Do we have any assertion where we can do this
block further logins for the same user after invalid attempts for a particular time.
Policy manager 9.1
The below documentation will walk you through on how to control things such as lockout attempts, lockout time, etc...
Manage Administrative User Account Policy - CA API Gateway - 9.1 - CA Technologies Documentation
Let us know if this answers the question.
The Apply rate limit assertion can "Blackout for X sec" when Limit "by the User or client IP address",
Apply Rate Limit Assertion - CA API Gateway - 9.3 - CA Technologies Documentation
Retrieving data ...