Enable or disable attacks - PingIntelligence for APIs

Enable or disable attacks - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 23 Nov 2020 |

Page updated: 12 May 2021

| 2 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product

PingIntelligence for APIs detects many different types of REST API attacks. Each attack type is associated with a unique attack ID. By default all the attacks are enabled for detection. You can enable or disable detection of a specific attack type, using the Enable/Disable Attacks feature in Attack Management.

Note: The PingIntelligence for APIs dashboard interacts with the API Behavioral Security (ABS) AI Engine, when you enable or disable an attack. If you disable an attack while the ABS AI engine is processing data, ABS may still report attacks for a few minutes. The attack type would be disabled when the next batch of data is processed. When you enable an attack from the disabled state, ABS takes a few minutes to report the API attacks. For more information, see Enable or disable attacks in ABS.

To access the feature click on the Attack Management tab on the left pane and then click Enable/Disable Attacks. You need Admin user privileges to Enable or Disable attack types.
Screenshot of enable/disable attacks on attack

Screenshot of enable/disable attacks on attack

Use the toggle

button to enable or disable an attack type. The toggle button will not be present if an attack cannot disabled. For example, the following attack IDs cannot be disabled as these are real-time attacks reported by ASE:

Attack ID 13: API DDoS Attack Type 2
Attack ID 100: Decoy Attack. This attack ID must be disabled from ASE.
Attack ID 101: Invalid API Activity. This attack ID must be disabled from ASE.

Click on

icon to know details such as the time the attack was enabled or disabled and so on. The following screenshot shows the attack details displayed.

You will always be prompted with a confirmation notification before enabling or disabling an attack. For example when you try to disable an attack, you will be prompted with the following notification. Click Submit to confirm. You should see a success notification whenever an attack type is enabled or disabled.

Search and sort attack types

You can sort the attack types based on attack ID or Is Enabled status as shown in the the following screenshot.

The feature provides multiple search options. You can search based on attack name or attack ID within enabled or disabled attacks.