PingIntelligence

Manage ASE blocking of ABS detected attacks

To configure ASE to automatically fetch and block ABS detected attacks, complete the following steps:

  1. To enable ASE Security, enter the following command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_firewall
  2. To enable ASE to send API traffic information to ABS, enter the following command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
  3. To enable ASE to fetch and block ABS detected attacks, enter the following command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack

After enabling automated attack blocking, ASE periodically fetches the attack list from ABS and blocks the identified connections. To set the time interval at which ASE fetches the attack list from ABS, configure the abs_attack_request_minute parameter in ase.conf file.

; This value determines how often ASE will query ABS.
abs_attack_request_minutes=10

Disable attack list fetching from ABS

To disable ASE from fetching the ABS attack list, enter the following CLI command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack

After entering the above command, ASE will no longer fetch the attack list from ABS. However, ABS continues generating the attack list and stores it locally. The ABS attack list can be viewed using ABS APIs and used to manually configured an attack list on ASE. For more information on ABS APIs, see ABS AI Engine.

To stop an ASE cluster from sending log files to ABS, enter the following ASE CLI command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs

After entering this command, ABS will not receive any logs from ASE. Refer to the ABS documentation for information on types of attacks.