If you want to disable attack detection for a specific API, tune the user threshold to a maximum value. This follows the same process as changing the attack threshold and sets the user-generated normal threshold value to the maximum for the attack type (refer to Threshold range for Tn and Tx - Not in use for 5.1 for a list of maximum values). When the normal threshold is set to maximum, the machine learning system will not generate attacks based on that variable. All other variables continue to operate in either system or user mode.

You can also disable or enable an attack ID globally by using the attackstatus REST API. For more information, see Enable or disable attack IDs.