attacklist REST API to complete the following two
operations: - List the various client identifiers (API Key, OAuth token, Username, Cookie, and IP address) which are related to probable attack
- Delete the client identifiers which may be a cause of false positive
Reporting active and expired client identifiers
ABS provides an attacklist REST API with GET method to list of active
attacks in the system, expired attacks, and consolidated (active and expired)
attacks together. The list of detected client identifiers depends on the TTL set for the client identifiers. The attack
list reports the detected client identifiers (active or expired) for the queried
period. The time-period is part of the API query parameter.
URL: /v4/abs/attacklist
Report the active detected attacks: Use the following REST API URL to report the active client identifiers:
/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=active
:
The API lists the active client identifiers for a time-period between
earlier_date and later_date. PingIntelligence
ASE fetches the active client identifiers list from ABS for blocking the
clients.
Report the expired detected attacks: Use the following REST API URL to report the expired client identifiers:
/v4/abs/attacklist?earlier_date=<>&later_date=<>&status=expired
:
The API lists the expired client identifiers for a time-period between
earlier_date and later_date. The expiry of
detected attacks in the system depends on the configured TTL.
Report the consolidated (active and expired) detected attacks: Use the following REST API URL to report the consolidated client identifiers attacks:
/v4/abs/attacklist?earlier_date=<>&later_date=<>
:
The API lists all the client identifiers for a time-period between
earlier_date and later_date.