In ASE you manage detected attacks either through blacklist and whitelist. Client identifiers in blacklist are blocked by ASE while those in the whitelist are never blocked. You can also choose to block or allow a client identifier at API level by configuring the individual API JSON.
- Whitelist – List of “safe” IP addresses, cookies, OAuth2 Tokens, API keys, or Usernames that will not be blocked by ASE. The list is manually created using ASE CLI commands.
Blacklist – List of “bad” IP addresses, cookies, OAuth2 Tokens, API keys, or
Usernames that are always blocked by ASE. The list consists of entries from one or more
of the following sources:
- ABS detected clients suspected of executing attacks (for example, data exfiltration)
- ASE detected clients suspected of executing attacks (for example, invalid method, decoy API accessed). These attacks are reported to ABS and become part of ABS blacklist also after further AI processing.
- List of “bad” client identifiers manually added using ASE CLI