PingIntelligence

Consolidated attack report for an API

Steps

  • Use API URL with attack ID as 0 to access all the attacks for a specific API:

    https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&api=<api_name>&type=<type_id>

    Example:

    https://192.168.11.166:8080/v4/abs/attack?later_date=2018-12-31T18:00&later_date=2018-10-25T13:30&api=shop&type=0

    1. You can further select a client identifier (Internet Protocol (IP), cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.

      Example:

      {
 "company": "ping identity",
 "attack_type": "Data Exfiltration Attack",
 "cookie": "JSESSIONID",
 "description": "Client (IP or Cookie) extracting an abnormal amount of data for given API",
 "earlier_date": "Tue Jan 02 16:00:00:000 2018",
 "later_date": "Mon Jan 01 18:00:00:000 2018",
 "api_name": "shop",
 "cookies": [
 {
 "cookie": "extreme_client_activity_500_request",
 "details": [
 {
 "access_time": "Fri Jan 12 08:44:39:086 2018",
 "attack_code": "varA(Tx, 26)",
 "attack_deviation": "varA(700%)"
 },
 {
 "access_time": "Fri Jan 12 09:18:34:087 2018",
 "attack_code": "varA(Tx, 25)",
 "attack_deviation": "varA(700%)"
 }
 ]
 },

 {
 "company": "ping identity",
 "attack_type": "API Probing Replay Attack",
 "cookie": "JSESSIONID",
 "description": "Client (IP or Cookie) probing or trying different parameter values to breach
 the API service for given API",
 "earlier_date": "Tue Jan 02 16:00:00:000 2018",
 "later_date": "Mon Jan 01 18:00:00:000 2018",
 "api_name": "shop",
 "cookies": [
 {
 "cookie": "api_dos_attack_type_1_shop_50_percent_error",
 "details": [
 {
 "access_time": "Fri Jan 12 08:39:56:896 2018",
 "attack_code": "varA(Tx, 47)",
 "attack_deviation": "varA(700%)"
 },
 {
 "access_time": "Fri Jan 12 09:18:34:087 2018",
 "attack_code": "varA(Tx, 47)",
 "attack_deviation": "varA(700%)"
 }
 },
 },
}