PingIntelligence

Consolidated attack report across API

Steps

  • Use the following ABS REST API to access all the attack types:

    https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&type=<type_id>.

    Example:

    https://192.168.11.166:8080/v4/abs/attack?later_date=2018-12-31T18:00&later_date=2018-10-25T13:30&type=0

    1. You can further select a client identifier (IP, cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.

      Example:

      [
    {
        "company": "ping identity",
        "attack_type": "Stolen Token Attack Type 2",
        "name": "api_attack_type",
        "description": "Client (Token) reusing cookies to deceive application services.",
        "earlier_date": "Thu Oct 25 13:30:00:000 2018",
        "later_date": "Mon Dec 31 18:00:00:000 2018",
        "api_name": "all",
        "access_tokens": [
            {
                "access_token": "SYU4R2ZZN1IDYI0L",
                "details": [
                    {
                        "access_time": "Tue Nov 27 11:10:00:000 2018",
                        "attack_code": "varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 11:40:00:000 2018",
                        "attack_code": "varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 16:10:00:000 2018",
                        "attack_code": "varA(Tn, 2)",
                        "attack_deviation": "varA(700%)"
                    }
                ]
            },
            {
                "access_token": "CT27QTP01K6ZW2AK",
                "details": [
                    {
                        "access_time": "Tue Nov 27 10:50:00:000 2018",
                        "attack_code": "varA(Tn, 2)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 11:10:00:000 2018",
                        "attack_code": "varA(Tn, 4)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 11:40:00:000 2018",
                        "attack_code": "varA(Tn, 5)",
                        "attack_deviation": "varA(700%)"
                    }
                ]
            },

            {
                "ip": "100.64.7.124",
                "details": [
                    {
                        "access_time": "Tue Nov 27 11:20:00:000 2018",
                        "attack_code": "varA(Tn, 3), varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 11:30:00:000 2018",
                        "attack_code": "varA(Tn, 3), varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    }
                ]
            },

            {
                "ip": "100.64.10.18",
                "details": [
                    {
                        "access_time": "Tue Nov 27 11:10:00:000 2018",
                        "attack_code": "varA(Tn, 3), varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    },
                    {
                        "access_time": "Tue Nov 27 11:40:00:000 2018",
                        "attack_code": "varA(Tn, 3), varA(Tn, 3)",
                        "attack_deviation": "varA(700%)"
                    }
                ]
            }
        ]
    }
]