---
title: Configuring automated ASE attack blocking
description: When the AI Engine detects an attack, it adds an entry to its deny list, which consists of usernames, tokens, application programming interface (API) Keys, cookies, and Internet Protocol (IP) addresses of clients that were detected executing attacks.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_automated_ase_attack_blocking
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_automated_ase_attack_blocking.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
  example-3: Example:
---

# Configuring automated ASE attack blocking

When the AI Engine detects an attack, it adds an entry to its deny list, which consists of usernames, tokens, application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* Keys, cookies, and Internet Protocol (IP) *(tooltip: \<div class="paragraph">
\<p>The method by which data is sent across the internet from the source host to the destination host.\</p>
\</div>)* addresses of clients that were detected executing attacks.

## About this task

If blocking is enabled for the API, the deny list is automatically sent to API Security Enforcer (ASE) nodes, which blocks the client's future access using the identifiers on the list.

## Steps

* To activate API Behavioral Security (ABS) log processing, run the following ASE command:

  ### Example:

  ```
  /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
  ```

  |   |                                                                                                                                   |
  | - | --------------------------------------------------------------------------------------------------------------------------------- |
  |   | After log processing is enabled, ASE sends log data to ABS which processes the log data to look for attacks and generate reports. |

* To activate automatic client blocking, run the following ASE command:

  ### Example:

  ```
  /opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack
  ```

  |   |                                                                                                                                                                                                                      |
  | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | ABS generates a list of clients which are suspected of executing attacks. ABS can be configured to automatically send the attack list to ASE which blocks client access. By default, automatic blocking is inactive. |

* To disable automatic sending of ABS attack lists to ASE, run the following ASE command:

  ### Example:

  ```
  /opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack
  ```