Dos Attacks Summary¶
Overview¶
A summary overview of the ongoing denial of service (DoS) attacks, the attacked BIG-IPs, and the protected objects under attack.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/DosAttacksSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/DosAttacksSummary¶
Query Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| default-value | number | False | The value can be 0. |
| from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
| protected-object-type | string | False | The protected object type can filtered by “All”, “Applications” or “Virtual Servers”. |
| resolution-minutes-TS | number | False | Data values shown according to time increments in minutes. The default value is 5 minutes. |
| to | string | False | Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
| under-attack | boolean | False | The protected object status can be filtered by protected objects that are under attack or all protected objects. The default is true, which means all protected objects. |
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| applicationsHealth | string | The number of applications by health status of Critical, Moderate, Good, or Other. |
| critical | number | The number of objects with a critical health status |
| good | number | The number of objects with a good health status |
| moderate | number | The number of objects with a moderate health status |
| other | number | The number of objects with an unknown health status |
| applicationsUnderAttacks | number | The number of applications under attack |
| attackSeverity | SeverityHistogram | The DDoS attack categorized by 2 (critical) or 1 (warning) severities |
| attacksTs | object | A list of the average number of attacks over time |
| count | number | The value during a data collection at the time stamp. |
| timeMillis | number | The data collection time stamp. |
| devicesUnderAttacks | number | A sum of all BIG-IPs reporting an ongoing DDoS attack |
| devicesUnderAttacksTs | object | The list of the average number of BIG-IPs under attack over time |
| count | number | The value during a data collection at the time stamp. |
| timeMillis | number | The data collection time stamp. |
| devicesHealth | string | The number of BIG-IPs by health status of Critical, Moderate, Good or Other. Device health can be controlled by dynamic device health rules. |
| critical | number | The number of objects with a critical health status |
| good | number | The number of objects with a good health status |
| moderate | number | The number of objects with a moderate health status |
| other | number | The number of objects with an unknown health status |
| devicesTopCPUUsage | object | A list of BIG-IPs with the highest CPU values |
| CPUUsage | number | The BIG-IP’s current CPU usage |
| deviceName | string | The name of a BIG-IP with high CPU usage |
| mitigated | number | DDoS attacks detected with a mitigating DoS profile |
| notMitigated | number | DDoS attacks detected with a monitoring DoS profile |
| protectedObjectsUnderAttacksTs | object | A list of the average number of protected objects (applications and virtual servers) under DDoS attack over time |
| count | number | The value during a data collection at the time stamp. |
| timeMillis | number | The data collection time stamp. |
| protocol | object | The DDoS attack detected by the DoS profile was either HTTP, Network or DNS protocol |
| DNS | number | The number of the currently ongoing DNS attacks |
| HTTP | number | The number of the currently ongoing HTTP attacks |
| Network | number | The number of the currently ongoing network attacks |
| totalAttacks | number | The sum of all ongoing DDoS attacks over the defined time period |
| virtualServersHealth | string | The number of virtual servers by health status of Critical, Moderate, Good, or Other. |
| critical | number | The number of objects with a critical health status |
| good | number | The number of objects with a good health status |
| moderate | number | The number of objects with a moderate health status |
| other | number | The number of objects with an unknown health status |
| virtualServersUnderAttacks | number | The number of virtual servers under DDoS attack |
Permissions¶
| Role | Allow |
|---|---|
| Security Manager | Yes |
Examples¶
GET to retrieve a summary of all attacks¶
Following is an example of a response to the default API call, with no parameters.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllSecurityList
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 246156738473,
"result": {
"totalAttacks": 0,
"attacksTs": [],
"mitigated": 0,
"notMitigated": 0,
"protocol": {
"HTTP": 0,
"Network": 0,
"DNS": 0
},
"attackSeverity": {
"1": 0,
"2": 0
},
"devicesUnderAttacks": 0,
"devicesUnderAttacksTs": [],
"devicesHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
},
"devicesTopCPUUsage": [],
"virtualServersUnderAttacks": 0,
"protectedObjectsUnderAttacksTs": [],
"virtualServersHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
},
"applicationsUnderAttacks": 0,
"applicationsHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
}
},
"requestDurationInMillis": 104
}