Enabling or disabling attacks
The AI engine detects multiple types of Indicators of Attack (IoAs) on REST application programming interface (API). Each IoA is associated with a unique attack ID. By default all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA, using theEnable/Disable Attacks feature of Attack Management.
Before you begin
You must have:
-
Admin user privileges.
About this task
To enable or disable attacks:
Steps
-
Click Settings → Enable/Disable Attacks.
+
The PingIntelligence Dashboard interacts with the AI Engine when you enable or disable an IoA. If you disable an attack while the AI engine is processing data, it might continue reporting IoAs for a few minutes. The IoA type would be disabled when the next batch of data is processed. When you enable an IoA from the disabled state, the AI engine takes a few minutes to report new IoA events. For more information, see Enable or disable attacks. |
-
Click the Toggle
to enable or disable an IoA type. The toggle button will not be present if an IoA cannot be disabled. For example, the following IoA IDs cannot be disabled as these are real-time events reported by API Security Enforcer (ASE):
-
Attack ID 13: API DDoS Attack Type 2.
-
Attack ID 100: Decoy Attack. This IoA ID must be disabled on ASE.
-
Attack ID 101: Invalid API Activity. This IoA ID must be disabled on ASE.
-
Click on the Expand
-
icon for details such as the time the IoA was enabled or disabled. The following screenshot displays the IoA details.
+ image::hwx1640182452025.png[alt="Screen capture of PingIntelligence enable/disable attacks - attack details.",role="border-no-padding"]
+ You will always be prompted with a confirmation notification before enabling or disabling an IoA. For example when you try to disable an IoA, you will be prompted with the following notification. Click Submit to confirm. You should see a success notification whenever an IoA type is enabled or disabled.
+ image::biq1606234696991.png[alt="Screen capture of PingIntelligence disable attack notification.",role="border-no-padding"]
-
Sort the attack types based on IoA ID or Is Enabled status.
-
Search based on IoA name or IoA ID within enabled or disabled attacks.