Configuring automated ASE attack blocking - PingIntelligence for APIs

Configuring automated ASE attack blocking - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

When the AI Engine detects an attack, it adds an entry to its deny list, which consists of usernames, tokens, API Keys, cookies, and IP addresses of clients that were detected executing attacks.

If blocking is enabled for the API, the deny list is automatically sent to API Security Enforcer (ASE) nodes, which blocks the client's future access using the identifiers on the list.

To activate API Behavioral Security (ABS) log processing, run the following ASE command:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs
```
Note:
After log processing is enabled, ASE sends log data to ABS which processes the log data to look for attacks and generate reports.
To activate automatic client blocking, run the following ASE command:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin enable_abs_attack
```
Note:
ABS generates a list of clients which are suspected of executing attacks. ABS can be configured to automatically send the attack list to ASE which blocks client access. By default, automatic blocking is inactive.
To disable automatic sending of ABS attack lists to ASE, run the following ASE command:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin disable_abs_attack
```