Threshold range for Tn and Tx

The following table details the range of Tn and Tx for each attack type.

When manually adjusting the threshold values, the values must fall within the specified ranges.

Attack Type	type_id	Variable A (Range)	Variable B (Range)	Variable C (Range)	Variable D (Range)	Variable E (Range)	Variable F (Range)
REST API
Data Exfiltration	1	Tn = [1-32] Tx = [2-33]	Tn = [1-19] Tx = [2-20]	Tn = [1-99] Tx = [2-100]	NA	NA	NA
Single Client Login	2	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
Multi Client Login	3	Tn = [1-100] Tx = “na”	NA	NA	NA	NA	NA
Stolen Cookie / Access Token	4	Tn = [2-10]	Tn = [1-19], Tx = [2-20]	NA	NA	NA	NA
API Memory Attack Type 1	5	Tn = [1-32] Tx = [2-33]	Tn = [1-19] Tx = [2-20]	Tn = [1-99] Tx = [2-100]	NA	NA	NA
API Memory Attack Type 2	6	Tn = [1-32] Tx = [2-33]	Tn = [1-19] Tx = [2-20]	Tn = [1-99] Tx = [2-100]	NA	NA	NA
Cookie DoS	7	Tn = [1-9] Tx = [2-10]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
API Probing Replay	8	Tn = [1-99] Tx = [2-100]	NA	NA	NA	NA	NA
API DoS Attack Type 1	9	Tn = [1-100] Tx = “[2-100]”	NA	NA	NA	NA	NA
Extreme Client Activity	10	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA	NA
Extreme App Activity	11	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA	NA
API DoS Attack	12	Tn = [1- 100] Tx = “na”	NA	NA	NA	NA	NA
API DDoS Attack Type 2	13	NA	NA	NA	NA	NA	NA
Data Deletion	14	Tn = [1- 19] Tx = [2-20]	Tn = [1-99] Tx = [2-100]	NA	NA	NA	NA
Data Poisoning	15	Tn = [1- 19] Tx = [2-20]	Tn = [1-99] Tx = [2-100]	Tn = [1-32] Tx = [2-33]	NA	NA	NA
Stolen Token Attack Type 2	16	Tn = [2-10] Tx = “na”	Tn = [1-100]	Tn = [1-100]	NA	NA	NA
Stolen Cookie Attack Type 2	17	Tn = [2-10] Tx = “na”	Tn = [1-100]	Tn = [1-100]	NA	NA	NA
API Probing Replay Attack 2 (client identifier: cookie)	18	Tn = [1-99] Tx = [2-100]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
API Probing Replay Attack 2 (client identifier: token)	19	Tn = [1-99] Tx = [2-100]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
API Probing Replay Attack 2 (client identifier: IP address)	20	Tn = [1-99] Tx = [2-100]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
Data Exfiltration Attack Type 2	21	Tn = [1-42] Tx = [2-43]	Tn = [0-30]	Tn = [1-100]	NA	NA	NA
Excessive Client Connections (client identifier : cookie)	22	Tn = [1-19], Tx =[2-20]	NA	NA	NA	NA	NA
Excessive Client Connections (client identifier : token)	23	Tn = [1-19], Tx =[2-20]	NA	NA	NA	NA	NA
Excessive Client Connections (client identifier : IP address)	24	Tn = [1-19], Tx =[2-20]	NA	NA	NA	NA	NA
Content Scraping Type 2	28	Tn = [1-29] Tx = [2-30]	Tn = [1-100]	NA	NA	NA	NA
Unauthorized client attack (client identifier: IP address)	29	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
Single Client Login Attack Type 2 (client identifier: IP address)	30	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
Stolen API Key Attack- API Key	31	Tn = [1-100] Tx = NA	Tn = [1-100] Tx = NA	Tn = [1-100] Tx = NA	Tn = [1-100] Tx = NA	NA	NA
Probing Replay Attack - API Key	32	Tn = [1-100] Tx = NA	Tn = [1-100] Tx = NA	NA	NA	NA	NA
Extended Probing Replay Attack - API Key	33	Tn = [1-100] Tx = NA	Tn = [1-100] Tx = NA	NA	NA	NA	NA
User Probing Type 1	34	Tn = [1-99] Tx = [2-100]	Tn = [1-99] Tx = [2-100]	Tn = [1-9] Tx = [2-10]	Tn = [1-9] Tx = [2-20]	NA	NA
User Probing Type 2	35	Tn = [1-99] Tx = [2-100]	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	Tn = [1-29] Tx = [2-30]	NA	NA
Sequence attack	36	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA	NA
Header Manipulation	37	Tn = [1-99] Tx = [2-100]	Tn = [1-20] Tx = NA	Tn = [1-29] Tx = [2-30]	Tn = [1-100] Tx = NA	Tn = [1-2] Tx = NA	Tn = [1-100] Tx = NA
Account Takeover -UBA	38	Tn = [1-100] Tx = NA	Tn = [1-99] Tx = [2-100]	NA	NA	NA	NA
User Data Exfiltration Type 2	39	Tn = [1-32] Tx = [2-33]	Tn = [1-32] Tx = [2-33]	Tn = [1-19] Tx = [2-20]	NA	NA	NA
User Data Injection	40	Tn = [1-32] Tx = [2-33]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
Query Manipulation Attack	41	Tn = [1-20] Tx = NA	Tn = [1-2] Tx = NA	Tn = [1-2] Tx = NA	Tn = [1-100] Tx = NA	Tn = [1-2] Tx = NA	Tn = [1-100] Tx = NA
Content Scraping Type 1	42	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	NA	NA
WebSocket API
WS Cookie Attack	50	Tn = [1-99] Tx = [2-100]	Tn = [1-19] Tx= [2-20]	NA	NA	NA	NA
WS Identity Attack	51	Tn = [1-19] Tx = [2-20]	Tn = [1-19] Tx = [2-20]	NA	NA	NA	NA
WS DoS Attack	53	Tn = [1- 100] Tx = “na”	NA	NA	NA	NA	NA
WS Data Exfiltration Attack	54	Tn = [1- 100] Tx = “na”	NA	NA	NA	NA	NA

Attack Type

type_id

Variable A (Range)

Variable B (Range)

Variable C (Range)

Variable D (Range)

Variable E (Range)

Variable F (Range)

REST API

Data Exfiltration

Tn = [1-32] Tx = [2-33]

Tn = [1-19] Tx = [2-20]

Tn = [1-99] Tx = [2-100]

Single Client Login

Tn = [1-19] Tx = [2-20]

Multi Client Login

Tn = [1-100] Tx = “na”

Stolen Cookie / Access Token

Tn = [2-10]

Tn = [1-19], Tx = [2-20]

API Memory Attack Type 1

Tn = [1-32] Tx = [2-33]

Tn = [1-19] Tx = [2-20]

Tn = [1-99] Tx = [2-100]

API Memory Attack Type 2

Tn = [1-32] Tx = [2-33]

Tn = [1-19] Tx = [2-20]

Tn = [1-99] Tx = [2-100]

Cookie DoS

Tn = [1-9] Tx = [2-10]

Tn = [1-19] Tx = [2-20]

API Probing Replay

Tn = [1-99] Tx = [2-100]

API DoS Attack Type 1

Tn = [1-100] Tx = “[2-100]”

Extreme Client Activity

Tn = [1-19] Tx = [2-20]

Extreme App Activity

Tn = [1-19] Tx = [2-20]

API DoS Attack

Tn = [1- 100] Tx = “na”

API DDoS Attack Type 2

Data Deletion

Tn = [1- 19] Tx = [2-20]

Tn = [1-99] Tx = [2-100]

Data Poisoning

Tn = [1- 19] Tx = [2-20]

Tn = [1-99] Tx = [2-100]

Tn = [1-32] Tx = [2-33]

Stolen Token Attack Type 2

Tn = [2-10] Tx = “na”

Tn = [1-100]

Stolen Cookie Attack Type 2

Tn = [2-10] Tx = “na”

Tn = [1-100]

API Probing Replay Attack 2 (client identifier: cookie)

Tn = [1-99] Tx = [2-100]

Tn = [1-19] Tx = [2-20]

API Probing Replay Attack 2 (client identifier: token)

Tn = [1-99] Tx = [2-100]

Tn = [1-19] Tx = [2-20]

API Probing Replay Attack 2 (client identifier: IP address)

Tn = [1-99] Tx = [2-100]

Tn = [1-19] Tx = [2-20]

Data Exfiltration Attack Type 2

Tn = [1-42] Tx = [2-43]

Tn = [0-30]

Tn = [1-100]

Excessive Client Connections (client identifier : cookie)

Tn = [1-19], Tx =[2-20]

Excessive Client Connections (client identifier : token)

Tn = [1-19], Tx =[2-20]

Excessive Client Connections (client identifier : IP address)

Tn = [1-19], Tx =[2-20]

Content Scraping Type 2

Tn = [1-29] Tx = [2-30]

Tn = [1-100]

Unauthorized client attack (client identifier: IP address)

Tn = [1-19] Tx = [2-20]

Single Client Login Attack Type 2 (client identifier: IP address)

Tn = [1-19] Tx = [2-20]

Stolen API Key Attack- API Key

Tn = [1-100] Tx = NA

Probing Replay Attack - API Key

Tn = [1-100] Tx = NA

Extended Probing Replay Attack - API Key

Tn = [1-100] Tx = NA

User Probing Type 1

Tn = [1-99] Tx = [2-100]

Tn = [1-9] Tx = [2-10]

Tn = [1-9] Tx = [2-20]

User Probing Type 2

Tn = [1-99] Tx = [2-100]

Tn = [1-19] Tx = [2-20]

Tn = [1-29] Tx = [2-30]

Sequence attack

Tn = [1-19] Tx = [2-20]

Header Manipulation

Tn = [1-99] Tx = [2-100]

Tn = [1-20] Tx = NA

Tn = [1-29] Tx = [2-30]

Tn = [1-100] Tx = NA

Tn = [1-2] Tx = NA

Tn = [1-100] Tx = NA

Account Takeover -UBA

Tn = [1-100] Tx = NA

Tn = [1-99] Tx = [2-100]

User Data Exfiltration Type 2

Tn = [1-32] Tx = [2-33]

Tn = [1-19] Tx = [2-20]

User Data Injection

Tn = [1-32] Tx = [2-33]

Tn = [1-19] Tx = [2-20]

Query Manipulation Attack

Tn = [1-20] Tx = NA

Tn = [1-2] Tx = NA

Tn = [1-100] Tx = NA

Tn = [1-2] Tx = NA

Tn = [1-100] Tx = NA

Content Scraping Type 1

Tn = [1-19] Tx = [2-20]

WebSocket API

WS Cookie Attack

Tn = [1-99] Tx = [2-100]

Tn = [1-19] Tx= [2-20]

WS Identity Attack

Tn = [1-19] Tx = [2-20]

WS DoS Attack

Tn = [1- 100] Tx = “na”

WS Data Exfiltration Attack

Tn = [1- 100] Tx = “na”

PingIntelligence

Threshold range for Tn and Tx