TTL for client identifiers in ABS
The API Behavioral Security (ABS) AI Engine deny list supports configuring the length of time that a client identifier type (username, OAuth token, API Key, cookie, and Internet Protocol (IP) address) remains on the deny list.
Each client identifier type can be configured with a different value in minutes. The default value of zero minutes means that the AI engine will not remove any client identifiers from the deny list unless the TTL value is changed.
You can change the default value of TTL by using the admin
ABS REST application programming interface (API) which supports configuring a different TTL in minutes for each client identifier. Following are the recommended steps to managing client identifier TTL:
-
Use the ABS
admin
REST API to fetch the current TTL values. -
Use the PUT method with the ABS
admin
REST API to configure the TTL.
When you update the TTL value, it applies to the client identifiers in the deny list that the AI engine identified from that time onwards. For example, you set initial TTL of 120 minutes at 6 a.m. for 100 client identifiers in the deny list, then the list will exist till 8 a.m.. Now, if you change the TTL at 7 AM to 30 minutes, then the initial list of 100 client identifier will still exist till 8 a.m.. The new 30 minute TTL will apply to the client identifiers reported from 7 a.m. onwards.
Use the admin
API to fetch the current TTL of the client identifiers:
https://<ip>:<port>/v4/abs/admin
. Following is a sample output displaying the current TTL values:
{
"company": "ping identity",
"name": "api_admin",
"description": "This report contains status information on all APIs, ABS clusters,
and ASE logs",
"license_info": {
"tier": "Subscription",
"expiry": "Wed Jan 15 00:00:00 UTC 2020",
"max_transactions_per_month": 1000000000,
"current_month_transactions": 98723545,
"max_transactions_exceeded": false,
"expired": false
},
"across_api_prediction_mode": true,
"api_discovery": {
"subpath_length": "1",
"status": true
"apis": [
{
"api_name": "app",
"host_name": "*",
"url": "/atm_app_oauth",
"api_type": "decoy-incontext",
"creation_date": "Thu Dec 26 09:51:10 UTC 2019",
"servers": 0,
"protocol": "http",
"cookie": "",
"token": true,
"training_started_at": "Thu Dec 26 09:52:29 UTC 2019",
"training_duration": "1 hour",
"prediction_mode": true,
"apikey_header": "",
"apikey_qs": ""
}
],
"abs_cluster": {
"abs_nodes": [
{
"node_ip": "172.17.0.1",
"os": "DISTRIB_ID=Ubuntu - ",
"cpu": "4",
"memory": "7.8G",
"filesystem": "19%",
"bootup_date": "Wed Dec 25 15:01:06 UTC 2019"
}
],
"mongodb_nodes": [
{
"node_ip": "172.17.0.1",
"status": "up"
}
]
},
"ase_logs": [
{
"ase_node": "8f9d07c5-c5c4-43c3-97be-9672c7fd2986",
"last_connected": "Thu Dec 26 10:51:13 UTC 2019",
"logs": {
"start_time": "Thu Dec 26 09:51:14 UTC 2019",
"end_time": "Thu Dec 26 10:51:13 UTC 2019",
"gzip_size": "429.96KB"
}
}
],
"percentage_diskusage_limit": "80%",
"scale_config": {
"scale_up": {
"cpu_threshold": "70%",
"cpu_monitor_interval": "30 minutes",
"memory_threshold": "70%",
"memory_monitor_interval": "30 minutes",
"disk_threshold": "70%",
"disk_monitor_interval": "30 minutes"
},
"scale_down": {
"cpu_threshold": "10%",
"cpu_monitor_interval": "300 minutes",
"memory_threshold": "10%",
"memory_monitor_interval": "300 minutes",
"disk_threshold": "10%",
"disk_monitor_interval": "300 minutes"
}
},
"attack_ttl": {
"ids": [
{
"id": "ip",
"ttl": 0
},
{
"id": "cookie",
"ttl": 0
},
{
"id": "access_token",
"ttl": 0
},
{
"id": "api_key",
"ttl": 0
},
{
"id": "username",
"ttl": 0
}
]
}
}
Use the PUT method with admin
REST API to configure the TTL in minutes:
URL: https://<ip>:<port>/v4/abs/admin
Method: PUT
Body:
{
"ids" : [
{
"id" : "ip",
"ttl" : 10
},
{
"id" : "cookie",
"ttl" : 10
},
{
"id" : "access_token",
"ttl" : 10
},
{
"id" : "api_key",
"ttl" : 10
},
{
"id" : "username",
"ttl" : 10
}
]
}
Response:
{
"message": "TTL updated successfully",
"date": "Thu Dec 26 10:59:40 UTC 2019"
}
To verify the new TTL values, rerun the ABS admin
REST API with the GET method.