Managing ASE blocking of ABS-detected attacks
You can configure the API Security Enforcer (ASE) to automatically fetch and block API Behavioral Security (ABS)-detected attacks.
Enable or disable attack list fetching from ABS:
Enabling attack list fetching from ABS
Steps
-
To enable ASE Security, run the following command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_firewall
-
To enable ASE to send API traffic information to ABS, run the following command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
-
To enable ASE to fetch and block ABS detected attacks, run the following command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack
Result:
After enabling automated attack blocking, ASE periodically fetches the attack list from ABS and blocks the identified connections.
-
To set the time interval at which ASE fetches the attack list from ABS, configure the
abs_attack_request_minuteparameter inase.conffileExample:
; This value determines how often ASE will query ABS. abs_attack_request_minutes=10
Disabling attack list fetching from ABS
Steps
-
To disable ASE from fetching the ABS attack list, run the following command-line interface (CLI) command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack
The ABS attack list can be viewed using ABS APIs and used to manually configured an attack list on ASE. For more information on ABS APIs, see ABS Administration.
Result:
After entering the above command, ASE will no longer fetch the attack list from ABS. However, ABS continues generating the attack list and stores it locally.
-
To stop an ASE cluster from sending log files to ABS, run the following ASE CLI command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs
For more information on types of attacks, see ABS AI Engine.
Result:
After entering this command, ABS will not receive any logs from ASE.