Virtual Server Dos Protection Summary¶
Overview¶
A summary overview of the ongoing denial of service (DoS) attacks, and related metrics for a protected virtual server.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary¶
Query Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| $protectedObjectId | boolean | true | Specifies the protected virtual server unique identifier. |
| $l7Protocol | string | false | Specifies the protected virtual server L7 protocol. |
| $from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
| $resolution-minutes-TS | number | False | Data values shown according to time increments in minutes. The default value is 5 minutes. |
| $to | string | False | Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| totalAttacks | number | Ongoing DoS attacks. |
| attacksTs | object | Average number of ongoing DoS attacks over time. |
| count | number | The number of data samples collected in the specific time slot. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| attacks | number | The average number of ongoing DoS attacks for the specific time slot. |
| mitigated | number | Ongoing DoS attacks detected with a mitigating DoS profile. |
| notMitigated | number | Ongoing DoS attacks detected with a monitoring DoS profile. |
| protocol | object | The current count of ongoing DoS attack by the attacked protocol. |
| DNS | number | The number of the currently ongoing DNS attacks. |
| HTTP | number | The number of the currently ongoing HTTP attacks. |
| Network | number | The number of the currently ongoing network attacks. |
| attackSeverity | SeverityHistogram | The number of ongoing DoS attacks categorized by 2 (critical) or 1 (warning) severities. |
| connections | number | The number of open connections. |
| connectionsTs | object | The number of open connections over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| connections | number | The average number of open connections for the specific time slot. |
| bitsPerSecond | number | The average number of bits per second. |
| bitsPerSecondTs | object | The average number of bits per second over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| bitsPerSecond | number | The average number of bits per second for the specific time slot. |
| packetsPerSecond | number | The average number of packets per second. |
| packetsPerSecondTs | object | The average number of packets per second over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| packetsPerSecond | number | The average number of packets per second for the specific time slot. |
| requestsPerSecond | number | The average number of DNS requests per second. |
| requestsPerSecondTs | object | The average number of DNS requests per second over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| requestsPerSecond | number | The average number of DNS requests per second for the specific time slot. |
| transactionsPerSecond | number | The average number of HTTP transactions per second. |
| transactionsPerSecondTs | object | The average number of HTTP transactions per second over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| transactionsPerSecond | number | The average number of HTTP transactions per second for the specific time slot. |
| responseTime | number | The average number of HTTP application response time. |
| responseTimeTs | object | The average number of HTTP application response time over time. |
| timeMillis | number | The end time of the specific time slot within the time period. |
| count | number | The number of data samples collected in the specific time slot. |
| responseTime | number | The average number of HTTP application response time for the specific time slot. |
| devicesUnderAttacks | number | The number of devices reporting ongoing DoS attacks. |
| attackVector | Map | Top attack vectors by transactions or requests per second. |
| sourceCountries | Map | Top source countries by transactions or requests per second. |
| alertsHistory | object | Summary of the application service’s active alerts history. |
| id | string | The alert’s unique identifier. |
| title | string | A short description of the alert. |
| startTime | number | The time in which the alert was raised. |
| timestamp | number | The time in which the alert was updated. |
| severity | string | The severity of the alert. |
| severityLevel | number | The severity’s numeric value. |
Permissions¶
| Role | Allow |
|---|---|
| Security Manager | Yes |
| Network Security Viewer | Yes |
| Network Security Manager | Yes |
Examples¶
GET to retrieve DoD protection summary¶
Following is an example of a response to the default API call, with no parameters.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary?$protectedObjectId=2066c13c-4de8-3f17-9244-1763ede03359
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 11010554786,
"result": {
"totalAttacks": 1,
"attacksTs": [
{
"timeMillis": 1584825900000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826200000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826500000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826800000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827100000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827400000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827700000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828000000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828300000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828600000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828900000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584829200000,
"count": 5,
"attacks": 1.0
}
],
"mitigated": 1,
"notMitigated": 0,
"protocol": {
"HTTP": 0,
"Network": 1,
"DNS": 0
},
"attackSeverity": {
"1": 0,
"2": 1
},
"connectionsTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"connections": 48.06666015625
},
{
"timeMillis": 1584826200000,
"count": 0,
"connections": 47.900009765625
},
{
"timeMillis": 1584826500000,
"count": 0,
"connections": 47.866669921875
},
{
"timeMillis": 1584826800000,
"count": 0,
"connections": 47.9
},
{
"timeMillis": 1584827100000,
"count": 0,
"connections": 47.96666015625
},
{
"timeMillis": 1584827400000,
"count": 0,
"connections": 48.200009765625
},
{
"timeMillis": 1584827700000,
"count": 0,
"connections": 47.7
},
{
"timeMillis": 1584828000000,
"count": 0,
"connections": 48.2
},
{
"timeMillis": 1584828300000,
"count": 0,
"connections": 48.066650390625
},
{
"timeMillis": 1584828600000,
"count": 0,
"connections": 48.033330078125
},
{
"timeMillis": 1584828900000,
"count": 0,
"connections": 48.133330078125
},
{
"timeMillis": 1584829200000,
"count": 0,
"connections": 47.96666015625
},
{
"timeMillis": 1584829320000,
"count": 0,
"connections": 48.1666748046875
}
],
"connections": 48.1666748046875,
"bitsPerSecondTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"bitsPerSecond": 2703.5866666666666
},
{
"timeMillis": 1584826200000,
"count": 0,
"bitsPerSecond": 2705.72
},
{
"timeMillis": 1584826500000,
"count": 0,
"bitsPerSecond": 2703.883333333333
},
{
"timeMillis": 1584826800000,
"count": 0,
"bitsPerSecond": 2694.1466666666665
},
{
"timeMillis": 1584827100000,
"count": 0,
"bitsPerSecond": 2700.9333333333334
},
{
"timeMillis": 1584827400000,
"count": 0,
"bitsPerSecond": 2703.306666666667
},
{
"timeMillis": 1584827700000,
"count": 0,
"bitsPerSecond": 2708.883333333333
},
{
"timeMillis": 1584828000000,
"count": 0,
"bitsPerSecond": 2707.3166666666666
},
{
"timeMillis": 1584828300000,
"count": 0,
"bitsPerSecond": 2703.95
},
{
"timeMillis": 1584828600000,
"count": 0,
"bitsPerSecond": 2693.443333333333
},
{
"timeMillis": 1584828900000,
"count": 0,
"bitsPerSecond": 2714.923333333333
},
{
"timeMillis": 1584829200000,
"count": 0,
"bitsPerSecond": 2704.213333333333
},
{
"timeMillis": 1584829320000,
"count": 0,
"bitsPerSecond": 2696.7166666666667
}
],
"bitsPerSecond": 2696.7166666666667,
"packetsPerSecondTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584826200000,
"count": 0,
"packetsPerSecond": 36.02
},
{
"timeMillis": 1584826500000,
"count": 0,
"packetsPerSecond": 36.01
},
{
"timeMillis": 1584826800000,
"count": 0,
"packetsPerSecond": 35.87
},
{
"timeMillis": 1584827100000,
"count": 0,
"packetsPerSecond": 35.97
},
{
"timeMillis": 1584827400000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584827700000,
"count": 0,
"packetsPerSecond": 36.06
},
{
"timeMillis": 1584828000000,
"count": 0,
"packetsPerSecond": 36.06
},
{
"timeMillis": 1584828300000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584828600000,
"count": 0,
"packetsPerSecond": 35.87
},
{
"timeMillis": 1584828900000,
"count": 0,
"packetsPerSecond": 36.15
},
{
"timeMillis": 1584829200000,
"count": 0,
"packetsPerSecond": 36.01
},
{
"timeMillis": 1584829320000,
"count": 0,
"packetsPerSecond": 35.9
}
],
"packetsPerSecond": 35.9,
"requestsPerSecondTs": [],
"requestsPerSecond": 0.0,
"responseTimeTs": [],
"responseTime": 0.0,
"transactionsPerSecondTs": [],
"transactionsPerSecond": 0.0,
"attackVector": {
"TCP SYN flood": 88.65,
"TCP Push Flood": 8.0
},
"sourceCountries": {
"N/A": 96.65
},
"alertsHistory": [
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829380452,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829380452
}
},
{
"id": "GUID value",
"publish": "true",
"title": "Raw DoS attack notification for attack ID: 1368567163",
"startTime": 1584824700282,
"timestamp": 1584829380244,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829380244
}
},
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829320650,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829320650
}
},
{
"id": "GUID value",
"publish": "true",
"title": "Raw DoS attack notification for attack ID: 1368567163",
"startTime": 1584824700282,
"timestamp": 1584829320436,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829320436
}
},
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829260415,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829260415
}
}
]
},
"requestDurationInMillis": 85
}