Virtual Server Dos Protection Summary¶
Overview¶
A summary overview of the ongoing denial of service (DoS) attacks, and related metrics for a protected virtual server.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary¶
Query Parameters¶
Name | Type | Required | Description |
---|---|---|---|
$protectedObjectId | boolean | true | Specifies the protected virtual server unique identifier. |
$l7Protocol | string | false | Specifies the protected virtual server L7 protocol. |
$from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
$resolution-minutes-TS | number | False | Data values shown according to time increments in minutes. The default value is 5 minutes. |
$to | string | False | Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
totalAttacks | number | Ongoing DoS attacks. |
attacksTs | object | Average number of ongoing DoS attacks over time. |
count | number | The number of data samples collected in the specific time slot. |
timeMillis | number | The end time of the specific time slot within the time period. |
attacks | number | The average number of ongoing DoS attacks for the specific time slot. |
mitigated | number | Ongoing DoS attacks detected with a mitigating DoS profile. |
notMitigated | number | Ongoing DoS attacks detected with a monitoring DoS profile. |
protocol | object | The current count of ongoing DoS attack by the attacked protocol. |
DNS | number | The number of the currently ongoing DNS attacks. |
HTTP | number | The number of the currently ongoing HTTP attacks. |
Network | number | The number of the currently ongoing network attacks. |
attackSeverity | SeverityHistogram | The number of ongoing DoS attacks categorized by 2 (critical) or 1 (warning) severities. |
connections | number | The number of open connections. |
connectionsTs | object | The number of open connections over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
connections | number | The average number of open connections for the specific time slot. |
bitsPerSecond | number | The average number of bits per second. |
bitsPerSecondTs | object | The average number of bits per second over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
bitsPerSecond | number | The average number of bits per second for the specific time slot. |
packetsPerSecond | number | The average number of packets per second. |
packetsPerSecondTs | object | The average number of packets per second over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
packetsPerSecond | number | The average number of packets per second for the specific time slot. |
requestsPerSecond | number | The average number of DNS requests per second. |
requestsPerSecondTs | object | The average number of DNS requests per second over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
requestsPerSecond | number | The average number of DNS requests per second for the specific time slot. |
transactionsPerSecond | number | The average number of HTTP transactions per second. |
transactionsPerSecondTs | object | The average number of HTTP transactions per second over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
transactionsPerSecond | number | The average number of HTTP transactions per second for the specific time slot. |
responseTime | number | The average number of HTTP application response time. |
responseTimeTs | object | The average number of HTTP application response time over time. |
timeMillis | number | The end time of the specific time slot within the time period. |
count | number | The number of data samples collected in the specific time slot. |
responseTime | number | The average number of HTTP application response time for the specific time slot. |
devicesUnderAttacks | number | The number of devices reporting ongoing DoS attacks. |
attackVector | Map | Top attack vectors by transactions or requests per second. |
sourceCountries | Map | Top source countries by transactions or requests per second. |
alertsHistory | object | Summary of the application service’s active alerts history. |
id | string | The alert’s unique identifier. |
title | string | A short description of the alert. |
startTime | number | The time in which the alert was raised. |
timestamp | number | The time in which the alert was updated. |
severity | string | The severity of the alert. |
severityLevel | number | The severity’s numeric value. |
Permissions¶
Role | Allow |
---|---|
Security Manager | Yes |
Network Security Viewer | Yes |
Network Security Manager | Yes |
Examples¶
GET to retrieve DoD protection summary¶
Following is an example of a response to the default API call, with no parameters.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/VsDosProtectionSummary?$protectedObjectId=2066c13c-4de8-3f17-9244-1763ede03359
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 11010554786,
"result": {
"totalAttacks": 1,
"attacksTs": [
{
"timeMillis": 1584825900000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826200000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826500000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584826800000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827100000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827400000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584827700000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828000000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828300000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828600000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584828900000,
"count": 5,
"attacks": 1.0
},
{
"timeMillis": 1584829200000,
"count": 5,
"attacks": 1.0
}
],
"mitigated": 1,
"notMitigated": 0,
"protocol": {
"HTTP": 0,
"Network": 1,
"DNS": 0
},
"attackSeverity": {
"1": 0,
"2": 1
},
"connectionsTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"connections": 48.06666015625
},
{
"timeMillis": 1584826200000,
"count": 0,
"connections": 47.900009765625
},
{
"timeMillis": 1584826500000,
"count": 0,
"connections": 47.866669921875
},
{
"timeMillis": 1584826800000,
"count": 0,
"connections": 47.9
},
{
"timeMillis": 1584827100000,
"count": 0,
"connections": 47.96666015625
},
{
"timeMillis": 1584827400000,
"count": 0,
"connections": 48.200009765625
},
{
"timeMillis": 1584827700000,
"count": 0,
"connections": 47.7
},
{
"timeMillis": 1584828000000,
"count": 0,
"connections": 48.2
},
{
"timeMillis": 1584828300000,
"count": 0,
"connections": 48.066650390625
},
{
"timeMillis": 1584828600000,
"count": 0,
"connections": 48.033330078125
},
{
"timeMillis": 1584828900000,
"count": 0,
"connections": 48.133330078125
},
{
"timeMillis": 1584829200000,
"count": 0,
"connections": 47.96666015625
},
{
"timeMillis": 1584829320000,
"count": 0,
"connections": 48.1666748046875
}
],
"connections": 48.1666748046875,
"bitsPerSecondTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"bitsPerSecond": 2703.5866666666666
},
{
"timeMillis": 1584826200000,
"count": 0,
"bitsPerSecond": 2705.72
},
{
"timeMillis": 1584826500000,
"count": 0,
"bitsPerSecond": 2703.883333333333
},
{
"timeMillis": 1584826800000,
"count": 0,
"bitsPerSecond": 2694.1466666666665
},
{
"timeMillis": 1584827100000,
"count": 0,
"bitsPerSecond": 2700.9333333333334
},
{
"timeMillis": 1584827400000,
"count": 0,
"bitsPerSecond": 2703.306666666667
},
{
"timeMillis": 1584827700000,
"count": 0,
"bitsPerSecond": 2708.883333333333
},
{
"timeMillis": 1584828000000,
"count": 0,
"bitsPerSecond": 2707.3166666666666
},
{
"timeMillis": 1584828300000,
"count": 0,
"bitsPerSecond": 2703.95
},
{
"timeMillis": 1584828600000,
"count": 0,
"bitsPerSecond": 2693.443333333333
},
{
"timeMillis": 1584828900000,
"count": 0,
"bitsPerSecond": 2714.923333333333
},
{
"timeMillis": 1584829200000,
"count": 0,
"bitsPerSecond": 2704.213333333333
},
{
"timeMillis": 1584829320000,
"count": 0,
"bitsPerSecond": 2696.7166666666667
}
],
"bitsPerSecond": 2696.7166666666667,
"packetsPerSecondTs": [
{
"timeMillis": 1584825900000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584826200000,
"count": 0,
"packetsPerSecond": 36.02
},
{
"timeMillis": 1584826500000,
"count": 0,
"packetsPerSecond": 36.01
},
{
"timeMillis": 1584826800000,
"count": 0,
"packetsPerSecond": 35.87
},
{
"timeMillis": 1584827100000,
"count": 0,
"packetsPerSecond": 35.97
},
{
"timeMillis": 1584827400000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584827700000,
"count": 0,
"packetsPerSecond": 36.06
},
{
"timeMillis": 1584828000000,
"count": 0,
"packetsPerSecond": 36.06
},
{
"timeMillis": 1584828300000,
"count": 0,
"packetsPerSecond": 36.0
},
{
"timeMillis": 1584828600000,
"count": 0,
"packetsPerSecond": 35.87
},
{
"timeMillis": 1584828900000,
"count": 0,
"packetsPerSecond": 36.15
},
{
"timeMillis": 1584829200000,
"count": 0,
"packetsPerSecond": 36.01
},
{
"timeMillis": 1584829320000,
"count": 0,
"packetsPerSecond": 35.9
}
],
"packetsPerSecond": 35.9,
"requestsPerSecondTs": [],
"requestsPerSecond": 0.0,
"responseTimeTs": [],
"responseTime": 0.0,
"transactionsPerSecondTs": [],
"transactionsPerSecond": 0.0,
"attackVector": {
"TCP SYN flood": 88.65,
"TCP Push Flood": 8.0
},
"sourceCountries": {
"N/A": 96.65
},
"alertsHistory": [
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829380452,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829380452
}
},
{
"id": "GUID value",
"publish": "true",
"title": "Raw DoS attack notification for attack ID: 1368567163",
"startTime": 1584824700282,
"timestamp": 1584829380244,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829380244
}
},
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829320650,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829320650
}
},
{
"id": "GUID value",
"publish": "true",
"title": "Raw DoS attack notification for attack ID: 1368567163",
"startTime": 1584824700282,
"timestamp": 1584829320436,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829320436
}
},
{
"id": "GUID value",
"publish": "true",
"title": "DoS Attack status change",
"startTime": 1584824700512,
"timestamp": 1584829260415,
"severity": "Critical",
"severityLevel": 2,
"timeWindow": {
"timeInterval": 0,
"end": 1584829260415
}
}
]
},
"requestDurationInMillis": 85
}