Use the bulk delete option when you believe that a large number of false positives have been
identified. You can also use the bulk delete option to clear the blacklist in case of a
reset. To bulk delete client identifiers, use the ABS attacklist
REST
API with DELETE method. Following is the URL for the API:
URL: /v4/abs/attacklist
Method: DELETE
To bulk delete all the entries of a client identifier or all client identifier, configure the
body
of the attacklist
API request as show
below:
{
delete_all: false,
delete_all_ips: true,
delete_all_cookies: true,
delete_all_oauth_tokens: false,
delete_all_api_keys: true,
delete_all_usernames: false,
}
In the sample request body
above, the attacklist
API
deletes all entries for IP, Cookie, and API Key. If, in the next time interval, the AI
engine flags the same client identifiers, the blacklist is populated again. To
permanently stop a false positive from being reported, tune the thresholds using the
PingIntelligence Web GUI for the specific client identifier.
The following table describes the options:
Option | Description |
---|---|
delete_all | This option overrides all the other configured options in the message
body. If it is set to true , all the client identifiers
are deleted irrespective of what their individual configuration is. Set
it to false , if you wan to exercise other
options. |
delete_all_ips | Set it true to delete all the IP addresses across all attack types from the blacklist. |
delete_all_cookies | Set it true to delete all the cookies across all attack types from the blacklist. |
delete_all_oauth_tokens | Set it true to delete all the OAuth token across all attack types from the blacklist. |
delete_all_api_keys | Set it true to delete all the API Keys across all attack types from the blacklist. |
delete_all_usernames | Set it true to delete all the usernames across all attack types from the blacklist. |