DoS Attack

Overview

Module Name in API

dos-attack

Product Name in API

device

Dimensions

Dimension Name in API Description
Virtual Server virtual  
DOS Profile dos-profile-name Name of the DoS profile used in the BIG-IP
Attack Mitigation attack-mitigation The current method of mitigation taken by the BIG-IP to handle the attack
Attack Vector attack-vector  
Attack Trigger attack-trigger Tells what triggered the BIG-IP to declare this attack
BIG-IP Host Name hostname The hostname given to the BIG-IP
Network Protocol protocol  
Attack ID attack-id A code provided by BIG-IP to this attack, the ID is per BIG-IP and should not be confused with combined attack ID of multiple BIG-IPs
Application Service applicationService  
BIG-IP Blade hostname-slot This is a combination of a BIG-IP hostname and its blade number
attack-id-hostname-slot attack-id-hostname-slot  
Virtual Server Unique Name unique-virtual-name Virtual server full name connected to a device or cluster name
BIG-IP Service Cluster dsc-name Clusters of BIG-IPs grouped together to have the same config
Application applications  

MetricSets

Block ratio score

Description

Name In API

block-ratio-score

Metrics in the metricSet

Metric Name in API Unit Description
Block ratio score avg-value-per-event % Block ratio score

Trigger score

Description

Name In API

trigger-score

Metrics in the metricSet

Metric Name in API Unit Description
Trigger score avg-value-per-event % Trigger score

IPs score

Description

Name In API

ips-score

Metrics in the metricSet

Metric Name in API Unit Description
Average IPs score avg-value-per-event % Average IPs score

Attack score

Description

Name In API

attack-score

Metrics in the metricSet

Metric Name in API Unit Description
Attack score avg-value-per-event % Attack score

Examples

By Time Query

A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”

POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query

This example for JSON body in the post, filters by dimension virtual and get the avg-value-per-event of block-ratio-score

{
    "kind": "ap:query:stats:byTime",
    "module": "dos-attack",
    "timeRange": {
            "from": "-1h",
            "to": "now"
    },
    "timeGranularity": {
            "duration": 30,
            "unit": "SECONDS"
    },
    "aggregations": {
            "block-ratio-score$avg-value-per-event": {
                    "metricSet": "block-ratio-score",
                    "metric": "avg-value-per-event"
            }
    },
    "dimensionFilter": {
            "type": "eq",
            "dimension": "virtual",
            "value": "value to filter by"
    }
}

By Entities Query

A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”

POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query

This example for JSON body in the post, gets top entities of type virtual, sorted by avg-value-per-event of block-ratio-score

{
    "kind": "ap:query:stats:byEntities",
    "module": "dos-attack",
    "timeRange": {
            "from": "-1H",
            "to": "now"
    },
    "dimension": "virtual",
    "sortMetric": "block-ratio-score$avg-value-per-event",
    "sortOrder": "desc",
    "aggregations": {
            "block-ratio-score$avg-value-per-event": {
                    "metricSet": "block-ratio-score",
                    "metric": "avg-value-per-event"
            }
    },
    "limit": 5
}

Entities Count Query

An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”

POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query

This example for JSON body in the post, gets the distinct count of entities of type virtual

{
    "kind": "ap:query:stats:entitiesCount",
    "module": "dos-attack",
    "dimension": "virtual",
    "timeRange": {
            "from": "-1h",
            "to": "now"
    }
}