Attack management - PingIntelligence for APIs

Attack management - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

The Attack management dashboard shows the clients which were flagged for an Indicator of Attack (IoA) for the specified period.

To view the Attack list summary information, click Attack management.

Screen capture of PingIntelligence Attack List.

The Attack list has the following columns:

Column	Description
Client ID	The unique ID of the client that originated the IoA.
IoAs	The number of IoAs for the client for the time range.
Client type	The type of client: Token IP address Cookie Username API key
Reviewed	Reviewed status toggle: Reviewed (On) Not reviewed (Off)
Actions	Possible actions to take (three-dots) drop down: Client activity Tune IoA detection Remove from blocklist

Sorting and filtering

Sort the Attack list output according to one of the following:

Detected time (default), from the most recent date and time to the least recent.
IoA count, ordered by Client ID, from the client with the highest number of IoAs to the client with the least IoAs.

Apply filters to narrow down the Attack list.

Select one or more Client ID Types from the drop down menu:
- Token
- IP address
- Cookie
- Username
- API key
Select a date range from the Quick dates drop down menu:
- Last 1 day (default)
- Last 7 days
- Last 30 days
- Custom: define a period from a starting date and time to an ending date and time

Click Go to apply the filters to the Attack list output.

You can filter the Attack list further:

Search client identifiers: Enter search strings or partial strings of the Client ID
Note:
- The search is case-insensitive.
- Wildcard searches, for example using an asterisk (*), are not supported.
- Use of quotation marks is not supported.
- Be aware of the use of spaces in a search string. A leading or trailing space can filter out results. A single space is not regarded as multiple consecutive spaces.
Click Filter to apply the following filter parameters:
- Reviewed
  - All (default)
  - Reviewed
  - Not reviewed
- Select one or more APIs from the drop down
- Select one or more IoA types from the drop down

Drill downs and actions

Actions

On the right side of the row in the main Attack management list, or at the top right of the IoAs dashboard, click the three-dots drop down to choose an action option:

Client activity: Navigate to the Client activity dashboard, for further inspection and analysis of the client's activities during the reported period.
Tune IoA detection: Select this option to update models to not flag this behavior in the future.
Remove from blocklist: Select this option to update models to remove this entry from the blocklist.

Drill down

Click on a row to navigate to the client's IoAs (Indicators of Attack) dashboard, for further drill downs, inspection and analysis of the client's activities during the reported period.