ASE and ABS work in tandem to detect and block attacks. ASE detects attacks in real-time, blocks the hacker, and reports attack information to ABS. ABS AI Engine uses behavioral analysis to look for advanced attacks.
Attack management is done in both ABS and ASE.
- List active, expired or a consolidated list of active and expired client identifiers for a specific time period. For more information see, ABS blacklist reporting.
- Delete specific client identifiers from ABS blacklist or bulk delete a type of client identifier using ABS REST API. For more information, see Delete individual client identifiers and Bulk delete client identifiers.
- Enable or disable a specific attack ID. When you disable an attack ID, ABS stops reporting attacks across all client identifiers for that attack ID. For more information, see Enable or disable attack IDs.
- Configure the time-to-live (TTL) for each client identifier type. The TTL time applies to all the detected attacks for that client identifier. For more information, see TTL for client identifiers in ABS.
- Manually add or delete entries from whitelist and blacklist
- Enable or disable automatic blocking of ABS detected attack types
- Enable or disable ASE detected real-time attacks. ASE detects real time attacks only in an inline deployment.