The ABS AI Engine blacklist supports configuring the length of time that a client identifier type (username, OAuth token, API Key, cookie, and IP address) remains on the blacklist. Each client identifier type can be configured with a different value in minutes. The default value of zero minutes means that the AI engine will not remove any client identifiers from the blacklist unless the TTL value is changed.
admin
ABS REST API
which supports configuring a different TTL in minutes for each client identifier. Following
are the recommended steps to managing client identifier TTL:- Use the ABS
admin
REST API to fetch the current TTL values. - Use the PUT method with the ABS
admin
REST API to configure the TTL.
When you update the TTL value, it applies to the client identifiers in the blacklist that the AI engine identified from that time onwards. For example, you set initial TTL of 120-minutes at 6 AM for 100 client identifiers in the blacklist, then the list will exist till 8 AM. Now, if you change the TTL at 7 AM to 30-minutes, then the initial list of 100 client identifier will still exist till 8 AM. The new 30-minute TTL will apply to the client identifiers reported from 7 AM onwards.
Fetch the current TTL value: Use the admin
API to fetch the
current TTL of the client identifiers:
https://<ip>:<port>/v4/abs/admin
. Following is a sample output displaying the current TTL values:
{
"company": "ping identity",
"name": "api_admin",
"description": "This report contains status information on all APIs, ABS clusters,
and ASE logs",
"license_info": {
"tier": "Subscription",
"expiry": "Wed Jan 15 00:00:00 UTC 2020",
"max_transactions_per_month": 1000000000,
"current_month_transactions": 98723545,
"max_transactions_exceeded": false,
"expired": false
},
"across_api_prediction_mode": true,
"api_discovery": {
"subpath_length": "1",
"status": true
"apis": [
{
"api_name": "app",
"host_name": "*",
"url": "/atm_app_oauth",
"api_type": "decoy-incontext",
"creation_date": "Thu Dec 26 09:51:10 UTC 2019",
"servers": 0,
"protocol": "http",
"cookie": "",
"token": true,
"training_started_at": "Thu Dec 26 09:52:29 UTC 2019",
"training_duration": "1 hour",
"prediction_mode": true,
"apikey_header": "",
"apikey_qs": ""
}
],
"abs_cluster": {
"abs_nodes": [
{
"node_ip": "172.17.0.1",
"os": "DISTRIB_ID=Ubuntu - ",
"cpu": "4",
"memory": "7.8G",
"filesystem": "19%",
"bootup_date": "Wed Dec 25 15:01:06 UTC 2019"
}
],
"mongodb_nodes": [
{
"node_ip": "172.17.0.1",
"status": "up"
}
]
},
"ase_logs": [
{
"ase_node": "8f9d07c5-c5c4-43c3-97be-9672c7fd2986",
"last_connected": "Thu Dec 26 10:51:13 UTC 2019",
"logs": {
"start_time": "Thu Dec 26 09:51:14 UTC 2019",
"end_time": "Thu Dec 26 10:51:13 UTC 2019",
"gzip_size": "429.96KB"
}
}
],
"percentage_diskusage_limit": "80%",
"scale_config": {
"scale_up": {
"cpu_threshold": "70%",
"cpu_monitor_interval": "30 minutes",
"memory_threshold": "70%",
"memory_monitor_interval": "30 minutes",
"disk_threshold": "70%",
"disk_monitor_interval": "30 minutes"
},
"scale_down": {
"cpu_threshold": "10%",
"cpu_monitor_interval": "300 minutes",
"memory_threshold": "10%",
"memory_monitor_interval": "300 minutes",
"disk_threshold": "10%",
"disk_monitor_interval": "300 minutes"
}
},
"attack_ttl": {
"ids": [
{
"id": "ip",
"ttl": 0
},
{
"id": "cookie",
"ttl": 0
},
{
"id": "access_token",
"ttl": 0
},
{
"id": "api_key",
"ttl": 0
},
{
"id": "username",
"ttl": 0
}
]
}
}
Configure the TTL: Use the PUT method with admin
REST API to
configure the TTL in minutes:
URL:
https://<ip>:<port>/v4/abs/admin
Method: PUT
{
"ids" : [
{
"id" : "ip",
"ttl" : 10
},
{
"id" : "cookie",
"ttl" : 10
},
{
"id" : "access_token",
"ttl" : 10
},
{
"id" : "api_key",
"ttl" : 10
},
{
"id" : "username",
"ttl" : 10
}
]
}
{
"message": "TTL updated successfully",
"date": "Thu Dec 26 10:59:40 UTC 2019"
}
To verify the new TTL values, rerun the ABS admin
REST API with the GET
method.