Audit log - PingIntelligence for APIs

Audit log - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

This appendix details audit log entries in the audit.log file.

The following table shows the four components of entries in the audit log files.

Date	Subject	Action	Resources
`YYYY-MM-DD hh:mm:ss`	Subject is the module through which actions are performed: command-line interface (CLI), REST API, or cluster	Actions are the ran commands.	Resources are the parameters associated with the actions.

The following table shows the subjects and their description.

Subject	Description
`cli`	CLI commands ran
`rest_api`	REST API requests received by API Security Enforcer (ASE)
`cluster`	Changes requested by peer node in a cluster

Here is sample output of an audit log file:

2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=**********
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop

CLI

The following table lists the actions and resources for ASE CLI.

Action	Resources
status	N/A
add_api	`username=, config_file_path=`
list_api	`username=`
api_info	`username=, api_id=`
api_count	`username=`
list_api_mappings	`username=`
delete_api	`username=, api_id=`
add_server	`username=, api_id=, server=,` `server_spike_threshold=, server_connection_quota=`
list_server	`username=, api_id=`
server_count	`username=, api_id=`
delete_server	`username=, api_id=, server=`
create_key_pair	`username=`
create_csr	`username=`
create_self_sign_cert	`username=`
import_cert	`username=, cert_path=`
health_status	`username=, api_id=`
enable_health_check	`username=, api_id=`
disable_health_check	`username=, api_id=`
update_password	`username=`
cluster_info	`username=`
cookie_count	`username=, api_id=`
enable_firewall	`username=`
disable_firewall	`username=`
enable_abs	`username=`
disable_abs	`username=`
enable_abs_attack	`username=`
disable_abs_attack	`username=`
abs_info	`username=`
enable_xff	`username=`
disable_xff	`username=`
update_bytes_in_threshold	`username=, api_id=, bytes_in_threshold=`
update_bytes_out_threshold	`username=, api_id=, bytes_out_threshold=`
update_client_spike_threshold	`username=, api_id=, client_spike_threshold=`
update_server_spike_threshold	`username=, api_id=, server=, server_spike_threshold=`
update_server_connection_quota	`username=, api_id=, server=, server_connection_quota`
get_auth_method	N/A
update_auth_method	`username=, auth_method=`
enable_audit	`username=`
disable_audit	`username=`
stop	`username=`

REST API

Action	Resource
`POST /v4/ase/api`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`GET /v4/ase/api`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`DELETE /v4/ase/api`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`POST /v4/ase/server`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`GET /v4/ase/server`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`DELETE /v4/ase/server`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`GET /v4/ase/cluster`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`POST /v4/ase/firewall`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`GET /v4/ase/firewall`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`POST /v4/ase/firewall/flowcontrol`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`GET /v4/ase/firewall/flowcontrol`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`
`POST /v4/ase/firewall/flowcontrol/server`	`Content-Type=application/json, x-ase-access-key=,` `x-ase-secret-key=**********`

Cluster

Action	Resource
add_api	`peer_node=, api_id=`
delete_api	`peer_node=, api_id=`
add_server	`peer_node=, api_id=, server=,` `server_spike_threshold=, server_connection_quota=`
delete_server	`peer_node=, api_id=, server`
enable_health_check	`peer_node=, api_id=`
disable_health_check	`peer_node=, api_id=`
enable_firewall	`peer_node=`
disable_firewall	`peer_node=`
enable_abs	`peer_node=`
disable_abs	`peer_node=`
enable_abs_attack	`peer_node=`
disable_abs_attack	`peer_node=`
enable_xff	`peer_node=`
disable_xff	`peer_node=`
update_bytes_in_threshold	`peer_node=, api_id=, bytes_in_threshold=`
update_bytes_out_threshold	`peer_node=, api_id=, bytes_out_threshold=`
update_client_spike_threshold	`peer_node=, api_id=, client_spike_threshold=`
update_server_spike_threshold	`peer_node=, api_id=, server=, server_spike_threshold=`
update_server_connection_quota	`peer_node=, api_id=, api_id=, server=,` `server_connection_quota=`
enable_audit	`peer_node=`
disable_audit	`peer_node=`
stop	`peer_node=`