AI engine training variables - PingIntelligence for APIs

AI engine training variables - PingIntelligence for APIs - 5.1

PingIntelligence

bundle

pingintelligence-51

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.1

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-51

pingintelligence

private

ContentType_ce

PingIntelligence AI training depends on a set of parameters configured using Global configuration update REST API. These parameters should be configured before starting the system. It is recommended that you review the variables and configure the best values for your environment. Frequent updates to the training variables may lead to a change in behavior of the AI system. The following are the parameters that need to be configured:

attack_initial_training
attack_update_interval
continuous_learning
window_length

The following table describes the various training variables:

Training variables
Variable	Description
`attack_initial_training`	The number of hours that you want to train the AI model before it moves to the prediction mode. The default value is 24-hours. The minimum value is 1 hour.
`attack_update_interval`	The time interval in hours at which you would want the model thresholds to be updated. The default value is 24 hours. The minimum value is 1 hour. The value in this variable takes effect only when continuous_learning is set to true.
`continuous_learning`	Setting this value to true configures the AI model to learn continuously based on the live traffic. If it is set to false, the AI model detects attack based on the initial training.
`window_length`	The maximum time period that the AI model uses to detect attacks across s. The default and maximum value for `window_length` is 24 hours. The training period should be longer than the `window_length` period.
`root_api_attack`	Configure as true if you want AI engine to detect attacks on the root API. Set it to false if you do not wish the AI engine to detect attacks on the root API. The default value is false.
`session_inactivity_duration`	The time in minutes for an inactive user session after which API Behavioral Security (ABS) decides that the session has terminated. The default value is 30 minutes. You can configure it to any value in minutes. Note: This variable only applies to account take over attack.

Following is a snippet from the response global config API.

{
    “company”: “ping identity”,
    “name”: “api_globalconfig”,
    “description”: “This report contains status information of ABS global configurations”,
    “global_config”: {
        “attack_initial_training”: 2,

        “attack_update_interval”: 1,

        “api_discovery”: true,
        “discovery_initial_period”: 100,
        “discovery_subpath”: 3,
        “discovery_update_interval”: 1,
        “poc”: false,
        “url_limit”: 120,
        “response_size”: 150,
        “continuous_learning”: false,

        “attack_list_count”: 400000,
        “root_api_attack”: true,
        “session_inactivity_duration”: 10

    }
}

Miscellaneous variables
Variable	Description
`response_size`	Maximum size in MB of the data fetched by external calls to ABS REST APIs. The default value is 100 MB.
`enable_ssl`	By default it is set to true, and SSL communication is enabled between API Security Enforcer (ASE) and ABS, and for external systems making rest API calls to ABS. See Configure SSL for more information.