New in ABS AI Engine

API AI Engine has the following enhancements:
  • Query string parameter manipulation attack detection- The ABS AI Engine detects attacks by hackers manipulating query strings to execute malicious scripts, pass attack variables, access unauthorized content, and other attacks. PingIntelligence detects and optionally blocks such manipulations and malicious activity. For more information, see REST API attacks.
  • MongoDB SSL verification- New ABS AI Engine configuration option to verify the SSL certificate when connecting to a MongoDB server. For more information, see Verify MongoDB SSL certificates.
  • Enhanced MongoDB purge script- The improved MongoDB purge script can read credentials and database configurations from an obfuscated ABS configuration file. The script can be executed from an ABS host instead of the MongoDB host. For more information, see Purge MongoDB data.

New in ASE

API Security Enforcer (ASE) has the following enhancements:

New in PingIntelligence Dashboard

PingIntelligence Dashboard has the following enhancements:
  • Detailed training status- A new training status page for each API shows the attack types that can be detected based on the activity received on the API to date. For more information, see Training Status.
  • Enable and disable attacks- A new attack management page supports globally enabling or disabling attack types. For more information, see Enable or disable attacks.

New in Automated deployment

  • The automated deployment tool has new ABS variable settings to support MongoDB SSL certificate verification. For more information, see Change ABS default settings.
  • A new ilm.json file supports configuring settings of the Index Lifecycle Management (ILM) policy for PingIntelligence Dashboard. For more information, see Change settings in ilm.json.

Resolved issues

Following major issues have been resolved in PingIntelligence 4.4 release:

Ticket ID Description
ASE - PI4API-2308 Resolved an issue where clustered ASE nodes hung in starting state when started while APIs were being added to the Primary ASE node.
ABS - PI4API-837 Tuned the ABS AI engine to only detect user-based attacks for authorized requests. This will prevent blocking of a valid user if an attacker tries to impersonate the user.