Reset MongoDB - PingIntelligence for APIs

Reset MongoDB - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 5 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task Configuration

ABS AI engine provides a script to factory reset MongoDB data. Make sure to take a backup of your current data before running the reset script. Once you run the MongoDB reset script, the deleted data cannot be retrieved.

The reset MongoDB script deletes all the documents from all the collections of abs_data and abs_mldata from MongoDB. The reset_mongo.sh script is available in the /opt/pingidentity/abs/util directory. Copy the script from the util directory to your MongoDB primary node.

To execute the script, you need the following information:

MongoDB credentials: mongo_username and mongo_password configured in abs.properties.
Database name and port number: data_dbname, mldata_dbname, and mongo_master_port configured in abs.properties
If your MongoDB installation is configured to use SSL, use the --ssl option. The following examples assume that MongoDB is configured to use TLS.

For more information on the reset script parameters, run the reset help script from the MongoDB command line:

/opt/pingidentity/mongo/reset_mongo.sh –help

Reset ABS and machine learning data: The following example resets both ABS and machine learning (ml) data:

/opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --data_db abs_data --mldata_db abs_mldata --auth_db admin --port 27017

Reset only machine learning (ml) data: The following example resets only the machine learning data:

/opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --mldata_db abs_mldata --auth_db admin --port 27017

Reset only ABS data: The following example resets only the ABS data:

/opt/pingidentity/mongo/reset_mongo.sh -u absuser -p abs123 --tls --data_db abs_data --auth_db admin --port 27017

The following snippet shows the output when the reset MongoDB script is run:

./reset_mongo.sh -u absuser -p abs123 --port 27017 --data_db abs_data --mldata_db abs_mldata --tls
Please make sure that there is no ABS process running before running the reset_mongo script.
Are you sure you want to continue... (yes/no): yes
This will delete all the documents in  abs_data database
Are you sure? (yes/no): yes
Deleting the documents in  abs_data database.
2019-10-11T05:46:43.726+0000 W  CONTROL  [main] Option: ssl is deprecated. Please use tls instead.
2019-10-11T05:46:43.727+0000 W  CONTROL  [main] Option: sslAllowInvalidCertificates is deprecated. Please use tlsAllowInvalidCertificates instead.
MongoDB shell version v4.2.0
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
2019-10-11T05:46:43.802+0000 W  NETWORK  [js] TLS peer certificate validation failed: self signed certificate
Implicit session: session { "id" : UUID("400fcaa5-57dd-4123-a5e6-b54c1e0bdfda") }
MongoDB server version: 4.2.0
switched to db abs_data

Removing all documents of all collections in ABS_DATA
Removing all documents from  [abs_data.api_attack_dos_anomaly]
Removing all documents from  [abs_data.api_config.chunks]
Removing all documents from  [abs_data.api_config.files]
Removing all documents from  [abs_data.api_json]
Removing all documents from  [abs_data.api_key_metrics]
Removing all documents from  [abs_data.attack_management]
Removing all documents from  [abs_data.attack_management_audit]
Resetting the [abs_data.attack_ttl] to default values
Removing all documents from  [abs_data.backend_errors]
Removing all documents from  [abs_data.bc_summary]
Removing all documents from  [abs_data.blocked_connections]
Removing all documents from  [abs_data.discovered_apis]
Removing all documents from  [abs_data.discovery_api_metadata]
Removing all documents from  [abs_data.discovery_ir.chunks]
Removing all documents from  [abs_data.discovery_ir.files]
Removing all documents from  [abs_data.extended_ml_threshold]
Removing all documents from  [abs_data.extended_trained_model]
Removing all documents from  [abs_data.extended_training_model]
Removing all documents from  [abs_data.external_ioc_type]
Removing all documents from  [abs_data.internal_ioc]
Removing all documents from  [abs_data.internal_ioc_audit]
Removing all documents from  [abs_data.ioc]
Removing all documents from  [abs_data.ioc_anomaly]
Removing all documents from  [abs_data.ir.chunks]
Removing all documents from  [abs_data.ir.files]
Removing all documents from  [abs_data.log_nodes]
Removing all documents from  [abs_data.ml_result]
Removing all documents from  [abs_data.ml_threshold]
Removing all documents from  [abs_data.notifications]
Removing all documents from  [abs_data.oauth_metrics]

The reset script does not delete the following meta data:

ABS cluster information
ABS configuration
Global configuration from abs_init.js file
Scale configuration from abs_init.js file
Dictionary generated by ABS AI engine

Verifying MongoDB reset script: To verify that the MongoDB reset script executed successfully, run the ABS Admin REST API. The output should not show any ASE access log and API information. It should only display ABS cluster information, MongoDB primary and secondary and client identifier TTL value reset to zero. Following is a sample output of Admin API after MongoDB reset script is run:

{
    "company": "ping identity",
    "name": "api_admin",
    "description": "This report contains status information on all APIs, ABS clusters, and ASE logs",
    "across_api_prediction_mode": false,
    "api_discovery": {
        "subpath_length": "1",
        "status": true
    },
    "abs_cluster": {
        "abs_nodes": [
            {
                "node_ip": "172.16.40.19",
                "os": "Red Hat Enterprise Linux Server",
                "cpu": "16",
                "memory": "62G",
                "filesystem": "1%",
                "bootup_date": "Thu Oct 10 10:08:37 UTC 2019"
            }
        ],
        "mongodb_nodes": [
            {
                "node_ip": "172.16.40.236:27017",
                "status": "secondary"
            },
            {
                "node_ip": "172.16.40.237:27017",
                "status": "secondary"
            },
            {
                "node_ip": "172.16.40.235:27017",
                "status": "primary"
            }
        ]
    },    
    "percentage_diskusage_limit": "80%",
    "scale_config": {
        "scale_up": {
            "cpu_threshold": "70%",
            "cpu_monitor_interval": "30 minutes",
            "memory_threshold": "70%",
            "memory_monitor_interval": "30 minutes",
            "disk_threshold": "70%",
            "disk_monitor_interval": "30 minutes"
        },
        "scale_down": {
            "cpu_threshold": "10%",
            "cpu_monitor_interval": "300 minutes",
            "memory_threshold": "10%",
            "memory_monitor_interval": "300 minutes",
            "disk_threshold": "10%",
            "disk_monitor_interval": "300 minutes"
        }
    },
    "attack_ttl": {
        "ids": [
            {
                "id": "ip",
                "ttl": 0
            },
            {
                "id": "cookie",
                "ttl": 0
            },
            {
                "id": "access_token",
                "ttl": 0
            },
            {
                "id": "api_key",
                "ttl": 0
            },
            {
                "id": "username",
                "ttl": 0
            }
        ]
    }
}