Page created: 12 May 2021
|
Page updated: 1 Nov 2021
Use the bulk delete option when you believe that a large number of false positives have been
identified. You can also use the bulk delete option to clear the blacklist in case of a
reset. To bulk delete client identifiers, use the ABS attacklist REST
API with DELETE method. Following is the URL for the API:
URL: /v4/abs/attacklist
Method: DELETE
To bulk delete all the entries of a client identifier or all client identifier, configure the
body of the attacklist API request as show below:
{
delete_all: false,
delete_all_ips: true,
delete_all_cookies: true,
delete_all_oauth_tokens: false,
delete_all_api_keys: true,
delete_all_usernames: false,
}
In the sample request body above, the attacklist API
deletes all entries for IP, Cookie, and API Key. If, in the next time interval, the AI
engine flags the same client identifiers, the blacklist is populated again. To
permanently stop a false positive from being reported, tune the thresholds using the
PingIntelligence Web GUI for the specific client identifier.
The following table describes the options:
| Option | Description |
|---|---|
| delete_all | This option overrides all the other configured options in the
message body. If it is set to true, all the client
identifiers are deleted irrespective of what their individual
configuration is. Set it to false, if you wan to
exercise other options. |
| delete_all_ips | Set it true to delete all the IP addresses across all attack types from the blacklist. |
| delete_all_cookies | Set it true to delete all the cookies across all attack types from the blacklist. |
| delete_all_oauth_tokens | Set it true to delete all the OAuth token across all attack types from the blacklist. |
| delete_all_api_keys | Set it true to delete all the API Keys across all attack types from the blacklist. |
| delete_all_usernames | Set it true to delete all the usernames across all attack types from the blacklist. |