PingIntelligence

ABS detailed reporting

ABS Engine’s REST API interface provides access to a range of JSON reports on attacks, metrics, and anomalies. To view these reports, Ping Identity provides templates which can be loaded into Postman to simplify viewing of the JSON reports.

Install and Configure Postman Software

  1. Download and install the Postman application 6.2.5 or higher.

  2. Download “API Reports Using Postman Collection” from the Automated Docker PoC Installation section of the download site. ABS_5.0_Environment and ABS_5.0_Reports are files for Postman.

  3. Launch the Postman application. Make sure to disable SSL verification in Postman. For more information, see Using self-signed certificate with Postman

  4. Import the downloaded reports files by clicking the Import button

    jhz1564009296651

  5. Click the gear button in the top right corner.

  6. In the pop-up window, click ABS_5.1_Environment.

  7. In the Edit Environment pop-up window, configure the following values and click Update.

    1. Server IP Address – IP address of the Docker machine

    2. Port – Default is 8080

    3. Access_Key, Secret_Key - Default Access_Key is abs_ak and default Secret_Key is abs_sk

    4. API_Name – the name of API to view in reports

    5. Later_date, Earlier_date – a range of dates to query

  8. In the main Postman app window, select the report to display in the left column and then click Send.

    vgb1564009297666

Other reports which can be generated for a specified time-frame (make sure you specify a time range which covers the time that you ran the attack scripts) include:

  • Metrics – shows all activity on the specified API

  • Attacks (set Type=0) – shows a list of all attack categories and client identifiers (for example, token, IP address, cookie) associated with the attack

  • Backend Errors – shows activity which generated the errors

  • IP Forensic Info - set the IP address to an attacker identified in the Attacks report– shows all API activity for the specified IP

  • Token Forensic Info - set the Token address to an attacker identified in the Attacks report - shows all API activity for the specified token