PingIntelligence

Viewing ABS detailed reporting

The API Behavioral Security (ABS) Engine REST application programming interface (API) interface provides access to a range of JavaScript Object Notation (JSON) reports on attacks, metrics, and anomalies.

About this task

To view these reports, Ping Identity provides templates that can be loaded into Postman to simplify viewing of the JSON reports.

To install and configure Postman software:

Steps

  1. Download and install the Postman application 6.2.5 or later.

  2. Download the API Reports Using Postman Collection from the Automated Docker Proof of Concept Installation section.

    ABS_5.0_Environment and ABS_5.0_Reports are files for Postman.

  3. Launch the Postman application. Make sure to disable SSL verification in Postman.

    Learn more in Using self-signed certificate with Postman.

  4. Import the downloaded reports files by clicking the Import button.

    A screenshot of the Import button in Postman.

  5. Click the Gear icon in the top-right corner.

  6. In the pop-up window, click ABS_5.1_Environment.

  7. In the Edit Environment pop-up window, configure the following values and click Update:

    Value Description

    Server IP Address

    IP address of the Docker machine

    Port

    Default is 8080

    Access_Key, Secret_Key

    Default Access_Key is abs_ak and default Secret_Key is abs_sk

    API_Name

    The name of API to view in reports

    Later_date, Earlier_date

    A range of dates to query

  8. In the main Postman app window, select the report to display in the left column and then click Send.

    A screenshot of the main Postman page.

Next steps

Other reports that can be generated for a specified timeframe include the following. Make sure to specify a time range that covers the time that you ran the attack scripts.

Report Description

Metrics

Shows all activity on the specified API.

Attacks

(set Type=0) Shows a list of all attack categories and client identifiers (for example, token, IP address, cookie) associated with the attack.

Backend Errors

Shows activity that generated the errors.

IP Forensic Info

Set the IP address to an attacker identified in the Attacks report. Shows all API activity for the specified IP.

Token Forensic Info

Set the token address to an attacker identified in the Attacks report. Shows all API activity for the specified token.