Blocked connection reporting
API Behavioral Security (ABS) Blocked Connection REST application programming interface (API) reports all connections that are blocked by API Security Enforcer (ASE).
Two types of reports are provided:
-
Blocked Connection Summary Report
-
Blocked Connection Detail Report
The blocked connections are reported for the following categories:
-
API routing
-
DDoS flow control
-
ABS detected attacks
-
Custom blacklist
-
Decoy attacks
-
ASE detected attacks
Use the following ABS REST API for viewing the blocked connections report:
Blocked connection summary
URL: <ABS_IP>:port/v4/abs/bc?earlier_date=<>T<hh:mm>&later_date=<>T<hh:mm>
The following is a snippet of blocked connection summary report:
{
"company": "ping identity",
"name": "api_blockedconnections",
"description": " This report contains a summary of all API traffic blocked
by ASE for the following types: api_not_found, host_header_not_found,
backend_not_found, client_spike, server_spike, bytes_in_threshold,
bytes_out_threshold, quota_threshold, customer_blacklist,
abs_detected_attacks, ase_detected_attacks, decoy_detected_attacks",
"earlier_date": "Thu Jan 18 13:00:00:000 2018",
"later_date": "Thu Feb 22 18:00:00:000 2018",
"api_name": "global",
"total_blocked_connections": 21222,
"api_not_found": 0,
"host_header_not_found": 0,
"backend_not_found": 3501,
"client_spike": 237,
"server_spike": 6179,
"bytes_in_threshold": 5938,
"bytes_out_threshold": 18,
"quota_threshold": 0,
"customer_blacklist": 0,
"abs_detected_attacks": 4576,
"ase_detected_attacks": 773,
"decoy_detected_attacks": 0Blocked Connection Details
URL: <ABS_IP>:port/v4/abs/bc?later_date=<>T<hh:mm>&earlier_date=<>
T<hh:mm>&details=true
The following is a snippet of blocked connection details report:
{
"company": "ping identity",
"name": "api_blockedconnections",
"description": "This report contains details of all API traffic blocked by
ASE for the following types: api_not_found, host_header_not_found,
backend_not_found, client_spike, server_spike, bytes_in_threshold,
bytes_out_threshold, quota_threshold, customer_blacklist,
abs_detected_attacks, ase_detected_attacks, decoy_detected_attacks,
"earlier_date": "Thu Jan 18 13:00:00:000 2018",
"later_date": "Thu Feb 22 18:00:00:000 2018",
"api_blocked_connections": [
{
"category": "api_routing",
"details": [
{
"source": "192.168.11.161",
"type": "backend_not_found",
"destination_api": "/v2/pet/55"
},
{
"source": "192.168.11.161",
"type": "backend_not_found",
"destination_api": "/v2/store/inventory"
}
]
},
{
"category": "ddos_flowcontrol",
"details": [
{
"source": "100.64.1.24",
"type": "bytes_in_threshold",
"destination_api": "/app/ws"
},
{
"source": "100.64.3.213",
"type": "protocol_violation",
"destination_api": ""
}
]
},
{
"category": "abs_detected_attacks",
"details": [
{
"source": "100.64.38.180",
"type": "ioc_abs_ip_port",
"destination_api": "/atmapp/zipcode"
},
{
"source": "100.64.38.180",
"type": "ioc_abs_ip_port",
"destination_api": "/atmapp/zipcode"
}
]
},
{
"category": "customer_blacklist",
"details": []
},
{
"category": "decoy_detected_attacks",
"details": []
},
{
"category": "ase_detected_attacks",
"details": [
{
"source": "100.64.8.252",
"type": "protocol_violation",
"destination_api": ""
},
{
"source": "100.64.36.93",
"type": "protocol_violation",
"destination_api": ""
}
]
},
]
}
]
}