Version notice:
Network DDoS Attacks Summary¶
Overview¶
A summary overview of an ongoing Network DDoS attack’s data.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/NetworkCorrelatedAttackDetailsSummary¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/NetworkCorrelatedAttackDetailsSummary¶
Query Parameters¶
Name | Type | Default | Description |
---|---|---|---|
id | string | False | The unique identifier of the correlated attack. |
from | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
to | string | False | Specifies time to start results. The default uses the values of “-1h” for from and “now” for to, which starts from 1 hour before the current time and ends at the current time. |
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
alertsHistory | object | A list of the attack’s summary information. For more information see AlertHistoryInfo. |
id | string | The alert’s unique identifier. |
severity | string | The severity based on reported threshold values. |
timestamp | number | The time in which the alert was updated. |
title | string | A short description of the alert. |
allTransactionsTs | object | A list of the average number of transactions detected over time. |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
attackVector | string | The the type of attack detected by the DoS profile. |
blockedTransactionsTs | object | A list of the average number of blocked transactions detected over time. |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
currAllTransactions | Double | The average number of transactions per second detected over the past 5 minutes. |
currBlockedTransactions | Double | The average number of blocked transactions per second detected over the past 5 minutes. |
currIncompleteTransactions | Double | The average number of incomplete transactions per second detected over the past 5 minutes. |
dosProfile | string | The DoS profile that detected the attack. |
duration | number | The length of time for a detected DoS attack. |
endTime | number | The time in which the DoS profile no longer detects the DoS attack, indicating the end of the attack. |
id | string | The attack’s unique identifier. |
incompleteTransactionsTs | object | A list of the average number of incomplete transactions detected over time. |
count | number | The value during a data collection at the time stamp. |
timeMillis | number | The data collection time stamp. |
mitigation | string | The mitigation action that was applied by the DoS profile. |
protectedObject | string | The reported object targeted by the DoS attack. |
protocol | string | The traffic connection layer detected as the target for the DoS attack. This can include either HTTP, DNS or Network targets. |
severity | string | The severity based on reported threshold values. |
startTime | number | The initial time the DoS profile detected a DoS attack. |
status | string | The indication of whether the attack is ongoing or has ended. Possible values: “Active” or “Ended”. |
trigger | string | The attack properties detected by the DoS profile. |
Permissions¶
Role | Allow |
---|---|
Security Manager | Yes |
Examples¶
None