DDoS Protection Summary¶
Overview¶
A summary overview of the ongoing denial of service (DoS) attacks, the attacked BIG-IPs, and the protected objects.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary¶
Query Parameters¶
Name | Type | Required | Description |
---|---|---|---|
$from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
$resolution-minutes-TS | number | False | Data values shown according to time increments in minutes. The default value is 5 minutes. |
$to | string | False | Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
$underAttack | boolean | False | The protected object status can be filtered by protected objects that are under attack or all protected objects. The default is false, which means all protected objects. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
totalAttacks | number | Ongoing DoS attacks. |
attacksTs | object | Avarage number of ongoing DoS attacks over time. |
count | number | The number of data samples collected in the specific time slot. |
timeMillis | number | The end time of the specific time slot within the time period. |
attacks | number | The avarage number of ongoing DoS attacks for the specific time slot. |
mitigated | number | Ongoing DoS attacks detected with a mitigating DoS profile. |
notMitigated | number | Ongoing DoS attacks detected with a monitoring DoS profile. |
protocol | object | The current count of ongoing DoS attack by the attacked protocol. |
DNS | number | The number of the currently ongoing DNS attacks. |
HTTP | number | The number of the currently ongoing HTTP attacks. |
Network | number | The number of the currently ongoing network attacks. |
attackSeverity | SeverityHistogram | The number of ongoing DoS attacks categorized by 2 (critical) or 1 (warning) severities. |
devicesUnderAttacks | number | The number of devices reporting ongoing DoS attacks. |
devicesUnderAttacksTs | object | The avarage number of devices reporting ongoing DoS attacks over time. |
count | number | The number of data samples collected in the specific time slot. |
timeMillis | number | The end time of the specific time slot within the time period. |
devices | number | The avarage number of devices reporting ongoing DoS attacks for the specific time slot. |
devicesHealth | string | The number of devices by health status of Critical, Moderate, Good or Other. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
devicesTopCPUUsage | object | Top devices by average CPU usage. |
deviceName | string | The device’s hostname. |
CPUUsage | number | The device’s current CPU usage. |
applicationsHealth | string | The number of applications by health status of Critical, Moderate, Good or Other. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
virtualServersHealth | string | The number of virtual servers by health status of Critical, Moderate, Good, or Other. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
virtualServersUnderAttacks | number | The number of virtual servers under ongoing DoS attacks. |
applicationsUnderAttacks | number | The number of applications under ongoing DoS attacks. |
protectedObjectsUnderAttacksTs | object | A list of the average number of protected objects (applications and virtual servers) under DDoS attack over time. |
count | number | The number of data samples collected in the specific time slot. |
timeMillis | number | The end time of the specific time slot within the time period. |
virtualServers | number | The avarage number of virtual servers reporting ongoing DoS attacks for the specific time slot. |
applications | number | The avarage number of applications reporting ongoing DoS attacks for the specific time slot. |
Permissions¶
Role | Allow |
---|---|
Security Manager | Yes |
Network Security Viewer | Yes |
Network Security Manager | Yes |
Examples¶
GET to retrieve DoD protection summary¶
Following is an example of a response to the default API call, with no parameters.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 8116074076,
"result": {
"totalAttacks": 1,
"attacksTs": [
{
"timeMillis": 1584822900000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584823200000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584823500000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584823800000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584824100000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584824400000,
"count": 0,
"attacks": 0.0
},
{
"timeMillis": 1584824700000,
"count": 1,
"attacks": 1.0
},
{
"timeMillis": 1584825000000,
"count": 1,
"attacks": 1.0
},
{
"timeMillis": 1584825300000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584825600000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584825900000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826200000,
"count": 5,
"attacks": 1.0
}
],
"mitigated": 1,
"notMitigated": 0,
"protocol": {
"HTTP": 0,
"Network": 1,
"DNS": 0
},
"attackSeverity": {
"1": 0,
"2": 1
},
"devicesUnderAttacks": 1,
"devicesUnderAttacksTs": [
{
"timeMillis": 1584822900000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584823200000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584823500000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584823800000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584824100000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584824400000,
"count": 0,
"devices": 0.0
},
{
"timeMillis": 1584824700000,
"count": 0,
"devices": 1.0
},
{
"timeMillis": 1584825000000,
"count": 0,
"devices": 1.0
},
{
"timeMillis": 1584825300000,
"count": 0,
"devices": 1.0
},
{
"timeMillis": 1584825600000,
"count": 0,
"devices": 1.0
},
{
"timeMillis": 1584825900000,
"count": 0,
"devices": 1.0
},
{
"timeMillis": 1584826200000,
"count": 0,
"devices": 1.0
}
],
"devicesHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 1,
"Other": 0
},
"devicesTopCPUUsage": [
{
"deviceName": "Tier1-Yoav_StaticIP-78.olympus.f5net.com",
"CPUUsage": 2.5855403567190494
}
],
"virtualServersUnderAttacks": 1,
"protectedObjectsUnderAttacksTs": [
{
"timeMillis": 1584822900000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584823200000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584823500000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584823800000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584824100000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584824400000,
"count": 0,
"virtualServers": 0.0,
"applications": 0.0
},
{
"timeMillis": 1584824700000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
},
{
"timeMillis": 1584825000000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
},
{
"timeMillis": 1584825300000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
},
{
"timeMillis": 1584825600000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
},
{
"timeMillis": 1584825900000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
},
{
"timeMillis": 1584826200000,
"count": 0,
"virtualServers": 1.0,
"applications": 0.0
}
],
"virtualServersHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 3,
"Other": 0
},
"applicationsUnderAttacks": 0,
"applicationsHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
}
},
"requestDurationInMillis": 93
}