Automatic blocking of attacks with ASE
When the AI Engine detects an attack, it adds an entry to its blacklist which consists of usernames, tokens, API Keys, cookies, and IP addresses of clients which were detected executing attacks. If blocking is enabled for the API, the blacklist is automatically sent to ASE nodes which blocks the client's future access using the identifiers on the list.
Activate log processing for ABS
To activate ABS log processing, execute the following ASE command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
After log processing is enabled, ASE sends log data to ABS which processes the log data to look for attacks and generate reports.
Automatically block ABS detected attacks
ABS generates a list of clients which are suspected of executing attacks. ABS can be configured to automatically send the attack list to ASE which blocks client access. By default, automatic blocking is inactive, execute the following ASE command to activate automatic client blocking.
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack
Disable attack blocking
To disable automatic sending of ABS attack lists to ASE, execute the following ASE command:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack