DDoS Attacks per BIG-IP

Overview

A list of all ongoing DDoS attacks over a period of time for a selected BIG-IP.

REST Endpoint: /mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList

Requests

GET /mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList

Query Parameters

Name Type Required Description
device string False The name of the selected BIG-IP under DDoS attack.
filter query option null Specifies a string or integer used to filter the results. You can filter based on one or more parameters.
from string False Specifies time to start results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time.
orderby string False Specifies the sorting parameter and order to apply to results. You can sort by attackID, protectedObject, dosProfileName, severity, attackMitigationId, protocol, or detectionMode. The sort order can be ascending (asc) or descending (desc). The default value is “startTime asc”, which sorts by startTime in ascending order.
to string False Specifies time to end results. The default uses the values of “-1d” for from and “now” for to, which starts from 1 day before the current time and ends at the current time.
top number False Specify the maximum number of results in the ordered list. The default value is 10.
skip number False Specifies the number of results in the ordered list to skip. The default value of skip is 0, meaning none are skipped and the results range from 1 to the top value.

Response

HTTP/1.1 200 OK

Name Type Description
items object The items that appear in the query.
     attackID string The attack’s unique identifier.
     attackMitigationId string The identifier of the mitigation type applied to the attack.
     detectionMode string The attack’s detection mode.
     dosProfiles object The DoS profile that detected the attack.
          id string The profile’s unique identifier.
          link string The link to the profile.
          name string The profile’s name.
          partition string The partition assigned to the profile.
     dosProfileName string The name of the DoS profile that detected the attack.
     protectedObject string The protected object that was attacked.
     protectedObjectId string The unique identifier of the attacked protected object.
     protectedObjectType string The type of protected object attacked.
     protocol string The protocol that detected the attack.
     severity string The severity of the attack.
     startTime number The time the attack was first detected.
itemsPerPage number The number of items per page.
pageIndex number The chronological page number as of which to display query results.
startIndex number The chronological item number as of which to display query results.
total number The total number of items queried.
totalPages number The total number of pages in the query result.

Permissions

Role Allow
Security Manager Yes

Examples

GET to retrieve all the attacks that currently take place on a specific BIG-IP

The following example returns the top 50 items ordered by the severity in ascending order.

GET https://<BIG-IQ>/mgmt/ap/query/v1/tenants/default/reports/AllAttacksPerDeviceList?$device=Tier1-Stav_StaitcIP-75.olympus.f5net.com&$orderby=severity asc&$skip=0&$top=50

Response

{
    "kind": "ap:compose:Report",
    "lastUpdateMicros": 1661152366249,
    "result": {
            "totalItems": 1,
            "items": [{
                    "attackID": "DNS_dnsLicener1_dnsProfile_19/02/26,14:44",
                    "severity": "Critical",
                    "protectedObject": "/Common/dnsLicener1",
                    "protectedObjectType": "Virtual Server",
                    "protectedObjectId": "61a4ca0f-769a-37f6-a691-3b7eb7051214",
                    "detectionMode": "Volumetric, Aggregated across all SrcIP's, VS-Specific attack, metric:PPS",
                    "attackMitigationId": "Blocked",
                    "protocol": "DNS",
                    "attackVector": "DNS A Query",
                    "startTime": 1551185042133,
                    "dosProfiles": [{
                            "id": "35f46214-996e-3a19-84e4-caa5d0aafec6",
                            "name": "dnsProfile",
                            "link": "https://localhost/mgmt/cm/security-shared/working-config/dos-profiles/35f46214-996e-3a19-84e4-caa5d0aafec6",
                            "partition": "Common"
                    }],
                    "dosProfileName": "dnsProfile"
            }],
            "itemsPerPage": 0,
            "startIndex": 0,
            "totalPages": 0,
            "pageIndex": 0,
            "currentItemCount": 1
    },
    "requestDurationInMillis": 1881
}