DDoS Attacks List¶
Overview¶
A list of all ongoing DDoS attacks over a specified period of time.
REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/AllAttacksList¶
Requests¶
GET /mgmt/ap/query/v1/tenants/default/reports/AllAttacksList¶
Query Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| filter | string | null | Specifies a string or integer used to filter the results. You can filter by all or a specific parameter. |
| from | string | False | Specifies time to start results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
| orderby | string | False | Specifies the sorting parameter and order to apply to results. You can sort by attackID, protectedObject, dosProfileName, severity, attackMitigationId, protocol or detectionMode. The sort order can be ascending (asc) or descending (desc). The default value is “startTime asc”, which sorts by startTime in ascending order. |
| skip | number | False | Specifies the number of results in the ordered list to skip. The default value of skip is 0, meaning none are skipped and the results range from 1 to the top value. |
| to | string | False | Specifies time to end results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time. |
| top | number | False | Specify the maximum number of results in the ordered list. The default value is 10. |
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| items | object | The items that appear in the query. |
| attackID | string | The attack’s unique identifier. |
| attackMitigationId | string | The identifier of the mitigation type applied to the attack. |
| detectionMode | string | The attack’s detection mode. |
| dosProfiles | object | The DoS profile that detected the attack. |
| id | string | The profile’s unique identifier. |
| link | string | The link to the profile. |
| name | string | The profile’s name. |
| partition | string | The partition assigned to the profile. |
| dosProfileName | string | The name of the DoS profile that detected the attack. |
| protectedObject | string | The protected object that was attacked. |
| protectedObjectId | string | The unique identifier of the attacked protected object. |
| protectedObjectType | string | The type of protected object attacked. |
| protocol | string | The protocol that detected the attack. |
| severity | string | The severity of the attack. |
| startTime | Long | The time the attack was first detected. |
| itemsPerPage | number | The number of items per page. |
| pageIndex | number | The chronological page number as of which to display query results. |
| startIndex | number | The chronological item number as of which to display query results. |
| total | number | The total number of items queried. |
| totalPages | number | The total number of pages in the query result. |
Permissions¶
| Role | Allow |
|---|---|
| Security Manager | Yes |
Examples¶
GET to retrieve list of all ongoing DDoS attacks over a specified period of time¶
GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllAttacksList
Following is an example of a response to the default API call, with no parameters.
Response¶
"kind": "ap:compose:Report",
"lastUpdateMicros": 524251815112,
"result": {
"totalItems": 1,
"items": [{
"attackID": "HTTP_dosApp2vs1_HttpDosProfile_blocking_19/01/15,16:18",
"severity": "Critical",
"protectedObject": "/Common/dosApp2/dosApp2vs1",
"protectedObjectType": "Virtual Server",
"protectedObjectId": "2e3065cc-979b-33c6-97fa-41993f685fe4",
"detectionMode": "Source IP Volumetric TPS",
"attackMitigationId": "Rate Limit",
"protocol": "HTTP",
"startTime": 1547561881006,
"dosProfiles": [{
"id": "00857546-19c6-354e-b2be-3b4b52a02c1e",
"name": "HttpDosProfile_blocking",
"link": "https://localhost/mgmt/cm/security-shared/working-config/dos-profiles/00857546-19c6-354e-b2be-3b4b52a02c1e",
"partition": "Common"
}],
"dosProfileName": "HttpDosProfile_blocking"
}],
"itemsPerPage": 50,
"startIndex": 0,
"totalPages": 1,
"pageIndex": 0,
"currentItemCount": 1
},
"requestDurationInMillis": 515
}