Manage attack blocking
API Security Enforcer (ASE) and API Behavioral Security (ABS) work in tandem to detect and block attacks.
ASE detects attacks in real-time, blocks the hacker, and reports attack information to ABS. ABS AI Engine uses behavioral analysis to look for advanced attacks. Attack management is done in both ABS and ASE.
In ABS, you can:
-
List active, expired or a consolidated list of active and expired client identifiers for a specific time period. For more information see, ABS deny list reporting.
-
Delete specific client identifiers from ABS deny list or bulk delete a type of client identifier using ABS REST API. For more information, see Deleting individual client identifiers and Using the bulk delete option for client identifiers.
-
Enable or disable a specific attack ID. When you disable an attack ID, ABS stops reporting attacks across all client identifiers for that attack ID. For more information, see Enabling or disabling attack IDs.
-
Configure the time-to-live (TTL) for each client identifier type. The TTL time applies to all the detected attacks for that client identifier. For more information, see TTL for client identifiers in ABS.
In ASE, you can:
-
Manually add or delete entries from allow list and deny list
-
Enable or disable automatic blocking of ABS detected attack types
-
Enable or disable ASE detected real-time attacks. ASE detects real time attacks only in an inline deployment.
For more information see, Attack management in ASE