To view all attack types on a given API in a single, consolidated report, use the ABS Attack API. Attack ID 0 gives all the attacks on a single API or across APIs based on the REST API query parameters.
Consolidated attack report for an API:
The following attack API URL with attack ID as 0 gives all the attacks for a specific
API:
https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&api=<api_name>&type=<type_id>
Example:
https://192.168.11.166:8080/v4/abs/attack?later_date=2018-12-31T18:00&later_date=2018-10-25T13:30&api=shop&type=0
You can further select a client identifier (IP, cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.
{
"company": "ping identity",
"attack_type": "Data Exfiltration Attack",
"cookie": "JSESSIONID",
"description": "Client (IP or Cookie) extracting an abnormal amount of data for given API",
"earlier_date": "Tue Jan 02 16:00:00:000 2018",
"later_date": "Mon Jan 01 18:00:00:000 2018",
"api_name": "shop",
"cookies": [
{
"cookie": "extreme_client_activity_500_request",
"details": [
{
"access_time": "Fri Jan 12 08:44:39:086 2018",
"attack_code": "varA(Tx, 26)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Fri Jan 12 09:18:34:087 2018",
"attack_code": "varA(Tx, 25)",
"attack_deviation": "varA(700%)"
}
]
},
{
"company": "ping identity",
"attack_type": "API Probing Replay Attack",
"cookie": "JSESSIONID",
"description": "Client (IP or Cookie) probing or trying different parameter values to breach
the API service for given API",
"earlier_date": "Tue Jan 02 16:00:00:000 2018",
"later_date": "Mon Jan 01 18:00:00:000 2018",
"api_name": "shop",
"cookies": [
{
"cookie": "api_dos_attack_type_1_shop_50_percent_error",
"details": [
{
"access_time": "Fri Jan 12 08:39:56:896 2018",
"attack_code": "varA(Tx, 47)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Fri Jan 12 09:18:34:087 2018",
"attack_code": "varA(Tx, 47)",
"attack_deviation": "varA(700%)"
}
},
},
}
Consolidated attack report across API:
Use the following ABS REST API to access all the attack types:
https://<ABS_IP:port>/v4/abs/attack?later_date=yyyy-mm-ddThh:mm&later_date=yyyy-mm-ddThh:mm&type=<type_id>
.
Example:
https://192.168.11.166:8080/v4/abs/attack?later_date=2018-12-31T18:00&later_date=2018-10-25T13:30&type=0
You can further select a client identifier (IP, cookie, or a token) and carry out IP, cookie, or token forensics using the Forensic API.
[
{
"company": "ping identity",
"attack_type": "Stolen Token Attack Type 2",
"name": "api_attack_type",
"description": "Client (Token) reusing cookies to deceive application services.",
"earlier_date": "Thu Oct 25 13:30:00:000 2018",
"later_date": "Mon Dec 31 18:00:00:000 2018",
"api_name": "all",
"access_tokens": [
{
"access_token": "SYU4R2ZZN1IDYI0L",
"details": [
{
"access_time": "Tue Nov 27 11:10:00:000 2018",
"attack_code": "varA(Tn, 3)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 11:40:00:000 2018",
"attack_code": "varA(Tn, 3)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 16:10:00:000 2018",
"attack_code": "varA(Tn, 2)",
"attack_deviation": "varA(700%)"
}
]
},
{
"access_token": "CT27QTP01K6ZW2AK",
"details": [
{
"access_time": "Tue Nov 27 10:50:00:000 2018",
"attack_code": "varA(Tn, 2)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 11:10:00:000 2018",
"attack_code": "varA(Tn, 4)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 11:40:00:000 2018",
"attack_code": "varA(Tn, 5)",
"attack_deviation": "varA(700%)"
}
]
},
{
"ip": "100.64.7.124",
"details": [
{
"access_time": "Tue Nov 27 11:20:00:000 2018",
"attack_code": "varA(Tn, 3), varA(Tn, 3)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 11:30:00:000 2018",
"attack_code": "varA(Tn, 3), varA(Tn, 3)",
"attack_deviation": "varA(700%)"
}
]
},
{
"ip": "100.64.10.18",
"details": [
{
"access_time": "Tue Nov 27 11:10:00:000 2018",
"attack_code": "varA(Tn, 3), varA(Tn, 3)",
"attack_deviation": "varA(700%)"
},
{
"access_time": "Tue Nov 27 11:40:00:000 2018",
"attack_code": "varA(Tn, 3), varA(Tn, 3)",
"attack_deviation": "varA(700%)"
}
]
}
]
}
]