The AI engine detects multiple types of Indicators of Attack (IoAs) on REST APIs. Each IoA is associated with a unique attack ID. By default, all the IoAs are enabled for detection. You can enable or disable detection of a specific IoA using the Enable/Disable Attacks feature under Attack Management.
- Ensure you have admin user privileges.
To enable or disable attacks:
-
Click .
Note:The PingOne API Intelligence Dashboard interacts with the AI engine when you enable or disable an IoA. If you disable an attack while the AI engine is processing data, it might continue reporting IoAs for a few minutes. The IoA type would be disabled when the next batch of data is processed. When you enable an IoA from the disabled state, the AI engine takes a few minutes to report new IoA events. For more information, see Enabling or disabling attack IDs.
-
Click the toggle
to enable or disable an IoA type. The toggle button will not be
present if an IoA cannot be disabled. For example, the following IoA IDs cannot
be disabled because they are real-time events reported by ASE:
- Attack ID 13: API DDoS Attack Type 2
- Attack ID 100: Decoy Attack. This IoA ID must be disabled on ASE.
- Attack ID 101: Invalid API Activity. This IoA ID must be disabled on ASE.
-
Click the Expand
icon for
details, such as the time the IoA was enabled or disabled.
-
You will always be prompted with a confirmation notification before
enabling or disabling an IoA. For example, when you try to disable an
IoA, you will be prompted with the following notification. Click
Submit to confirm.
You should see a success notification when an IoA type is enabled or disabled.
-
You will always be prompted with a confirmation notification before
enabling or disabling an IoA. For example, when you try to disable an
IoA, you will be prompted with the following notification. Click
Submit to confirm.
-
Sort the attack types based on Attack Id or
Is Enabled status.
-
Search based on Attack Name or Attack
Id within enabled or disabled attacks.
