config_file_path}

Update API

Update an API after the API JSON file has been edited and saved

Syntax

./cli.sh –u admin -p admin update_api {api_name}

List APIs

Lists all APIs configured in ASE

Syntax

./cli.sh –u admin -p admin list_api

API Info

Displays the API JSON file

Syntax

./cli.sh –u admin -p admin api_info {api_id}

API Count

Displays the total number of APIs configured

Syntax

./cli.sh –u admin -p admin api_count

Enable Per API Blocking

Enables attack blocking for the API

Syntax

./cli.sh –u admin -p admin enable_blocking {api_id}

Disable Per API Blocking

Disable attack blocking for the API

Syntax

./cli.sh –u admin -p admin disable_blocking {api_id}

Delete API

Delete an API from ASE. Deleting an API removes the corresponding JSON file and deletes all the cookies associated with that API

Syntax

./cli.sh –u admin -p admin delete_api {api_id}

Generate Master Key

Generate the master obfuscation key ase_master.key

Syntax

./cli.sh -u admin -p admin generate_obfkey

Obfuscate Keys and Password

Obfuscate the keys and passwords configured in various configuration files

Syntax

./cli.sh -u admin -p admin obfuscate_keys

Create a Key Pair

Creates private key and public key pair in keystore

Syntax

./cli.sh –u admin -p admin create_key_pair

Create a CSR

Creates a certificate signing request

Syntax

./cli.sh –u admin -p admin create_csr

Create a Self-Signed Certificate

Creates a self-signed certificate

Syntax

./cli.sh –u admin -p admin create_self_sign_cert

Import Certificate

Import CA signed certificate into keystore

Syntax

./cli.sh –u admin -p admin import_cert {cert_path}

Create Management Key Pair

Create a private key for management server

Syntax

/cli.sh –u admin -p admin create_management_key_pair

Create Management CSR

Create a certificate signing request for management server

Syntax

/cli.sh –u admin -p admin create_management_csr

Create Management Self-signed Certificate

Create a self-signed certificate for management server

Syntax

/cli.sh –u admin -p admin create_management_self_sign_cert

Import Management Key Pair

Import a key-pair for management server

Syntax

/cli.sh –u admin -p admin import_management_key_pair {key_path}

Import Management Certificate

Import CA signed certificate for management server

Syntax

/cli.sh –u admin -p admin import_management_cert {cert_path}

Cluster Info

Displays information about an ASE cluster

Syntax

./cli.sh –u admin -p admin cluster_info

Delete Cluster Node

Delete and inactive ASE cluster node

Syntax

./cli.sh –u admin -p admin delete_cluster_node host:port

Enable Firewall

Enable API firewall. Activates pattern enforcement, API name mapping, manual attack type

Syntax

./cli.sh –u admin -p admin enable_firewall

Disable Firewall

Disable API firewall

Syntax

./cli.sh –u admin -p admin disable_firewall

Enable ASE detected attacks

Enable ASE detected attacks

Syntax

./cli.sh –u admin -p admin enable_ase_detected_attack

Disable ASE Detected Attacks

Disable API firewall

Syntax

./cli.sh –u admin -p admin disable_ase_detected_attack

Enable ABS

Enable ABS to send access logs to ABS

Syntax

./cli.sh –u admin -p admin enable_abs

Disable ABS

Disable ABS to stop sending access logs to ABS

Syntax

./cli.sh –u admin -p admin disable_abs

Adding Blacklist

Add an entry to ASE blacklist using CLI. Valid type values are: IP, Cookie, OAuth2 token, API Key, and username

If type is ip, then Name is the IP address.

If type is cookie, then name is the cookie name, and value is the cookie value

Syntax

./cli.sh –u admin -p admin add_blacklist {type}{name}{value}

Example

/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
Delete Blacklist Entry

Delete entry from the blacklist

Syntax

./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}

Example

cli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
Clear Blacklist

Clear all the entries from the blacklist

Syntax

./cli.sh –u admin -p admin clear_blacklist

View Blacklist

View the entire blacklist or view a blacklist for the specified attack type (for example, invalid_method)

Syntax

./cli.sh –u admin -p admin view_blacklist \{all\|manual\|abs_generated\|invalid_content_type\|invalid_method\|invalid_protocol\|decoy\|missing_token}

View Blacklist for IP addresses with missing tokens

View the blacklist entries that are blocked due to missing tokens

Syntax

./cli.sh view_blacklist missing_token -uadmin -padmin

Adding Whitelist

Add an entry to ASE whitelist using CLI. Valid type values are: IP, cookie, OAuth2 token, API key, and username

If type is IP, then name is the IP address.

If type is cookie, then name is the cookie name, and value is the cookie value

Syntax

./cli.sh –u admin -p admin add_whitelist {type}{name}{value}

Example

/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597
Delete Whitelist Entry

Delete entry from the whitelist

Syntax

./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}

Example

/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35
Clear Whitelist

Clear all the entries from the whitelist

Syntax

./cli.sh –u admin -p admin clear_whitelist

View Whitelist

View the entire whitelist

Syntax

./cli.sh –u admin -p admin view_whitelist

ABS Info

Displays ABS status information.

ABS enabled or disabled, ASE fetching ABS attack types, and ABS cluster information

Syntax

./cli.sh –u admin -p admin abs_info