For ABS to start predicting various attacks types, the model needs to be trained. The number of hours (default - 24 hours) is configurable for model training. Set the value of training_period parameter in the abs_init.js file in the /opt/pingidentity/mongo directory. For more detailed information about training AI model, see AI Engine training.
db.global_config.insert({
"attack_initial_training": "24",
"attack_update_interval": "24",
"url_limit": "100",
"response_size": "100",
"job_frequency" : "10",
"window_length" : "24",
"enable_ssl": true,
"api_discovery": true,
"discovery_initial_period" : "1",
"discovery_subpath": "1",
"continuous_learning": true,
"discovery_update_interval": "1",
"attack_list_count": "500000",
"resource_monitor_interval" : "10",
"percentage_diskusage_limit" : "80",
"root_api_attack" : false,
"session_inactivity_duration" : "30"
});Start the training
The training starts as soon as ABS receives the first API traffic from API Security Enforcer and continues for the number of hours set in the attack_initial_training parameter. Training occurs automatically when a new API is added.
Verify training completion
ABS training status is checked using the ABS Admin API which returns the training duration and prediction mode. If the prediction variable is true, ABS has completed training and is discovering attacks. A false value means that ABS is still in training mode. The API URL for Admin API is: https://<ip>:<port>/v4/abs/admin. Following is a snippet of the output of the Admin API:
"message": "training started at Thu Dec 26 12:32:59 IST 2019",
"training_duration": "2 hours",
"prediction": trueIP and port number is of the ABS machine.