Managing the ASE deny list - PingIntelligence for APIs

Managing the ASE deny list - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Manage API Security Enforcer (ASE) operations for OAuth2 tokens, cookies, IP addresses, username, and API keys on a deny list.

To manage the ASE deny list:

To add an IP address to the deny list, run the add_blacklist command with the ip option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
ip 1.1.1.1 added to blacklist

To add a cookie to a deny list, run the add_blacklist command with the cookie option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist cookie JSESSIONID ad233edqsd1d23redwefew 
cookie JSESSIONID ad233edqsd1d23redwefew added to blacklist

To add a token to a deny list, run the add_blacklist command with the token option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist token ad233edqsd1d23redwefew
token ad233edqsd1d23redwefew added to blacklist

To add an API key to a deny list, run the add_blacklist command with the api_key option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4
api_key AccessKey b31dfa4678b24aa5a2daa06aba1857d4 added to blacklist

To add a username to a deny list, run the add_black list command with the username option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_blacklist username user1
username user1 added to blacklist

To view the entire deny list, run the view_blacklist command with the all option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist all
Manual Blacklist
1) type : ip, value : 10.10.10.10
2) type : cookie, name : JSESSIONID, value : cookie_1.4
3) type : token, value : token1.4
4) type : api_key, name : X-API-KEY, value : key_1.4
Realtime Decoy Blacklist
1) type : ip, value : 4.4.4.4
Realtime Protocol Blacklist
1) type : token, value : token1.1
2) type : ip, value : 1.1.1.1
3) type : cookie, name : JSESSIONID, value : cookie_1.1
Realtime Method Blacklist
1) type : token, value : token1.3
2) type : ip, value : 3.3.3.3
3) type : cookie, name : JSESSIONID, value : cookie_1.3
Realtime Content-Type Blacklist
1) type : token, value : token1.2
2) type : ip, value : 2.2.2.2
3) type : cookie, name : JSESSIONID, value : cookie_1.2

To view the deny list based on decoy IP addresses, run the view_blacklist command with the decoy option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist decoy
Realtime Decoy Blacklist
1) type : ip, value : 4.4.4.4

To view the deny list based on protocol violations, run the view_blacklist command with the invalid_protocol option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_protocol
Realtime Protocol Blacklist
1) type : token, value : token1.1
2) type : ip, value : 1.1.1.1
3) type : cookie, name : JSESSIONID, value : cookie_1.1

To view the deny list based on method violations, run the view_blacklist command with the invalid_method option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_method
Realtime Method Blacklist
1) type : token, value : token1.3
2) type : ip, value : 3.3.3.3
3) type : cookie, name : JSESSIONID, value : cookie_1.3

To view the deny list based on content-type violation, run the view_blacklist command with the invalid_content_type option:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist invalid_content_type
Realtime Content-Type Blacklist
1) type : token, value : token1.2
2) type : ip, value : 2.2.2.2
3) type : cookie, name : JSESSIONID, value : cookie_1.2

To view API Behavioral Security (ABS) -detected attacks, run the view_blacklist command with the abs_detected option:
```
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_blacklist abs_detected
No Blacklist
```

To delete an entry from a deny list, run the delete_blacklist command:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_blacklist ip 1.1.1.1
ip 1.1.1.1 deleted from blacklist

./bin/cli.sh -u admin -p admin delete_blacklist cookie JSESSIONID avbry47wdfgd
cookie JSESSIONID avbry47wdfgd deleted from blacklist

./bin/cli.sh -u admin -p admin delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
token 58fcb0cb97c54afbb88c07a4f2d73c35 deleted from blacklist

To clear the deny list, run the clear_blacklist command:
```
./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :y
Blacklist cleared
./bin/cli.sh -u admin -p admin clear_blacklist
This will delete all blacklist Attacks, Are you sure (y/n) :n
Action canceled
```
Warning:
When clearing the deny list, make sure that Real-time Detected attacks for inline ASE attacks and ABS-detected attacks are disabled. If not disabled, the deny list gets populated again as both ASE and ABS are continuously detecting attacks.