DDoS Protection Summary

Overview

A summary overview of the ongoing denial of service (DoS) attacks, the attacked BIG-IPs, and the protected objects.

REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary

Requests

GET /mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary

Query Parameters

Name Type Required Description
$from string False Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time.
$resolution-minutes-TS number False Data values shown according to time increments in minutes. The default value is 5 minutes.
$to string False Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time.
$underAttack boolean False The protected object status can be filtered by protected objects that are under attack or all protected objects. The default is false, which means all protected objects.

Response

HTTP/1.1 200 OK

Name Type Description
totalAttacks number Ongoing DoS attacks.
attacksTs object Avarage number of ongoing DoS attacks over time.
     count number The number of data samples collected in the specific time slot.
     timeMillis number The end time of the specific time slot within the time period.
     attacks number The avarage number of ongoing DoS attacks for the specific time slot.
mitigated number Ongoing DoS attacks detected with a mitigating DoS profile.
notMitigated number Ongoing DoS attacks detected with a monitoring DoS profile.
protocol object The current count of ongoing DoS attack by the attacked protocol.
     DNS number The number of the currently ongoing DNS attacks.
     HTTP number The number of the currently ongoing HTTP attacks.
     Network number The number of the currently ongoing network attacks.
attackSeverity SeverityHistogram The number of ongoing DoS attacks categorized by 2 (critical) or 1 (warning) severities.
devicesUnderAttacks number The number of devices reporting ongoing DoS attacks.
devicesUnderAttacksTs object The avarage number of devices reporting ongoing DoS attacks over time.
     count number The number of data samples collected in the specific time slot.
     timeMillis number The end time of the specific time slot within the time period.
     devices number The avarage number of devices reporting ongoing DoS attacks for the specific time slot.
devicesHealth string The number of devices by health status of Critical, Moderate, Good or Other.
     critical number The number of objects with a critical health status
     good number The number of objects with a good health status
     moderate number The number of objects with a moderate health status
     other number The number of objects with an unknown health status
devicesTopCPUUsage object Top devices by average CPU usage.
     deviceName string The device’s hostname.
     CPUUsage number The device’s current CPU usage.
applicationsHealth string The number of applications by health status of Critical, Moderate, Good or Other.
     critical number The number of objects with a critical health status
     good number The number of objects with a good health status
     moderate number The number of objects with a moderate health status
     other number The number of objects with an unknown health status
virtualServersHealth string The number of virtual servers by health status of Critical, Moderate, Good, or Other.
     critical number The number of objects with a critical health status
     good number The number of objects with a good health status
     moderate number The number of objects with a moderate health status
     other number The number of objects with an unknown health status
virtualServersUnderAttacks number The number of virtual servers under ongoing DoS attacks.
applicationsUnderAttacks number The number of applications under ongoing DoS attacks.
protectedObjectsUnderAttacksTs object A list of the average number of protected objects (applications and virtual servers) under DDoS attack over time.
     count number The number of data samples collected in the specific time slot.
     timeMillis number The end time of the specific time slot within the time period.
     virtualServers number The avarage number of virtual servers reporting ongoing DoS attacks for the specific time slot.
     applications number The avarage number of applications reporting ongoing DoS attacks for the specific time slot.

Permissions

Role Allow
Security Manager Yes
Network Security Viewer Yes
Network Security Manager Yes

Examples

GET to retrieve DoD protection summary

Following is an example of a response to the default API call, with no parameters.

GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/DosProtectionSummary

Response

{
  "kind": "ap:compose:Report",
  "lastUpdateMicros": 8116074076,
  "result": {
    "totalAttacks": 1,
    "attacksTs": [
      {
        "timeMillis": 1584822900000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584823200000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584823500000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584823800000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584824100000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584824400000,
        "count": 0,
        "attacks": 0.0
      },
      {
        "timeMillis": 1584824700000,
        "count": 1,
        "attacks": 1.0
      },
      {
        "timeMillis": 1584825000000,
        "count": 1,
        "attacks": 1.0
      },
      {
        "timeMillis": 1584825300000,
        "count": 5,
        "attacks": 1.0
      },
      {
        "timeMillis": 1584825600000,
        "count": 5,
        "attacks": 1.0
      },
      {
        "timeMillis": 1584825900000,
        "count": 5,
        "attacks": 1.0
      },
      {
        "timeMillis": 1584826200000,
        "count": 5,
        "attacks": 1.0
      }
    ],
    "mitigated": 1,
    "notMitigated": 0,
    "protocol": {
      "HTTP": 0,
      "Network": 1,
      "DNS": 0
    },
    "attackSeverity": {
      "1": 0,
      "2": 1
    },
    "devicesUnderAttacks": 1,
    "devicesUnderAttacksTs": [
      {
        "timeMillis": 1584822900000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584823200000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584823500000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584823800000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584824100000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584824400000,
        "count": 0,
        "devices": 0.0
      },
      {
        "timeMillis": 1584824700000,
        "count": 0,
        "devices": 1.0
      },
      {
        "timeMillis": 1584825000000,
        "count": 0,
        "devices": 1.0
      },
      {
        "timeMillis": 1584825300000,
        "count": 0,
        "devices": 1.0
      },
      {
        "timeMillis": 1584825600000,
        "count": 0,
        "devices": 1.0
      },
      {
        "timeMillis": 1584825900000,
        "count": 0,
        "devices": 1.0
      },
      {
        "timeMillis": 1584826200000,
        "count": 0,
        "devices": 1.0
      }
    ],
    "devicesHealth": {
      "Critical": 0,
      "Moderate": 0,
      "Good": 1,
      "Other": 0
    },
    "devicesTopCPUUsage": [
      {
        "deviceName": "Tier1-Yoav_StaticIP-78.olympus.f5net.com",
        "CPUUsage": 2.5855403567190494
      }
    ],
    "virtualServersUnderAttacks": 1,
    "protectedObjectsUnderAttacksTs": [
      {
        "timeMillis": 1584822900000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584823200000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584823500000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584823800000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584824100000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584824400000,
        "count": 0,
        "virtualServers": 0.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584824700000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584825000000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584825300000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584825600000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584825900000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      },
      {
        "timeMillis": 1584826200000,
        "count": 0,
        "virtualServers": 1.0,
        "applications": 0.0
      }
    ],
    "virtualServersHealth": {
      "Critical": 0,
      "Moderate": 0,
      "Good": 3,
      "Other": 0
    },
    "applicationsUnderAttacks": 0,
    "applicationsHealth": {
      "Critical": 0,
      "Moderate": 0,
      "Good": 0,
      "Other": 0
    }
  },
  "requestDurationInMillis": 93
}