---
title: Anomalous activity reporting
description: The Anomaly application programming interface (API) provides detailed reporting on anomalous activity associated with a specified API.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_anomalous_activity_reporting
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_anomalous_activity_reporting.html
revdate: April 3, 2024
---

# Anomalous activity reporting

The Anomaly application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* provides detailed reporting on anomalous activity associated with a specified API.

The types of anomalies detected include:

* Anomalies for each API Behavioral Security (ABS) attack type – activity which has the characteristics of one of the attack types (for example, API Memory Attack) ,but does not meet the threshold of an attack.

* Irregular Uniform Resource Locator (URL) *(tooltip: \<div class="paragraph">
  \<p>Identifies a resource according to its internet location.\</p>
  \</div>)* – suspicious URL traffic.

* Anomalous request activity including injection attacks, overflow attacks, and system commands.

This report detects leading indicators of attacks on API services and is reviewed to observe trends.

Here is an snippet from an Anomaly API JavaScript Object Notation (JSON) *(tooltip: \<div class="paragraph">
\<p>An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\</p>
\</div>)* report for a cookie-based API:

```json
{
 "company": "ping identity",
 "name": "api_anomalies",
 "description": " This report contains information on anomalous activity on the specified
 API",
 "later_date": "Tue Jan 14 18:00:00:000 2018",
 "earlier_date": "Sun Jan 12 18:00:00:000 2018",
 "api_name": "shop",
 "anomalies_summary": {
 "api_url": "shopapi",
 "total_anomalies": 14,
 "most_suspicious_ips": [],
 "most_suspicious_anomalies_urls": []
 },
 "anomalies_details": {
 "url_anomalies": {
 "suspicious_sessions": [],
 "suspicious_requests": []
 },
 "ioc_anomalies": [
 {
 "anomaly_type": "API Memory Attack Type 2",
 "cookies": [
 {
 "cookie": "AMAT_2_H",
 "access_time": [
 "Mon Jan 13 01:01:33:589 2018"
 ]
 },
 {
 "cookie": "AMAT_2_H",
 "access_time": [
 "Mon Jan 13 01:01:33:589 2018"
 ]
 }
 ]
 },
```