Virtual Server DDoS Attacks List¶
Overview¶
A list of all ongoing DDoS attacks, to the selected virtual server, over a specified period of time.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/AllVsAttacksList¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/AllVsAttacksList¶
Query Parameters¶
Name | Type | Required | Description |
---|---|---|---|
$protectedObjectId | string | False | Specifies protected virtual server’s unique identifier. |
$filter | string | null | Specifies a string or integer used to filter the results. You can filter by all or a specific parameter. |
$from | string | False | Specifies time to start results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
$orderby | string | False | Specifies the sorting parameter and order to apply to results. You can sort by attackID, protectedObject, dosProfileName, severity, detectionMode, attackMitigationId, protocol, attackVector, startTime or dropRate. The sort order can be ascending (asc) or descending (desc). The default value is “startTime asc”, which sorts by startTime in ascending order. |
$skip | number | False | Specifies the number of results in the ordered list to skip. The default value of skip is 0, meaning none are skipped and the results range from 1 to the top value. |
$to | string | False | Specifies time to end results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
$top | number | False | Specify the maximum number of results in the ordered list. The default value is 10. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
items | object | The items that appear in the query. |
attackID | string | The attack’s unique identifier. |
attackMitigationId | string | The identifier of the mitigation type applied to the attack. |
detectionMode | string | The attack’s detection mode. |
dosProfiles | object | The DoS profile that detected the attack. |
id | string | The profile’s unique identifier. |
link | string | The link to the profile. |
name | string | The profile’s name. |
partition | string | The partition assigned to the profile. |
dosProfileName | string | The name of the DoS profile that detected the attack. |
protectedObject | string | The protected object that was attacked. |
protectedObjectId | string | The unique identifier of the attacked protected object. |
protectedObjectType | string | The type of protected object attacked. |
protocol | string | The protocol that detected the attack. |
attackVector | string | The attack vector that detected the attack. |
attackVectorId | string | The identifier of the attack vector that detected the attack. |
severity | string | The severity of the attack. |
startTime | Long | The time the attack was first detected. |
dropRate | Double | The number of dropped events per second. |
itemsPerPage | number | The number of items per page. |
pageIndex | number | The chronological page number as of which to display query results. |
startIndex | number | The chronological item number as of which to display query results. |
total | number | The total number of items queried. |
totalPages | number | The total number of pages in the query result. |
Permissions¶
Role | Allow |
---|---|
Security Manager | Yes |
Network Security Viewer | Yes |
Network Security Manager | Yes |
Examples¶
GET to retrieve list of all ongoing DDoS attacks over a specified period of time for a specific virtula server¶
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllVsAttacksList?$protectedObjectId=8b08e3b5-5bc9-3ce7-ba3a-7358c53202ec&$orderby=severity asc&$skip=0&$top=50
Following is an example of a response to the API call for a specific virtual server.
Response¶
"kind": "ap:compose:Report",
"lastUpdateMicros": 4619606415,
"result": {
"totalItems": 1,
"items": [
{
"attackID": "Network_dosVS_NetworkDosProfile_blocking_1563707938623_19/07/22,17:14",
"severity": "Warning",
"protectedObject": "/Common/dosVS",
"protectedObjectType": "Virtual Server",
"protectedObjectId": "8b08e3b5-5bc9-3ce7-ba3a-7358c53202ec",
"detectionMode": "Volumetric, Per-SrcIP, VS-specific attack, metric:PPS",
"attackMitigationId": "Per-SrcIP Blocked",
"protocol": "Network",
"attackVector": "TCP Push Flood",
"startTime": 1563804842436,
"dosProfiles": [
{
"id": "4d112ff8-4b33-31b1-8c42-e530d7251747",
"name": "NetworkDosProfile_blocking_1563707938623",
"link": "https://localhost/mgmt/cm/security-shared/working-config/dos-profiles/4d112ff8-4b33-31b1-8c42-e530d7251747",
"partition": "Common"
}
],
"dosProfileName": "NetworkDosProfile_blocking_1563707938623"
}
],
"itemsPerPage": 50,
"startIndex": 0,
"totalPages": 1,
"pageIndex": 0,
"currentItemCount": 1
},
"requestDurationInMillis": 257
}