The AI Engine detects multiple types of Indicators of Attack(IoAs) on REST APIs. Each IoA is associated with a unique attack ID. By default all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA, using the Enable/Disable Attacks feature of Attack Management.
- Make sure you have admin user privileges to enable or disable the IoAs on APIs.
To access the feature click on SETTINGS tab and then
click Enable/Disable Attacks on the left pane.
Note: The PingIntelligence for APIs dashboard interacts with the API Behavioral Security (ABS) AI Engine, when you enable or disable an attack. If you disable an attack while the ABS AI engine is processing data, ABS may still report attacks for a few minutes. The attack type would be disabled when the next batch of data is processed. When you enable an attack from the disabled state, ABS takes a few minutes to report the API attacks. For more information, see Enable or disable attacks in ABS.
Use the toggle button to enable or disable an IoA type. The toggle button will
not be present if an IoA cannot be disabled. For example, the following attack
IDs cannot be disabled as these are real-time attacks reported by ASE:
- Attack ID 13: API DDoS Attack Type 2
- Attack ID 100: Decoy Attack. This attack ID must be disabled from ASE.
- Attack ID 101: Invalid API Activity. This attack ID must be disabled from ASE.
icon to know details such as the time the attack was enabled or disabled and so
on. The following screenshot shows the attack details displayed.
You will always be prompted with a confirmation notification before enabling or disabling an IoA. For example when you try to disable an IoA, you will be prompted with the following notification. Click Submit to confirm. You should see a success notification whenever an attack type is enabled or disabled.
Sort the attack types based on attack ID or Is Enabled status.
Search based on attack name or attack ID within enabled or disabled attacks.