Manage ASE blocking of ABS detected attacks - PingIntelligence for APIs

Manage ASE blocking of ABS detected attacks - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 1 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Security Manager Audience Administration User task Configuration

To configure ASE to automatically fetch and block ABS detected attacks, complete the following steps:

Enable ASE Security. Enter the following command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_firewall

Enable ASE to send API traffic information to ABS. Enter the following command:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
```
Enable ASE to fetch and block ABS detected attacks. Enter the following command:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack
```

After enabling automated attack blocking, ASE periodically fetches the attack list from ABS and blocks the identified connections. To set the time interval at which ASE fetches the attack list from ABS, configure the abs_attack_request_minute parameter in ase.conf file.

; This value determines how often ASE will query ABS.
abs_attack_request_minutes=10

Disable attack list fetching from ABS

To disable ASE from fetching the ABS attack list, entering the following CLI command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack

After entering the above command, ASE will no longer fetch the attack list from ABS. However, ABS continues generating the attack list and stores it locally. The ABS attack list can be viewed using ABS APIs and used to manually configured an attack list on ASE. For more information on ABS APIs, see ABS Admin Guide.

To stop an ASE cluster from sending log files to ABS, enter the following ASE CLI command.

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs

After entering this command, ABS will not receive any logs from ASE. Refer to the ABS documentation for information on types of attacks.