IPS Events¶
Overview¶
Module Name in API¶
bigip-ips
Product Name in API¶
local-traffic
Dimensions¶
| Dimension | Name in API | Description |
|---|---|---|
| Profile Name | profile-name | |
| Country | country | Client Country |
| Virtual Server | virtual | |
| BIG-IP Blade Number | slot-id | Used for BIG-IP Chassis with multiple blades. A value of 0 means this is a non chassis BIG-IP, any other value tells the serial number of the blade in the chassis |
| Inspection ID | inspection-id | |
| Client IP | client-ip | |
| Accuracy | accuracy | |
| Attack Type | attack-type | |
| Destination Ip | destination-ip | |
| Inspection Name | inspection-name | |
| BIG-IP Host Name | hostname | The hostname given to the BIG-IP |
| Network Protocol | protocol | |
| Service | service | |
| Destination Port | destination-port | |
| Attack Risk | risk | |
| Vlan Name | vlan-name | |
| Performance Impact | performance-impact | |
| Action | security-action | The action a security module took with this transaction/packet, such as allow or block |
MetricSets¶
Matched Events Count¶
Description¶
Number of occurrences a event was matched
Name In API¶
matched-events-count
Metrics in the metricSet¶
| Metric | Name in API | Unit | Description |
|---|---|---|---|
| Events Count | count | conns | Total number of matched events |
| Avg Matched events/s | avg-count-per-sec | conns/s | Average number of matched events per second |
Examples¶
By Time Query¶
A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, filters by dimension profile-name and get the count of matched-events-count
{
"kind": "ap:query:stats:byTime",
"module": "bigip-ips",
"timeRange": {
"from": "-1h",
"to": "now"
},
"timeGranularity": {
"duration": 30,
"unit": "SECONDS"
},
"aggregations": {
"matched-events-count$count": {
"metricSet": "matched-events-count",
"metric": "count"
}
},
"dimensionFilter": {
"type": "eq",
"dimension": "profile-name",
"value": "value to filter by"
}
}
By Entities Query¶
A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets top entities of type profile-name, sorted by count of matched-events-count
{
"kind": "ap:query:stats:byEntities",
"module": "bigip-ips",
"timeRange": {
"from": "-1H",
"to": "now"
},
"dimension": "profile-name",
"sortMetric": "matched-events-count$count",
"sortOrder": "desc",
"aggregations": {
"matched-events-count$count": {
"metricSet": "matched-events-count",
"metric": "count"
}
},
"limit": 5
}
Entities Count Query¶
An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets the distinct count of entities of type profile-name
{
"kind": "ap:query:stats:entitiesCount",
"module": "bigip-ips",
"dimension": "profile-name",
"timeRange": {
"from": "-1h",
"to": "now"
}
}