--- title: Reporting active and expired client identifiers description: API Behavioral Security (ABS ) provides an attacklist REST API with GET method to list active attacks in the system, expired attacks, and consolidated (active and expired) attacks together. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:reporting_active_expired_client_identifiers canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/reporting_active_expired_client_identifiers.html revdate: April 3, 2024 section_ids: about-this-task: About this task steps: Steps --- # Reporting active and expired client identifiers API Behavioral Security (ABS ) provides an `attacklist` REST API with GET method to list active attacks in the system, expired attacks, and consolidated (active and expired) attacks together. ## About this task The list of detected client identifiers depends on the [TTL set for the client identifiers](pingintelligence_ttl_client_identifiers_in_abs.html). The attack list reports the detected client identifiers (active or expired) for the queried period. The time-period is part of the API query parameter. `URL: /v4/abs/attacklist` ## Steps * To report active detected attacks, use the following REST API URL to report the active client identifiers: `/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=active` The API lists the active client identifiers for a time-period between `earlier_date` and `later_date`. PingIntelligence ASE fetches the active client identifiers list from ABS for blocking the clients. * To report expired detected attacks, use the following REST API URL to report the expired client identifiers: `/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=expired` The API lists the expired client identifiers for a time-period between `earlier_date` and `later_date`. The expiry of detected attacks in the system depends on the configured TTL. * To report consolidated (active and expired) detected attacks, use the following REST API URL to report the consolidated client identifiers attacks: `/v4/abs/attacklist?earlier_date=<>&later_date=<>` The API lists all the client identifiers for a time-period between `earlier_date` and `later_date`.