PingIntelligence

Resetting MongoDB

API Behavioral Security (ABS) AI engine provides a script to factory reset MongoDB data.

Before you begin

Make sure to take a backup of your current data before running the reset script. Once you run the MongoDB reset script, the deleted data cannot be retrieved.

The reset MongoDB script deletes all the documents from all the collections of abs_data and abs_mldata from MongoDB. The reset_mongo.sh script is available in the /opt/pingidentity/abs/util directory. Copy the script from the util directory to your MongoDB primary node.

About this task

To execute the script, you need the following information:

  • MongoDB credentials: mongo_username and mongo_password configured in abs.properties.

  • Database name and port number: data_dbname, mldata_dbname, and mongo_master_port configured in abs.properties.

  • If your MongoDB installation is configured to use Secure Sockets Layer (SSL), use the --ssl option. The following examples assume that MongoDB is configured to use TLS.

Steps

  1. For more information on the reset script parameters, run the reset help script from the MongoDB command line:

    /opt/pingidentity/mongo/reset_mongo.sh –help
    1. Reset ABS and machine learning data.

      Example:

      The following example resets both ABS and machine learning (ml) data:

      /opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --data_db abs_data --mldata_db abs_mldata --auth_db admin --port 27017
    2. Reset only machine learning (ml) data.

      Example:

      The following example resets only the machine learning data:

      /opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --mldata_db abs_mldata --auth_db admin --port 27017
    3. Reset only ABS data.

      Example:

      The following example resets only the ABS data:

      /opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --data_db abs_data --auth_db admin --port 27017
  2. Run the MongoDB script.

    Result:

    The following snippet shows the output when the reset MongoDB script is run:

    ./reset_mongo.sh -u absuser -p abs123 --port 27017 --data_db abs_data --mldata_db abs_mldata --tls
    Please make sure that there is no ABS process running before running the reset_mongo script.
    Are you sure you want to continue... (yes/no): yes
    This will delete all the documents in  abs_data database
    Are you sure? (yes/no): yes
    Deleting the documents in  abs_data database.
    2019-10-11T05:46:43.726+0000 W  CONTROL  [main] Option: ssl is deprecated. Please use tls instead.
    2019-10-11T05:46:43.727+0000 W  CONTROL  [main] Option: sslAllowInvalidCertificates is deprecated. Please use tlsAllowInvalidCertificates instead.
    MongoDB shell version v4.2.0
    connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
    2019-10-11T05:46:43.802+0000 W  NETWORK  [js] TLS peer certificate validation failed: self signed certificate
    Implicit session: session { "id" : UUID("400fcaa5-57dd-4123-a5e6-b54c1e0bdfda") }
    MongoDB server version: 4.2.0
    switched to db abs_data
    
    Removing all documents of all collections in ABS_DATA
    Removing all documents from  [abs_data.api_attack_dos_anomaly]
    Removing all documents from  [abs_data.api_config.chunks]
    Removing all documents from  [abs_data.api_config.files]
    Removing all documents from  [abs_data.api_json]
    Removing all documents from  [abs_data.api_key_metrics]
    Removing all documents from  [abs_data.attack_management]
    Removing all documents from  [abs_data.attack_management_audit]
    Resetting the [abs_data.attack_ttl] to default values
    Removing all documents from  [abs_data.backend_errors]
    Removing all documents from  [abs_data.bc_summary]
    Removing all documents from  [abs_data.blocked_connections]
    Removing all documents from  [abs_data.discovered_apis]
    Removing all documents from  [abs_data.discovery_api_metadata]
    Removing all documents from  [abs_data.discovery_ir.chunks]
    Removing all documents from  [abs_data.discovery_ir.files]
    Removing all documents from  [abs_data.extended_ml_threshold]
    Removing all documents from  [abs_data.extended_trained_model]
    Removing all documents from  [abs_data.extended_training_model]
    Removing all documents from  [abs_data.external_ioc_type]
    Removing all documents from  [abs_data.internal_ioc]
    Removing all documents from  [abs_data.internal_ioc_audit]
    Removing all documents from  [abs_data.ioc]
    Removing all documents from  [abs_data.ioc_anomaly]
    Removing all documents from  [abs_data.ir.chunks]
    Removing all documents from  [abs_data.ir.files]
    Removing all documents from  [abs_data.log_nodes]
    Removing all documents from  [abs_data.ml_result]
    Removing all documents from  [abs_data.ml_threshold]
    Removing all documents from  [abs_data.notifications]
    Removing all documents from  [abs_data.oauth_metrics]

    The reset script does not delete the following meta data:

    • ABS cluster information

    • ABS configuration

    • Global configuration from the abs_init.js file

    • Scale configuration from the abs_init.js file

    • Dictionary generated by ABS AI engine

  3. To verify that the MongoDB reset script executed successfully, run the ABS Admin REST API.

    The output should not show any API Security Enforcer ASE access log and API information. It should only display ABS cluster information, MongoDB primary and secondary, and client identifier TTL value reset to zero.

    Result:

    The following is a sample output of Admin API after MongoDB reset script is run:

    {
        "company": "ping identity",
        "name": "api_admin",
        "description": "This report contains status information on all APIs, ABS clusters, and ASE logs",
        "across_api_prediction_mode": false,
        "api_discovery": {
            "subpath_length": "1",
            "status": true
        },
        "abs_cluster": {
            "abs_nodes": [
                {
                    "node_ip": "172.16.40.19",
                    "os": "Red Hat Enterprise Linux Server",
                    "cpu": "16",
                    "memory": "62G",
                    "filesystem": "1%",
                    "bootup_date": "Thu Oct 10 10:08:37 UTC 2019"
                }
            ],
            "mongodb_nodes": [
                {
                    "node_ip": "172.16.40.236:27017",
                    "status": "secondary"
                },
                {
                    "node_ip": "172.16.40.237:27017",
                    "status": "secondary"
                },
                {
                    "node_ip": "172.16.40.235:27017",
                    "status": "primary"
                }
            ]
        },
        "percentage_diskusage_limit": "80%",
        "scale_config": {
            "scale_up": {
                "cpu_threshold": "70%",
                "cpu_monitor_interval": "30 minutes",
                "memory_threshold": "70%",
                "memory_monitor_interval": "30 minutes",
                "disk_threshold": "70%",
                "disk_monitor_interval": "30 minutes"
            },
            "scale_down": {
                "cpu_threshold": "10%",
                "cpu_monitor_interval": "300 minutes",
                "memory_threshold": "10%",
                "memory_monitor_interval": "300 minutes",
                "disk_threshold": "10%",
                "disk_monitor_interval": "300 minutes"
            }
        },
        "attack_ttl": {
            "ids": [
                {
                    "id": "ip",
                    "ttl": 0
                },
                {
                    "id": "cookie",
                    "ttl": 0
                },
                {
                    "id": "access_token",
                    "ttl": 0
                },
                {
                    "id": "api_key",
                    "ttl": 0
                },
                {
                    "id": "username",
                    "ttl": 0
                }
            ]
        }
    }