---
title: Enabling or disabling attacks
description: The AI engine detects multiple types of Indicators of Attack (IoAs) on REST application programming interface (API). Each IoA is associated with a unique attack ID. By default all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA, using theEnable/Disable Attacks feature of Attack Management.
component: pingintelligence
version: 5.2
page_id: pingintelligence:managing_pingintelligence_for_apis:pingintelligence_enabling_disabling_attacks
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/managing_pingintelligence_for_apis/pingintelligence_enabling_disabling_attacks.html
revdate: April 3, 2024
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
---

# Enabling or disabling attacks

The AI engine detects multiple types of Indicators of Attack (IoAs) on REST application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)*. Each IoA is associated with a unique attack ID. By default all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA, using the**Enable/Disable Attacks** feature of **Attack Management**.

## Before you begin

You must have:

* Admin user privileges.

## About this task

To enable or disable attacks:

## Steps

* Click **Settings → Enable/Disable Attacks**.

![Screen capture of PingIntelligence enable/disable attacks.](_images/xdj1640182301940.png)

\+

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The PingIntelligence Dashboard interacts with the AI Engine when you enable or disable an IoA. If you disable an attack while the AI engine is processing data, it might continue reporting IoAs for a few minutes. The IoA type would be disabled when the next batch of data is processed. When you enable an IoA from the disabled state, the AI engine takes a few minutes to report new IoA events. For more information, see [Enable or disable attacks](../pingintelligence_reference_guide/pingintelligence_enable_disable_attack_ids.html). |

* Click the **Toggle**![mcs1606232471133](_images/mcs1606232471133.png)

to enable or disable an IoA type. The toggle button will not be present if an IoA cannot be disabled. For example, the following IoA IDs cannot be disabled as these are real-time events reported by API Security Enforcer (ASE):

* Attack ID 13: API DDoS Attack Type 2.

* Attack ID 100: Decoy Attack. This IoA ID must be disabled on ASE.

* Attack ID 101: Invalid API Activity. This IoA ID must be disabled on ASE.

  * Click on the **Expand**![iww1606233786628](_images/iww1606233786628.png)

icon for details such as the time the IoA was enabled or disabled. The following screenshot displays the IoA details.

\+ image::hwx1640182452025.png\[alt="Screen capture of PingIntelligence enable/disable attacks - attack details.",role="border-no-padding"]

\+ You will always be prompted with a confirmation notification before enabling or disabling an IoA. For example when you try to disable an IoA, you will be prompted with the following notification. Click **Submit** to confirm. You should see a success notification whenever an IoA type is enabled or disabled.

\+ image::biq1606234696991.png\[alt="Screen capture of PingIntelligence disable attack notification.",role="border-no-padding"]

* Sort the attack types based on IoA ID or Is Enabled status.

  ![Screen capture of PingIntelligence attack type sorting.](_images/qse1606318138336.png)

* Search based on IoA name or IoA ID within enabled or disabled attacks.

  ![Screen capture of PingIntelligence enable/disable attacks - search.](_images/dim1640182595129.png)