You can use the bulk delete option to clear large numbers of false positive client identifiers.
You can also use the bulk delete option to clear the blocklist in case of a reset.
-
To bulk delete client identifiers, use the ABS attacklist
REST API with the DELETE method:
URL: /v4/abs/attacklistMethod: DELETE
-
To bulk delete all the entries of a client identifier or all client
identifiers, configure the body of the attacklist.
The following is an example of the API request:
{ delete_all: false, delete_all_ips: true, delete_all_cookies: true, delete_all_oauth_tokens: false, delete_all_api_keys: true, delete_all_usernames: false, }Note:In the sample request body, the attacklist API deletes all entries for IP, cookies, and API keys. If, in the next time interval, the AI engine flags the same client identifiers, the blocklist is populated again.
-
To permanently stop a false positive from being reported, tune the thresholds
using the PingIntelligence Web GUI for the
specific client identifier.
The following table describes the options.
Option Description delete_all
This option overrides all the other configured options in the message body. If it is set to
true, all the client identifiers are deleted irrespective of what their individual configuration is. Set it tofalse, if you want to exercise other options.delete_all_ips
Set it true to delete all the IP addresses across all attack types from the blocklist.
delete_all_cookies
Set it true to delete all the cookies across all attack types from the blocklist.
delete_all_oauth_tokens
Set it true to delete all the OAuth token across all attack types from the blocklist.
delete_all_api_keys
Set it true to delete all the API Keys across all attack types from the blocklist.
delete_all_usernames
Set it true to delete all the usernames across all attack types from the blocklist.