Real-time Detected attacks for inline ASE - PingIntelligence for APIs

Real-time Detected attacks for inline ASE - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

API Security Enforcer (ASE) supports real time attack detection and blocking for:

API Pattern Enforcement – validate traffic to ensure it is consistent with the API definition
API Deception – blocks hackers probing a Decoy API

In real-time, ASE blocks hackers which violate pattern enforcement or probe decoy APIs. Hacker information is reported to API Behavioral Security (ABS) which generates ASE detected attack reports (type ID 101). Use the following ABS REST API to view the report:

https://192.168.11.138:8080/v4/abs/attack?later_date=2018-07-16&earlier_date=2018-07-16&api=atmapp&type=101

Real-time ASE detected attack based on OAuth2 token activity

{
 "company": "ping identity",
 "attack_type": "Invalid API Activity",
 "name": "api_attack_type",
 "description": "Clients using invalid method/protocol/content-type",
 "earlier_date": "Thu Jan 25 18:00:00:000 2018",
 "later_date": "Fri Dec 28 18:00:00:000 2018",
 "api_name": "atm_app_oauth",
 "ips": [],
 "cookies": [],
 "access_tokens": [
 {
 "access_token": "token_protocol",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:04:770 2018",
 "attack_code": "protocol"
 },
 {
 "access_time": "Fri Jan 26 21:16:17:851 2018",
 "attack_code": "protocol"
 }
 ]
 },
 {
 "access_token": "token_method",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:04:819 2018",
 "attack_code": "method"
 },
 {
 "access_time": "Fri Jan 26 21:16:17:903 2018",
 "attack_code": "method"
 }
 ]
 },
 {
 "access_token": "token_contenttype",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:04:819 2018",
 "attack_code": "content_type"
 },
 {
 "access_time": "Fri Jan 26 21:16:17:903 2018",
 "attack_code": "content_type"
 }
 ]
 }
 ]
}

Real-time ASE detected attack based on pattern enforcement violation

{
 "company": "ping identity",
 "attack_type": "Invalid API Activity",
 "cookie": "JSESSIONID",
 "name": "api_attack_type",
 "description": "Clients using invalid method/protocol/content-type",
 "earlier_date": "Thu Jan 25 18:00:00:000 2018",
 "later_date": "Fri Dec 28 18:00:00:000 2018",
 "api_name": "atm_app_public",
 "ips": [],
 "cookies": [
 {
 "cookie": "session_contenttype1",
 "details": [
 {
 "access_time": "Fri Jan 26 21:17:10:662 2018",
 "attack_code": "content_type"
 }
 ]
 },
 {
 "cookie": "session_method",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:06:656 2018",
 "attack_code": "method"
 },
 {
 "access_time": "Fri Jan 26 21:17:10:662 2018",
 "attack_code": "method"
 }
 ]
 },
 {
 "cookie": "session_contenttype",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:06:656 2018",
 "attack_code": "content_type"
 },
 {
 "access_time": "Fri Jan 26 21:17:10:662 2018",
 "attack_code": "content_type"
 }
 ]
 },
 {
 "cookie": "session_protocol",
 "details": [
 {
 "access_time": "Fri Jan 26 20:58:04:873 2018",
 "attack_code": "protocol"
 },
 {
 "access_time": "Fri Jan 26 21:16:47:314 2018",
 "attack_code": "protocol"
 }
 ]
 },
 {
 "cookie": "session_method1",
 "details": [
 {
 "access_time": "Fri Jan 26 21:17:10:662 2018",
 "attack_code": "method"
 }
 ]
 },
 {
 "cookie": "session_protocol1",
 "details": [
 {
 "access_time": "Fri Jan 26 21:16:47:314 2018",
 "attack_code": "protocol"
 }
 ]
 }
 ],
 "access_tokens": []
}