PingIntelligence for APIs software combines real-time security and AI analytics to detect, report, and block cyberattacks on data and applications exposed via APIs. The software consists of three platforms: API Security Enforcer(ASE), API Behavioral Security(ABS) AI engine, and PingIntelligence Dashboard.

This guide describes the installation and execution of an Ansible package which automatically builds a PingIntelligence for APIs environment. The package installs and configures the following components:
  • ASE (Inline or Sideband configuration)
  • ABS AI Engine
  • MongoDB database
  • PingIntelligence for APIs Dashboard
PingIntelligence for APIs 4.4 and earlier versions RHEL 7.6 or Ubuntu 16.04 LTS
PingIntelligence for APIs 4.4.1 RHEL 7.9 or Ubuntu 18.04 LTS

The following diagram shows an example of a sideband deployment.

API Security Enforcer (ASE)

Applies real-time API metadata ingestion and enforces optional blocking. ASE can be deployed in inline or sideband mode and works with the ABS engine to identify attacks. For more information, see Inline ASE and Sideband ASE.

API Behavioral Security AI engine

Executes AI algorithms to detect in near real-time cyberattacks targeting data, applications, and systems via APIs. Attack information can be automatically pushed to all ASEs to block ongoing breaches and prevent reconnection.

PingIntelligence for APIs Dashboard

PingIntelligence for APIs Dashboard offers you the following:
  • Visibility into API activity.
  • View the training status and other information of your APIs
  • Manage API Discovery using automatic or manual mode
  • View attack insight to understand why a client was flagged for an attack
  • Manage attacks by unblocking clients or tune AI Engine thresholds
  • View ABS license information

The dashboard engine utilizes Elasticsearch and Kibana to provide a graphical view of an API environment including user activity, attack information, and blacklisted clients.

Administrators

You can install all the PingIntelligence products either as a user with sudo access or a normal user (without sudo access). Make sure that the entire deployment is a homogenous deployment. Either all the products should be installed as a sudo user or as a normal user.

Time zone

All PingIntelligence components (ASE, ABS AI Engine, and Dashboard) should be installed using the same time zone, either local or UTC. MongoDB should also be configured to the same time zone as PingIntelligence components.