A root API in ASE is defined by configuring
/
for url
variable and *
for hostname
variable. Following is a
snippet of a truncated API JSON in ASE depicting the configuration of root
API.{
"api_metadata": {
"protocol": "http",
"url": "/",
"hostname": "*",
You can choose between enabling or disabling attack detection on global API by configuring
root_api_attack
global variable in the abs_init.js
and abs_init_ldap.js
file. By default attack detection is disabled on
root API. Set it to true
if you want to detect attacks on the root API.
Configure this variable either before starting ABS, or you can use the
update.sh
script to update the value. For more information on
update.sh
script, see Update the
training variables
db.global_config.insert({
"attack_initial_training": "24",
"attack_update_interval": "24",
"url_limit": "100",
"response_size": "100",
"job_frequency" : "10",
"window_length" : "24",
"enable_ssl": true,
"api_discovery": false,
"discovery_initial_period" : "24",
"discovery_subpath": "1",
"continuous_learning": true,
"discovery_update_interval": "1",
"attack_list_count": "500000",
"resource_monitor_interval" : "10",
"percentage_diskusage_limit" : "80",
"root_api_attack" : false,
"session_inactivity_duration" : "30"
});
Training and attack detection: If the attack detection is disabled on the root
API, then ABS Admin REST API displays
n/a
(not applicable) for
training_started_at
and training_duration
. The
prediction_mode
is
false
.{
"api_name": "rest_api",
"host_name": "*",
"url": "/",
"api_type": "regular",
"creation_date": "Fri Apr 05 05:41:00 UTC 2019",
"servers": 2,
"protocol": "http",
"cookie": "",
"token": false,
"training_started_at": "n/a",
"training_duration": "n/a",
"prediction_mode": false
}