Dos Attacks Summary¶
Overview¶
A summary overview of the ongoing denial of service (DoS) attacks, the attacked BIG-IPs, and the protected objects under attack.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/DosAttacksSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/DosAttacksSummary¶
Query Parameters¶
Name | Type | Required | Description |
---|---|---|---|
default-value | number | False | The value can be 0. |
from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
protected-object-type | string | False | The protected object type can filtered by “All”, “Applications” or “Virtual Servers”. |
resolution-minutes-TS | number | False | Data values shown according to time increments in minutes. The default value is 5 minutes. |
to | string | False | Specifies time to end results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
under-attack | boolean | False | The protected object status can be filtered by protected objects that are under attack or all protected objects. The default is true, which means all protected objects. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
applicationsHealth | string | The number of applications by health status of Critical, Moderate, Good, or Other. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
applicationsUnderAttacks | number | The number of applications under attack |
attackSeverity | SeverityHistogram | The DDoS attack categorized by 2 (critical) or 1 (warning) severities |
attacksTs | object | A list of the average number of attacks over time |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
devicesUnderAttacks | number | A sum of all BIG-IPs reporting an ongoing DDoS attack |
devicesUnderAttacksTs | object | The list of the average number of BIG-IPs under attack over time |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
devicesHealth | string | The number of BIG-IPs by health status of Critical, Moderate, Good or Other. Device health can be controlled by dynamic device health rules. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
devicesTopCPUUsage | object | A list of BIG-IPs with the highest CPU values |
CPUUsage | number | The BIG-IP’s current CPU usage |
deviceName | string | The name of a BIG-IP with high CPU usage |
mitigated | number | DDoS attacks detected with a mitigating DoS profile |
notMitigated | number | DDoS attacks detected with a monitoring DoS profile |
protectedObjectsUnderAttacksTs | object | A list of the average number of protected objects (applications and virtual servers) under DDoS attack over time |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
protocol | object | The DDoS attack detected by the DoS profile was either HTTP, Network or DNS protocol |
DNS | number | The number of the currently ongoing DNS attacks |
HTTP | number | The number of the currently ongoing HTTP attacks |
Network | number | The number of the currently ongoing network attacks |
totalAttacks | number | The sum of all ongoing DDoS attacks over the defined time period |
virtualServersHealth | string | The number of virtual servers by health status of Critical, Moderate, Good, or Other. |
critical | number | The number of objects with a critical health status |
good | number | The number of objects with a good health status |
moderate | number | The number of objects with a moderate health status |
other | number | The number of objects with an unknown health status |
virtualServersUnderAttacks | number | The number of virtual servers under DDoS attack |
Permissions¶
Role | Allow |
---|---|
Security Manager | Yes |
Examples¶
GET to retrieve a summary of all attacks¶
Following is an example of a response to the default API call, with no parameters.
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllSecurityList
Response¶
{
"kind": "ap:compose:Report",
"lastUpdateMicros": 246156738473,
"result": {
"totalAttacks": 0,
"attacksTs": [],
"mitigated": 0,
"notMitigated": 0,
"protocol": {
"HTTP": 0,
"Network": 0,
"DNS": 0
},
"attackSeverity": {
"1": 0,
"2": 0
},
"devicesUnderAttacks": 0,
"devicesUnderAttacksTs": [],
"devicesHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
},
"devicesTopCPUUsage": [],
"virtualServersUnderAttacks": 0,
"protectedObjectsUnderAttacksTs": [],
"virtualServersHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
},
"applicationsUnderAttacks": 0,
"applicationsHealth": {
"Critical": 0,
"Moderate": 0,
"Good": 0,
"Other": 0
}
},
"requestDurationInMillis": 104
}