Bot Defense¶
Overview¶
Module Name in API¶
bigip-bot-defense
Product Name in API¶
local-traffic
Dimensions¶
| Dimension | Name in API | Description |
|---|---|---|
| Profile Name | profile-name | |
| Virtual Server | virtual | |
| BIG-IP Blade Number | slot-id | Used for BIG-IP Chassis with multiple blades. A value of 0 means this is a non chassis BIG-IP, any other value tells the serial number of the blade in the chassis |
| Mobile App Human Behavior | client-mobile-app-human-behavior | Human behavior of mobile application |
| Mobile App Jail Break | client-mobile-app-jailbreak | Security Jail Break of mobile application |
| Mobile App Version | client-mobile-app-version | The version of the mobile application |
| BIG-IP Host Name | hostname | The hostname given to the BIG-IP |
| BIG-IP Virtual Server | hostname-virtual | |
| Bot Signature Category | bot-signature-category | |
| Mobile App Name | client-mobile-app-name | The name of the mobile application |
| Mobile App Type | client-mobile-app-type | The type of the mobile application |
| Bot Class | bot-classification | |
| Mobile App Emulation Mode | client-mobile-app-emulation-mode | The emulation mode of a mobile application |
| BIG-IP Service Cluster | dsc-name | Clusters of BIG-IPs grouped together to have the same config |
| Action | security-action | The action a security module took with this transaction/packet, such as allow or block |
MetricSets¶
Transactions¶
Description¶
Number of transactions
Name In API¶
transactions
Metrics in the metricSet¶
| Metric | Name in API | Unit | Description |
|---|---|---|---|
| Total Transactions Count | count | trans | Total number of transactions that passed through the system |
| Avg TPS | avg-count-per-sec | tps | Average number of transactions that passed through the system per second |
Examples¶
By Time Query¶
A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, filters by dimension profile-name and get the count of transactions
{
"kind": "ap:query:stats:byTime",
"module": "bigip-bot-defense",
"timeRange": {
"from": "-1h",
"to": "now"
},
"timeGranularity": {
"duration": 30,
"unit": "SECONDS"
},
"aggregations": {
"transactions$count": {
"metricSet": "transactions",
"metric": "count"
}
},
"dimensionFilter": {
"type": "eq",
"dimension": "profile-name",
"value": "value to filter by"
}
}
By Entities Query¶
A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets top entities of type profile-name, sorted by count of transactions
{
"kind": "ap:query:stats:byEntities",
"module": "bigip-bot-defense",
"timeRange": {
"from": "-1H",
"to": "now"
},
"dimension": "profile-name",
"sortMetric": "transactions$count",
"sortOrder": "desc",
"aggregations": {
"transactions$count": {
"metricSet": "transactions",
"metric": "count"
}
},
"limit": 5
}
Entities Count Query¶
An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets the distinct count of entities of type profile-name
{
"kind": "ap:query:stats:entitiesCount",
"module": "bigip-bot-defense",
"dimension": "profile-name",
"timeRange": {
"from": "-1h",
"to": "now"
}
}