After PingOne API Intelligence is deployed, the next steps involve managing the training settings, Indicators of Attack (IoAs) management, and API group settings.
When training completes, the Dashboard will begin reporting on abnormal behavior, which is reported as IoAs. You can automatically block such abnormal activity by enabling blocking in your environment. Finally, you can logically group APIs together to simplify access to the API information.
AI engine training
After APIs are added to PingOne API Intelligence through the API discovery process or manually generated definitions, the AI engine automatically starts the training process to build AI models. The AI models are used to generate API activity reports and detect anomalous behavior, which is reported through IoAs.
To ensure accurate models are built for API activity in your environment, the training settings should be configured to capture data from your API environment. For more information, see Configuring training settings.
PingOne API Intelligence uses specialized algorithms to inspect and track all API session metadata, including client information, API request and response transactions, and other information. The AI engine continuously looks for abnormal behavior and generates IoAs, which show unexpected behavior, for example:
- A test system sending extreme traffic on a production API
- Partner misuse, such as a partner extracting large amounts of data
- API hacking, such as probing, query or header manipulation, and so on
Unlike traditional security platforms, the AI engine automatically learns expected traffic behavior both across API environments and on a per-API basis. When an IoA is detected, it automatically blocks the requester. PingOne API Intelligence works across your APIs, regardless of which tool is used for issuing tokens and managing identities. It provides an additional security layer on top of your foundational API security infrastructure. For more information, see Indicators of Attack and Anomalies.
PingOne API Intelligence supports flexible grouping of APIs based on your business requirements. For example, you can group APIs by region, API gateway type, line-of-business, or other custom groups. This allows administrators to find and manage APIs in your environment. For more information, see Administering API groups.