The AI Engine detects multiple types of Indicators of Attack(IoAs) on REST APIs. Each IoA is associated with a unique attack ID. By default all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA, using the Enable/Disable Attacks feature of Attack Management.
- Make sure you have admin user privileges.
.Note: The API IntelligenceDashboard interacts with the AI Engine when you enable or disable an IoA. If you disable an attack while the AI engine is processing data, it might continue reporting IoAs for a few minutes. The IoA type would be disabled when the next batch of data is processed. When you enable an IoA from the disabled state, the AI engine takes a few minutes to report new IoA events. For more information, see Enable or disable attacks.
Use the toggle button to enable or disable an IoA type. The toggle button will
not be present if an IoA cannot be disabled. For example, the following IoA IDs
cannot be disabled as these are real-time events reported by ASE:
- Attack ID 13: API DDoS Attack Type 2
- Attack ID 100: Decoy Attack. This IoA ID must be disabled on ASE.
- Attack ID 101: Invalid API Activity. This IoA ID must be disabled on ASE.
Click on the expand icon for details such as the time the IoA was enabled or
disabled. The following screenshot displays the IoA details.
You will always be prompted with a confirmation notification before enabling or disabling an IoA. For example when you try to disable an IoA, you will be prompted with the following notification. Click Submit to confirm. You should see a success notification whenever an IoA type is enabled or disabled.
Sort the attack types based on IoA ID or Is Enabled status.
Search based on IoA name or IoA ID within enabled or disabled attacks.