Manage attack blocking - PingIntelligence for APIs

Manage attack blocking - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

API Security Enforcer (ASE) and API Behavioral Security (ABS) work in tandem to detect and block attacks.

ASE detects attacks in real-time, blocks the hacker, and reports attack information to ABS. ABS AI Engine uses behavioral analysis to look for advanced attacks. Attack management is done in both ABS and ASE.

In ABS, you can:

List active, expired or a consolidated list of active and expired client identifiers for a specific time period. For more information see, ABS deny list reporting.
Delete specific client identifiers from ABS deny list or bulk delete a type of client identifier using ABS REST API. For more information, see Deleting individual client identifiers and Using the bulk delete option for client identifiers.
Enable or disable a specific attack ID. When you disable an attack ID, ABS stops reporting attacks across all client identifiers for that attack ID. For more information, see Enabling or disabling attack IDs.
Configure the time-to-live (TTL) for each client identifier type. The TTL time applies to all the detected attacks for that client identifier. For more information, see TTL for client identifiers in ABS.

In ASE, you can:

Manually add or delete entries from allow list and deny list
Enable or disable automatic blocking of ABS detected attack types
Enable or disable ASE detected real-time attacks. ASE detects real time attacks only in an inline deployment.

For more information see, Attack management in ASE