HTTP DDoS Attack Summary

Overview

A summary overview of an ongoing HTTP denial of service (DoS) attack.

REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/HttpCorrelatedAttackDetailsSummary

Requests

GET /mgmt/ap/query/v1/tenants/default/reports/HttpCorrelatedAttackDetailsSummary

Query Parameters

Name Type Required Description
$id string true The unique identifier of the correlated attack.
$from string false Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time.
$to query option false Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time.

Response

HTTP/1.1 200 OK

Name Type Description
id string The attack’s unique identifier.
protocol string The traffic connection layer detected as the target for the DoS attack.
severity string The severity based on reported threshold values.
status object The indication of whether the attack is ongoing or has ended. Possible values: “Active” or “Ended”.
mitigation string The mitigation action that was applied by the DoS profile.
startTime Long The initial time the DoS profile detected a DoS attack.
endTime Long The time in which the DoS profile no longer detects the DoS attack, indicating the end of the attack.
duration Long The length of time for a detected DoS attack.
currAllTransactions number The average number of transactions per second detected over the past 5 minutes.
allTransactionsTs object The average number of transactions detected over time.
     timeMillis number The end time of the specific time slot within the time period.
     count number The number of data samples collected in the specific time slot.
     AllTransactions number The average number of transactions per second for the specific time slot.
currBlockedTransactions number The average number of blocked transactions per second over the past 5 minutes.
blockedTransactionsTs object The average number of blocked transactions per second over time.
     timeMillis number The end time of the specific time slot within the time period.
     count number The number of data samples collected in the specific time slot.
     blockedTransactions number The average number of blocked transactions per second for the specific time slot.
currIncompleteTransactions number The average number of incomplete transactions per second over the past 5 minutes.
incompleteTransactionsTs object The average number of incomplete transactions over time.
     timeMillis number The end time of the specific time slot within the time period.
     count number The number of data samples collected in the specific time slot.
     incompleteTransactions number The average number of incomplete transactions per second for the specific time slot.
protectedObject string The protected object that was attacked.
protectedObjectType string The type of the attacked protected object.
protectedObjectId string The unique identifier of the attacked protected object.
trigger string The attack properties detected by the DoS profile.
attackVector string The attack vector that detected the attack.
attackVectorId string The unique id of the attack vector that detected the attack
dosProfile string The DoS profile that detected the attack.
totalDropped number The total number of dropped transactions since the attack was first detected.
alertsHistory object A list of the attack’s summary information.
     id string The alert’s unique identifier.
     severity string The severity based on reported threshold values.
     timestamp number The time in which the alert was updated.
     title string A short description of the alert.

Permissions

Role Allow
Security Manager Yes
Network Security Viewer Yes
Network Security Manager Yes

Examples

GET to retrieve a single attack summary

Following is an example of a response to the API call for an attack of a specified ID

GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/HttpCorrelatedAttackDetailsSummary?$id=HTTP_dosHttpApp3_HttpDosProfile_transparent_1550577180907_19%2F02%2F26,11:24

Response

{
    "kind": "ap:compose:Report",
    "lastUpdateMicros": 677634967551,
    "result": {
            "id": "HTTP_dosHttpApp3_HttpDosProfile_transparent_1550577180907_19/02/26,11:24",
            "alertsHistory": [{
                    "id": "0123456789",
                    "title": "Attack detected on bigip_10-241-209-66.sample.com: ID 673557748",
                    "timestamp": 1551173041609,
                    "severity": "Warning"
            }],
            "severity": "Warning",
            "protectedObject": "dosHttpApp3",
            "dosProfile": "/Common/HttpDosProfile_transparent_1550577180907",
            "attackVector": "Application Layer",
            "mitigation": "Transparent",
            "trigger": "App Volumetric TPS",
            "protocol": "HTTP",
            "startTime": 1551173041609,
            "duration": 2733556,
            "status": "Active",
            "allTransactionsTs": [{
                    "timeMillis": 1551172200000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551172500000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551172800000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551173100000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551173400000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551173700000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551174000000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551174300000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551174600000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551174900000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551175200000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551175500000,
                    "allTransactions": 0.0
            }, {
                    "timeMillis": 1551175710000,
                    "allTransactions": 0.0
            }],
            "incompleteTransactionsTs": [{
                    "timeMillis": 1551172200000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551172500000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551172800000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551173100000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551173400000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551173700000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551174000000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551174300000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551174600000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551174900000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551175200000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551175500000,
                    "incompleteTransactions": 0.0
            }, {
                    "timeMillis": 1551175710000,
                    "incompleteTransactions": 0.0
            }],
            "blockedTransactionsTs": [{
                    "timeMillis": 1551172200000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551172500000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551172800000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551173100000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551173400000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551173700000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551174000000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551174300000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551174600000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551174900000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551175200000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551175500000,
                    "blockedTransactions": 0.0
            }, {
                    "timeMillis": 1551175710000,
                    "blockedTransactions": 0.0
            }],
            "currAllTransactions": 0.0,
            "currIncompleteTransactions": 0.0,
            "currBlockedTransactions": 0.0,
                    "totalDropped": 0
    },
    "requestDurationInMillis": 536
}