DoS Attack¶
Overview¶
Module Name in API¶
dos-attack
Product Name in API¶
device
Dimensions¶
Dimension | Name in API | Description |
---|---|---|
Virtual Server | virtual | |
DOS Profile | dos-profile-name | Name of the DoS profile used in the BIG-IP |
Attack Mitigation | attack-mitigation | The current method of mitigation taken by the BIG-IP to handle the attack |
Attack Vector | attack-vector | |
Attack Trigger | attack-trigger | Tells what triggered the BIG-IP to declare this attack |
BIG-IP Host Name | hostname | The hostname given to the BIG-IP |
Network Protocol | protocol | |
Attack ID | attack-id | A code provided by BIG-IP to this attack, the ID is per BIG-IP and should not be confused with combined attack ID of multiple BIG-IPs |
Application Service | applicationService | |
BIG-IP Blade | hostname-slot | This is a combination of a BIG-IP hostname and its blade number |
attack-id-hostname-slot | attack-id-hostname-slot | |
BIG-IP Service Cluster | dsc-name | Clusters of BIG-IPs grouped together to have the same config |
Application | applications |
MetricSets¶
Block ratio score¶
Description¶
Name In API¶
block-ratio-score
Metrics in the metricSet¶
Metric | Name in API | Unit | Description |
---|---|---|---|
Block ratio score | avg-value-per-event | % | Block ratio score |
Trigger score¶
Description¶
Name In API¶
trigger-score
Metrics in the metricSet¶
Metric | Name in API | Unit | Description |
---|---|---|---|
Trigger score | avg-value-per-event | % | Trigger score |
Examples¶
By Time Query¶
A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query
This example for JSON body in the post, filters by dimension virtual and get the avg-value-per-event of block-ratio-score
{
"kind": "ap:query:stats:byTime",
"module": "dos-attack",
"timeRange": {
"from": "-1h",
"to": "now"
},
"timeGranularity": {
"duration": 30,
"unit": "SECONDS"
},
"aggregations": {
"block-ratio-score$avg-value-per-event": {
"metricSet": "block-ratio-score",
"metric": "avg-value-per-event"
}
},
"dimensionFilter": {
"type": "eq",
"dimension": "virtual",
"value": "value to filter by"
}
}
By Entities Query¶
A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query
This example for JSON body in the post, gets top entities of type virtual, sorted by avg-value-per-event of block-ratio-score
{
"kind": "ap:query:stats:byEntities",
"module": "dos-attack",
"timeRange": {
"from": "-1H",
"to": "now"
},
"dimension": "virtual",
"sortMetric": "block-ratio-score$avg-value-per-event",
"sortOrder": "desc",
"aggregations": {
"block-ratio-score$avg-value-per-event": {
"metricSet": "block-ratio-score",
"metric": "avg-value-per-event"
}
},
"limit": 5
}
Entities Count Query¶
An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/device/metric-query
This example for JSON body in the post, gets the distinct count of entities of type virtual
{
"kind": "ap:query:stats:entitiesCount",
"module": "dos-attack",
"dimension": "virtual",
"timeRange": {
"from": "-1h",
"to": "now"
}
}