PingIntelligence

Discovery sub-paths

Before starting application programming interface (API) discovery, you must configure the sub-path depth to allow the API Behavioral Security (ABS) AI Engine to accurately detect the API environment. Sub-path depth provides the number of sub-paths for a unique API definition.

Here are examples of discovery_subpath values:

  • “1”, example: /atmapp is the basepath for /atmapp/zipcode, /atmapp/update, etc.

  • “2”, example: v1/atmapp is the basepath for v1/atmapp/zipcode, v1/atmapp/update, etc.

  • “3”, example: v1/cust1/atmapp is the basepath for v1/cust1/atmapp/zipcode, etc.

The discovery_subpath parameter is configured using the Global configuration update REST API and it defines the number of sub-paths in the basepath of the API. The default value is set to 1. The maximum allowed value is six when API Security Enforcer (ASE) is deployed in inline mode and it is 10 when ASE is deployed in sideband mode. The url_limit parameter defines the maximum number of Uniform Resource Locator (URL)s reported in a discovered API. The default value is 100.

You can also update the discovery sub-path using PingIntelligence for APIs Dashboard. For more information, see Discovered APIs.

You can update the url_limit and discovery_subpath by running the update.sh script. The update.sh script is available in the/opt/pingidentity/abs/util directory. Copy the script from the util directory to your MongoDB primary machine.

After executing the script, stop and start all ABS nodes for the updated values to take effect.

For example, change the url_limit to 50:

/opt/pingidentity/mongo/update.sh -u absuser -p abs123 --url_limit 50
updating url_limit to 50
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
The current values of the variables are:
attack_initial_training=48
attack_update_interval=24
api_discovery=false
discovery_update_interval=1
continuous_learning=true
discovery_initial_period=1
url_limit=50
response_size=100
window_length=24
discovery_subpath=3
percentage_diskusage_limit=80

You need to restart all the ABS node for your changes to take effect.

Update script help is available by logging into the MongoDB primary machine and running the following command:

/opt/pingidentity/mongo/update.sh help