IP Suspicious Activity Detection Process How to Guide

This document provides a technical overview of IP Suspicious Activity Detection Process.

Overview

The IAS IP Suspicious Activity Detection Process provides a file for partners which contains IP addresses (does not include IPv6 addresses) known to perform invalid traffic. IAS outputs a list of invalid traffic IP addresses hourly to a bucket on your Amazon Web Services (AWS) S3 account.

You need to give your IAS representative the AWS bucket name on your account where you want IAS to put the file. When the AWS bucket name is confirmed, IAS updates the bucket once daily with IP addresses of known bots (IAS requires you to delete this file after 7 days).

For ideal performance, IAS recommends the AWS bucket is in us-east-1.

Steps

  1. Partner creates AWS S3 bucket.

  2. IAS Solution Engineering provides bucket policy to attach to the S3 bucket, see "Bucket Policy" below.

  3. Partner gives IAS Solution Engineering the name for the bucket.

  4. IAS updates the bucket once daily, see "File Format Policy".

  5. Partner deletes the file after 7 days.

Bucket Policy

IAS does not encrypt objects in the bucket. If you require encryption, enable default encryption (SSE-S3) on the bucket.

Apply the following policy on the right on your bucket:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ias",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::454457967641:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<bucket-name>/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}

File Format Policy

This is an ASCII based, comma separated file without a header row. IAS uses the Eastern Standard Time (EST) and the file name convention: fraud_ips.YYYYMMDDHHMM.tsv.gz, where

Code

Description

YYYY

Year

MM

Month

DD

Day

HH

Hour

MM

Minute

Each row contains the IP address which is performing suspicious traffic. IAS recommends the best practice to avoid all IP addresses.

Example

Here is an example output file:

1.1.1.1
2.1.3.2


Was this article helpful?

Need further help?

Create an IAS case with details of your inquiry to receive help from our internal support team.