Manage attack blocking - PingIntelligence for APIs

Manage attack blocking - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 1 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task

ASE and ABS work in tandem to detect and block attacks. ASE detects attacks in real-time, blocks the hacker, and reports attack information to ABS. ABS AI Engine uses behavioral analysis to look for advanced attacks.

Attack management is done in both ABS and ASE.

In ABS, you can:

List active, expired or a consolidated list of active and expired client identifiers for a specific time period. For more information see, ABS blacklist reporting.
Delete specific client identifiers from ABS blacklist or bulk delete a type of client identifier using ABS REST API. For more information, see Delete individual client identifiers and Bulk delete client identifiers.
Enable or disable a specific attack ID. When you disable an attack ID, ABS stops reporting attacks across all client identifiers for that attack ID. For more information, see Enable or disable attack IDs.
Configure the time-to-live (TTL) for each client identifier type. The TTL time applies to all the detected attacks for that client identifier. For more information, see TTL for client identifiers in ABS.

In ASE, you can:

Manually add or delete entries from whitelist and blacklist
Enable or disable automatic blocking of ABS detected attack types
Enable or disable ASE detected real-time attacks. ASE detects real time attacks only in an inline deployment.

For more information see, Attack management in ASE.