PingIntelligence

Email reports

ASE sends reports at a frequency in number of days configured in ase.conf file. The report is sent at midnight, 00:00:00 hours based on the local system time.

The report contains the following:

  • Cluster name and location

  • Status information on each cluster node:

    • Operating system, IP address, management port, and cluster port

    • Ports and the number of processes (PIDs)

    • Average CPU memory utilization (average during 30-minute polling intervals)

    • Disk usage and log size

  • Information on each API: Name, Protocol, and Server Pool

The following example shows what a weekly or daily email report looks like:

Date: Sat, 29 Jun 2019 04:01:47 -0800 (PST)
To: receiver@example.com
From: sender@exmple.com
Subject:  API Security Enforcer Daily Reports

Dear DevOps,
Please find the daily report generated by ase2 at 2019-Jun-29 00:01:01 UTC.
============== Cluster Details =================
Cluster Name: pi_cluster
Active Nodes: 2
Inactive nodes: 0
No of APIs: 7
LSM State: disabled
Manual IOC: 0
Automated IOC: 0

================== Node 1 ===================
Host Name: apx1
Management Port: 8010
Cluster Port: 8020
Status: Active
Up Since: 2019-Jan-26 09:27:26
Operating System: Ubuntu 14.04.4 LTS
CPU Usage: 55.80%
Memory Usage: 38.17%
Filesystem Usage: 17.20%
Log Size: 20 GB

================== Node 2 ===================
Host Name : apx2
Management Port: 8010
Cluster Port: 8020
Status: Active
Up Since: 2019-Jan-26 09:26:35
Operating System: Ubuntu 14.04.4 LTS
CPU Usage: 55.79%
Memory Usage: 38.17%
Filesystem Usage: 17.20%
Log Size: 20 GB
=============================================

================= API Details ==================
API ID: https-app
Status: loaded
Protocol: https
decoy: in-context
Active Servers: 172.17.0.8:2800 172.17.0.7:2700
Inactive Servers:
=============================================
API ID: http-app
Status: loaded
Protocol: http
decoy: in-context
Active Servers: 172.17.0.7:2100 172.17.0.8:2300 172.17.0.7:2700
Inactive Servers:
=============================================

Best,
API Security Enforcer

Decoy API access reports

ASE sends decoy API access report at a 3-hour interval by default. You can configure this time interval in minutes in the ase.conf file by configuring the decoy_alert_interval variable. ASE sends the report only if the decoy API is accessed during the configured time interval.

The report provides the following details:

  • The start time when the decoy API was first accessed and the end time when it was last accessed

  • The ASE cluster name

  • The total number of requests for decoy API in the ASE cluster

  • The host name of the ASE where the decoy API was accessed

The following example shows what an email report for a decoy API looks like:

Date: Sat, 29 Jun 2019 04:01:47 -0800 (PST)
To: receiver@example.com
From: sender@exmple.com
Subject:  API Security Enforcer Decoy Access Reports

Dear DevOps,
Please find the decoy report generated by ase2 at 2019-Jun-29 12:01:45 UTC. The default location for the decoy log files is in the directory: /opt/pingidentity/ase/logs/
============== Decoy Summary =================
Cluster Name: pi_cluster
Start Time: 2019-Jun-29 09:00:00
End Time: 2019-Jun-29 12:00:00
Total Requests: 875

================== Node 1 ===================
Host Name: ase2
Total Requests: 428

================== Node 1 ===================
Host Name: ase
Total Requests: 447

Best,
API Security Enforcer