ABS reports
API Behavioral Security (ABS) sends an e-mail report every 24 hours at midnight, 00:00:00 hours (local system time).
Each report includes values for the following parameters:
-
ABS Node Status: resource utilization of CPU, file system, and operating system
-
ASE Logs Processed: Compressed file size of ASE logs processed in 24 hours
-
Total Requests: The number of requests in the processed log files in 24 hours
-
Success: The total number of requests which got a 200-OK response
-
Total Anomalies: Total number of anomalies detected across APIs in 24 hours
-
Total IOC: Total number of attacks detected in 24 hours
-
When: The time when the email report was sent
-
Where: The ABS node that sent the email report
-
MongoDB node IP address and status
Following is a sample ABS email template:
Dear DevOps, Please find the daily report generated by 192.168.11.166 at 2019-Jun-25 00:02:00 UTC ===================Cluster Details============= ASE Logs Processed: 93.78MB Total Request: 678590 Success: 596199 Total Anomalies: 7 Total IOC: 2 When : 2019-Jun-25 00:02:00 UTC Where: 192.168.11.166 ==================Node1 =================== Host : 192.168.11.166 OS : Red Hat Enterprise Linux Server release 7.5 (Maipo) CPU : 24 Memory : 62G Filesystem : 39% =========================================== ================Mongo1 ==================== Host : 192.168.11.162 Status : up =========================================== ================Mongo2 ==================== Host : 192.168.11.164 Status : up =========================================== ================Mongo3 ==================== Host : 192.168.11.1685 Status : up =========================================== =========================================== Best, API Behavioral Security.