--- title: Attack management in ASE description: In API Security Enforcer (ASE), you manage detected attacks through both allow list and deny list. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_attack_management_ase canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_attack_management_ase.html revdate: April 3, 2024 --- # Attack management in ASE In API Security Enforcer (ASE), you manage detected attacks through both allow list and deny list. Client identifiers in deny list are blocked by ASE while those in the allow list are never blocked. You can also choose to block or allow a client identifier at application programming interface (API) *(tooltip: \
\

A specification of interactions available for building software to access an application or service.\

\
)* level by configuring the individual API JavaScript Object Notation (JSON) *(tooltip: \
\

An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\

\
)*. * Allow list List of safe Internet Protocol (IP) *(tooltip: \
\

The method by which data is sent across the internet from the source host to the destination host.\

\
)* addresses, cookies, OAuth2 Tokens, API keys, or usernames that will not be blocked by ASE.The list is manually created using ASE CLI commands. * Deny list List of bad IP addresses, cookies, OAuth2 Tokens, API keys, or usernames that are always blocked by ASE.The list consists of entries from one or more of the following sources: * API Behavioral Security (ABS) detected clients suspected of executing attacks (for example, data exfiltration). * ASE detected clients suspected of executing attacks (for example, invalid method, decoy API accessed). These attacks are reported to ABS and become part of ABS deny list also after further AI processing. * List of bad client identifiers manually added using ASE CLI