Consolidated result of attack types
To view all attack types on a given application programming interface (API) in a single, consolidated report, use the API Behavioral Security (ABS) Attack API.
Attack ID 0 gives all the attacks on a single API or across APIs based on the REST API query parameters.
Consolidated attack report for an API
Steps
-
Use API URL with attack ID as 0 to access all the attacks for a specific API:
https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&api=<api_name>&type=<type_id>
Example:
-
You can further select a client identifier (Internet Protocol (IP), cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.
Example:
{ "company": "ping identity", "attack_type": "Data Exfiltration Attack", "cookie": "JSESSIONID", "description": "Client (IP or Cookie) extracting an abnormal amount of data for given API", "earlier_date": "Tue Jan 02 16:00:00:000 2018", "later_date": "Mon Jan 01 18:00:00:000 2018", "api_name": "shop", "cookies": [ { "cookie": "extreme_client_activity_500_request", "details": [ { "access_time": "Fri Jan 12 08:44:39:086 2018", "attack_code": "varA(Tx, 26)", "attack_deviation": "varA(700%)" }, { "access_time": "Fri Jan 12 09:18:34:087 2018", "attack_code": "varA(Tx, 25)", "attack_deviation": "varA(700%)" } ] }, { "company": "ping identity", "attack_type": "API Probing Replay Attack", "cookie": "JSESSIONID", "description": "Client (IP or Cookie) probing or trying different parameter values to breach the API service for given API", "earlier_date": "Tue Jan 02 16:00:00:000 2018", "later_date": "Mon Jan 01 18:00:00:000 2018", "api_name": "shop", "cookies": [ { "cookie": "api_dos_attack_type_1_shop_50_percent_error", "details": [ { "access_time": "Fri Jan 12 08:39:56:896 2018", "attack_code": "varA(Tx, 47)", "attack_deviation": "varA(700%)" }, { "access_time": "Fri Jan 12 09:18:34:087 2018", "attack_code": "varA(Tx, 47)", "attack_deviation": "varA(700%)" } }, }, }
-
Consolidated attack report across API
Steps
-
Use the following ABS REST API to access all the attack types:
https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&type=<type_id>.
Example:
-
You can further select a client identifier (IP, cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.
Example:
[ { "company": "ping identity", "attack_type": "Stolen Token Attack Type 2", "name": "api_attack_type", "description": "Client (Token) reusing cookies to deceive application services.", "earlier_date": "Thu Oct 25 13:30:00:000 2018", "later_date": "Mon Dec 31 18:00:00:000 2018", "api_name": "all", "access_tokens": [ { "access_token": "SYU4R2ZZN1IDYI0L", "details": [ { "access_time": "Tue Nov 27 11:10:00:000 2018", "attack_code": "varA(Tn, 3)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 11:40:00:000 2018", "attack_code": "varA(Tn, 3)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 16:10:00:000 2018", "attack_code": "varA(Tn, 2)", "attack_deviation": "varA(700%)" } ] }, { "access_token": "CT27QTP01K6ZW2AK", "details": [ { "access_time": "Tue Nov 27 10:50:00:000 2018", "attack_code": "varA(Tn, 2)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 11:10:00:000 2018", "attack_code": "varA(Tn, 4)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 11:40:00:000 2018", "attack_code": "varA(Tn, 5)", "attack_deviation": "varA(700%)" } ] }, { "ip": "100.64.7.124", "details": [ { "access_time": "Tue Nov 27 11:20:00:000 2018", "attack_code": "varA(Tn, 3), varA(Tn, 3)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 11:30:00:000 2018", "attack_code": "varA(Tn, 3), varA(Tn, 3)", "attack_deviation": "varA(700%)" } ] }, { "ip": "100.64.10.18", "details": [ { "access_time": "Tue Nov 27 11:10:00:000 2018", "attack_code": "varA(Tn, 3), varA(Tn, 3)", "attack_deviation": "varA(700%)" }, { "access_time": "Tue Nov 27 11:40:00:000 2018", "attack_code": "varA(Tn, 3), varA(Tn, 3)", "attack_deviation": "varA(700%)" } ] } ] } ]
-