Attack management in ASE - PingIntelligence for APIs

Attack management in ASE - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

In API Security Enforcer (ASE), you manage detected attacks through both allow list and deny list.

Client identifiers in deny list are blocked by ASE while those in the allow list are never blocked. You can also choose to block or allow a client identifier at API level by configuring the individual API JSON.

Allow list: List of safe IP addresses, cookies, OAuth2 Tokens, API keys, or usernames that will not be blocked by ASE.; The list is manually created using ASE CLI commands.

Deny list

List of bad IP addresses, cookies, OAuth2 Tokens, API keys, or usernames that are always blocked by ASE.

The list consists of entries from one or more of the following sources:

API Behavioral Security (ABS) detected clients suspected of executing attacks (for example, data exfiltration).
ASE detected clients suspected of executing attacks (for example, invalid method, decoy API accessed). These attacks are reported to ABS and become part of ABS deny list also after further AI processing.
List of bad client identifiers manually added using ASE CLI