Splunk for PingIntelligence - PingIntelligence for APIs

Splunk for PingIntelligence - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Splunk for PingIntelligence provides a pictorial view of various attacks in an API environment with granular event details.

The Splunk Dashboard monitors the attack.log file in PingIntelligence for APIs Dashboard. The Dashboard server through attack.log returns a JSON report that contains attack details. The following is a snippet of attack.log with attack details:

{
  "timestamp": "1575965866132",
  "protocol": "HTTP",
  "attack_id": "11",
  "description": "Extreme App Activity",
  "attack_bucket": "API",
  "attack_scope": "SINGLE_API",
  "attacked_api": "shop-electronics",
  "attack_identifier_type": "TOKEN",
  "attack_key": "",
  "attack_value": "343077883101e1c8f2b3ec0fbf6a32ab2327e4c2e7ebe525a27a125225fa136d"
}

The following illustration summarizes the data flow between the PingIntelligence Dashboard and Splunk.

Diagram showing the flow of events between PingIntelligence Dashboard and Splunk.

Note:

PingIntelligence for APIs is qualified for Splunk 8.0.0.