DDoS Attacks per BIG-IP¶
Overview¶
A list of all ongoing DDoS attacks over a period of time for a selected BIG-IP.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList¶
Query Parameters¶
Name | Type | Required | Description |
---|---|---|---|
$device | string | False | The name of the selected BIG-IP under DDoS attack. |
$filter | query option | null | Specifies a string or integer used to filter the results. You can filter based on one or more parameters. |
$from | string | False | Specifies time to start results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
$orderby | string | False | Specifies the sorting parameter and order to apply to results. You can sort by attackID, protectedObject, dosProfileName, severity, detectionMode, attackMitigationId, protocol, attackVector or startTime. The sort order can be ascending (asc) or descending (desc). The default value is “startTime asc”, which sorts by startTime in ascending order. |
$to | string | False | Specifies time to end results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
$top | number | False | Specify the maximum number of results in the ordered list. The default value is 10. |
$skip | number | False | Specifies the number of results in the ordered list to skip. The default value of skip is 0, meaning none are skipped and the results range from 1 to the top value. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
items | object | The items that appear in the query. |
attackID | string | The attack’s unique identifier. |
attackMitigationId | string | The identifier of the mitigation type applied to the attack. |
detectionMode | string | The attack’s detection mode. |
dosProfiles | object | The DoS profile that detected the attack. |
id | string | The profile’s unique identifier. |
link | string | The link to the profile. |
name | string | The profile’s name. |
partition | string | The partition assigned to the profile. |
dosProfileName | string | The name of the DoS profile that detected the attack. |
protectedObject | string | The protected object that was attacked. |
protectedObjectId | string | The unique identifier of the attacked protected object. |
protectedObjectType | string | The type of protected object attacked. |
protocol | string | The protocol that detected the attack. |
attackVector | string | The attack vector that detected the attack. |
severity | string | The severity of the attack. |
startTime | Long | The time the attack was first detected. |
itemsPerPage | number | The number of items per page. |
pageIndex | number | The chronological page number as of which to display query results. |
startIndex | number | The chronological item number as of which to display query results. |
total | number | The total number of items queried. |
totalPages | number | The total number of pages in the query result. |
Permissions¶
Role | Allow |
---|---|
Administrator | Yes |
Examples¶
GET to retrieve all the attacks that currently take place on a specific BIG-IP¶
The following example returns the top 50 items ordered by the severity in ascending order.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList?$device=Tier1-Stav_StaitcIP-75.olympus.f5net.com&$orderby=severity asc&$skip=0&$top=50
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 1661152366249,
"result": {
"totalItems": 1,
"items": [{
"attackID": "DNS_dnsLicener1_dnsProfile_19/02/26,14:44",
"severity": "Critical",
"protectedObject": "/Common/dnsLicener1",
"protectedObjectType": "Virtual Server",
"protectedObjectId": "61a4ca0f-769a-37f6-a691-3b7eb7051214",
"detectionMode": "Volumetric, Aggregated across all SrcIP's, VS-Specific attack, metric:PPS",
"attackMitigationId": "Blocked",
"protocol": "DNS",
"attackVector": "DNS A Query",
"startTime": 1551185042133,
"dosProfiles": [{
"id": "35f46214-996e-3a19-84e4-caa5d0aafec6",
"name": "dnsProfile",
"link": "https://localhost/mgmt/cm/security-shared/working-config/dos-profiles/35f46214-996e-3a19-84e4-caa5d0aafec6",
"partition": "Common"
}],
"dosProfileName": "dnsProfile"
}],
"itemsPerPage": 0,
"startIndex": 0,
"totalPages": 0,
"pageIndex": 0,
"currentItemCount": 1
},
"requestDurationInMillis": 1881
}