F5® BIG-IP® Next Central Manager API Specifications

Overview

This is the BIG-IP Next Central Manager API documentation.

F5® BIG-IP® Next Central Manager API

F5® BIG-IP® Next Central Manager API

Download OpenAPI specification:Download

The F5® BIG-IP® Next Central Manager API is F5's single front-end API for all services and resources in BIG-IP Next. F5 has undertaken to design it to ensure the APIs are in duty, meaningful, and following the best industry practices. You can consider the object model discussed in this documentation as reflecting a consistent and logical view of how to see resources, manage configurations, and view the actual system state of your BIG-IP Next.

Alerts

Alerts APIs may operate on alert resources of the F5® BIG-IP® Next Central Manager.

Retrieve all alerts

Retrieves a list of all the alerts and notifications.

query Parameters
limit
integer >= 1
Default: 1000
Examples:
  • limit=1000 - return up to 1000 items per page

Limits the number of items to return per page.

page
integer >= 1
Default: 1
Examples:
  • page=1 - return page number 1

The number of the page to return. Ignored if limit parameter is absent.

sort
string
Examples:
  • sort=address,hostname - two column ascending sort
  • sort=-hostname - single column descending sort
  • sort=address,-hostname - mixed ascending/descending sort

The column names used to sort results. Prefix the name with a minus to request a descending order of sort.

select
string
Examples:
  • select=name,state,status - selected column names

The names of the specific fields to return.

filter
string
Examples:
  • filter=status eq 'completed' - query by equality
  • filter=hostname startswith 'mbip' - query by string
  • filter=port gte 80 - query by numerical condition

Filter conditions for result queries. You can query by equality, string, or numerical conditions.

expand
string
Examples:
  • expand=notification_configurations,name - array column names

The column names used for filtering array elements in the result query.Ignored if filer parameter is absent.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "_embedded": {
    }
}

Save aggregated alerts

Request to save the aggregated alerts from aggregator services.

Request Body schema: application/json
required
required
Array of objects (CreateAlert)

alerts

Responses

Request samples

Content type
application/json
{
  • "alerts": [
    ]
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Retrieve alert

Retrieves a specific alert.

path Parameters
id
required
string <uuid>

uuid of alert

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "type_id": "d9779ea4-ba95-4824-86d7-4f1ac083a564",
  • "notification_configurations": [
    ],
  • "name": "string",
  • "level": "INFO",
  • "status": "ACTIVE",
  • "source": "string",
  • "start_time": "string",
  • "end_time": "string",
  • "summary": "string",
  • "description": "string",
  • "help_link": "string",
  • "object_name": "string",
  • "object_type": "string",
  • "additional_information": { },
  • "_links": {
    }
}

Inactivate multiple alerts

Inactivates multiple alerts.

Request Body schema: application/json
required
alerts
required
Array of strings <uuid> [ items <uuid > ]

alert ids

Responses

Request samples

Content type
application/json
{
  • "alerts": [
    ]
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Store alert types

Stores alert types.

Request Body schema: application/json
required
name
required
string non-empty

alert type name

source
required
string non-empty

feature name who is source of this type

level
required
string (AlertLevel)
Enum: "INFO" "WARNING" "SEVERE"

alert severity

help_link
string

help link

object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "source": "string",
  • "level": "INFO",
  • "help_link": "string",
  • "notifications": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Update alert type

Updates alert type by name and source.

Request Body schema: application/json
required
name
required
string non-empty

alert type name

source
required
string non-empty

feature name who is source of this type

level
string (AlertLevel)
Enum: "INFO" "WARNING" "SEVERE"

alert severity

help_link
string

help link

object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "source": "string",
  • "level": "INFO",
  • "help_link": "string",
  • "notifications": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Delete alert type

Deletes alert type.

Request Body schema: application/json
required
name
required
string

alert type name

source
required
string

feature name who is source of this type

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "source": "string"
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Retrieve all alert types

Retrieves a list of all the alert types.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "_embedded": {
    }
}

Add alert types

Adds alert types.

Request Body schema: application/json
required
Array
name
required
string non-empty

alert type name

source
required
string non-empty

feature name who is source of this type

level
required
string (AlertLevel)
Enum: "INFO" "WARNING" "SEVERE"

alert severity

help_link
string

help link

object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/hal+json
[
  • {
    }
]

Update an alert types

Updates an alert type by name and source.

Request Body schema: application/json
required
Array
name
required
string non-empty

alert type name

source
required
string non-empty

feature name who is source of this type

level
string (AlertLevel)
Enum: "INFO" "WARNING" "SEVERE"

alert severity

help_link
string

help link

object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/hal+json
[
  • {
    }
]

Delete an alert types

Deletes an alert type.

Request Body schema: application/json
required
Array
name
required
string

alert type name

source
required
string

feature name who is source of this type

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve an alert type

Retrieves a specific alert type.

path Parameters
id
required
string <uuid>

uuid of alert type

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "source": "string",
  • "level": "INFO",
  • "help_link": "string",
  • "notification_configurations": [
    ],
  • "_links": {
    }
}

Update an alert type

Updates a specific alert type identified by id.

path Parameters
id
required
string <uuid>

uuid of alert type

Request Body schema: application/json
required
level
string (AlertLevel)
Enum: "INFO" "WARNING" "SEVERE"

alert severity

help_link
string

help link

object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "level": "INFO",
  • "help_link": "string",
  • "notifications": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Deletes an alert type

Deletes an alert type specified by id.

path Parameters
id
required
string <uuid>

uuid of alert type

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Inactivate an alert

Inactivates a specific alert.

path Parameters
id
required
string <uuid>

uuid of alert

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Update multiple alerts to seen alert status

Updates the status of multiple alerts to seen alert status. Provide a list of alert IDs to specify which alerts will have their status changed to seen.

Request Body schema: application/json
required
alerts
required
Array of strings <uuid> [ items <uuid > ]

alert ids

Responses

Request samples

Content type
application/json
{
  • "alerts": [
    ]
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Update an alert to seen alert status

Updates a specific alert to seen alert status.

path Parameters
id
required
string <uuid>

uuid of alert

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Retrieve alert rules

Retrieves a list of all the alert rules.

Responses

Response samples

Content type
application/hal+json
{
  • "id": [
    ]
}

Notifications

Notifications APIs may operate on notification resources of the F5® BIG-IP® Next Central Manager.

Retrieve notifications

Retrieves a list of all the notifications.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "_embedded": {
    }
}

Creates new notification configuration

Creates a new notification configuration from data.

Request Body schema: application/json
required
name
required
string non-empty
notification_type
required
string (NotificationType)
Enum: "SMTP" "UI"
periodicity
string non-empty
suppressed
boolean
location
string
to_emails
Array of strings[ items non-empty ]
server_config
string
object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "notification_type": "SMTP",
  • "periodicity": "string",
  • "suppressed": true,
  • "location": "string",
  • "to_emails": [
    ],
  • "server_config": "string",
  • "alert_types": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Update notification configuration

Updates an existing notification configuration.

Request Body schema: application/json
required
id
required
string <uuid>
name
required
string
notification_type
required
string (NotificationType)
Enum: "SMTP" "UI"
periodicity
string
suppressed
boolean
location
string
to_emails
Array of strings[ items non-empty ]
server_config
string
object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "notification_type": "SMTP",
  • "periodicity": "string",
  • "suppressed": true,
  • "location": "string",
  • "to_emails": [
    ],
  • "server_config": "string",
  • "alert_types": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Delete notification configuration

Deletes a notification configuration.

Request Body schema: application/json
required
name
required
string

notification configuration name

notification_type
required
string

notification configuration type

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "notification_type": "string"
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Retrieve notification

Retrieves a specific notification

path Parameters
id
required
string <uuid>

uuid of notification

Responses

Response samples

Content type
application/hal+json
{
  • "data": "string"
}

Update notification

Update an specific notification by ID.

path Parameters
id
required
string <uuid>

uuid of notification

Request Body schema: application/json
required
name
required
string
notification_type
required
string (NotificationType)
Enum: "SMTP" "UI"
periodicity
string
suppressed
boolean
location
string
to_emails
Array of strings[ items non-empty ]
server_config
string
object (LinkOrRemovalList)

list of IDs to link and/or removal

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "notification_type": "SMTP",
  • "periodicity": "string",
  • "suppressed": true,
  • "location": "string",
  • "to_emails": [
    ],
  • "server_config": "string",
  • "alert_types": {
    }
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Delete notification

Deletes a notification identified by ID.

path Parameters
id
required
string <uuid>

uuid of notification

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Suppress Notifications

Suppresses notifications specified by a list of notification IDs.

Request Body schema: application/json
required
notifications
required
Array of strings <uuid> [ items <uuid > ]

notification ids

Responses

Request samples

Content type
application/json
{
  • "notifications": [
    ]
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Suppress single notification

Suppresses a single notification specified by the notification ID.

path Parameters
id
required
string <uuid>

uuid of notification

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Reactivate multiple notifications

Reactivate multiple suppressed notifications specified by a list of notification IDs.

Request Body schema: application/json
required
notifications
required
Array of strings <uuid> [ items <uuid > ]

notification ids

Responses

Request samples

Content type
application/json
{
  • "notifications": [
    ]
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Reactivate a single suppressed notification

Reactivates a suppressed notifications specified by a notification ID.

path Parameters
id
required
string <uuid>

uuid of notification

Responses

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "message": "string",
  • "status": 0,
  • "notifications": [
    ],
  • "alert_types": [
    ]
}

Analytic

Analytic APIs may operate on analytics resources of the F5® BIG-IP® Next Central Manager.

Retrieve request count

Retrieves the number of web application requests counted during a specified time interval.

Request Body schema: application/json
required
duration
string
Enum: "5m" "1h" "1d" "1w" "30d"

Defines the analytics timeframe

object (WafEventAnalyticsPeriod)
entity
string
Enum: "geolocation" "source_ip" "url"

Defines the analytics entity

filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • actionType - the WAF result after evaluating the request. Possible values: 'legal', 'alarmed', 'blocked'.
  • country - the origin country of the request. A list of countries can be found in /v1/geolocations.
  • url - the URL of the request. Example value '/login'.
  • sourceIP - the client IP address of the request.
  • policy - the name of the WAF policy that enforced the request.
  • application - the name of the application in the request.
  • rating - the violation rating of the request. Possible values: '0', '1', '2', '3', '4', '5'.
  • systemID - the managed device ID.

Supported properties per entity type:

  • geolocation: country, application, policy, actionType, rating, systemID
  • source_ip: sourceIP, application, policy, rating, actionType, systemID
  • url: url, actionType, application, country, policy, rating, systemID
  • none: actionType, application, policy, rating, systemID

Supported operators:

  • and
  • or
  • eq
  • neq

Responses

Request samples

Content type
application/json
Example
{
  • "filter": "actionType eq 'blocked' and country eq 'US' and policy eq 'Policy1'",
  • "entity": "geolocation",
  • "duration": "1h"
}

Response samples

Content type
application/hal+json
{
  • "count": 0,
  • "_links": {
    }
}

Retrieve trend of requests

Retrieves the trend of web application requests counted during a specified time interval.

Request Body schema: application/json
required
duration
string
Enum: "5m" "1h" "1d" "1w" "30d"

Defines the analytics timeframe

object (WafEventAnalyticsPeriod)
entity
string
Enum: "geolocation" "source_ip" "url"

Defines the analytics entity

filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • actionType - the WAF result after evaluating the request. Possible values: 'legal', 'alarmed', 'blocked'.
  • country - the origin country of the request. A list of countries can be found in /v1/geolocations.
  • url - the URL of the request. Example value '/login'.
  • sourceIP - the client IP address of the request.
  • policy - the name of the WAF policy that enforced the request.
  • application - the name of the application in the request.
  • rating - the violation rating of the request. Possible values: '0', '1', '2', '3', '4', '5'.
  • systemID - the managed device ID.

Supported properties per entity type:

  • geolocation: country, application, policy, actionType, rating, systemID
  • source_ip: sourceIP, application, policy, rating, actionType, systemID
  • url: url, actionType, application, country, policy, rating, systemID
  • none: actionType, application, policy, rating, systemID

Supported operators:

  • and
  • or
  • eq
  • neq

Responses

Request samples

Content type
application/json
Example
{
  • "filter": "actionType eq 'blocked' and country eq 'US' and policy eq 'Policy1'",
  • "entity": "geolocation",
  • "duration": "1h"
}

Response samples

Content type
application/hal+json
{
  • "percent": 0,
  • "_links": {
    }
}

Retrieve the trends of web application requests

Retrieves the trends of web application requests which were made during a particular time period.

Request Body schema: application/json
required
required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category of the request.
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "percent": 0,
  • "count": 0,
  • "trend": 0,
  • "_links": {
    }
}

Retrieve most frequent web application requests

Retrieves the 20 most abundant web application requests which were made during a time period.

Request Body schema: application/json
required
entity
required
string (WafEventAnalyticsEntityEnum)
Enum: "geo_location" "ip_address" "uri" "signatures" "threat_campaign" "violations" "bot_signature"

Defines the analytics data aggregation criteria.

required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category for the request
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "entity": "geo_location",
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "top": [
    ],
  • "_links": {
    }
}

Retrieve aggregated statistics for policy or application

Retrieves web application request aggregated statistics for policy or application during a particular time period.

Request Body schema: application/json
required
entity
required
string
Enum: "policy_name" "app_name" "vs_name"

Defines the analytics data aggregation criteria.

required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category for the request
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "entity": "policy_name",
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "entity": [
    ],
  • "_links": {
    }
}

Retrieve statistics for entity

Retrieve statistics for entity

Request Body schema: application/json
required
entity
required
string (WafEventAnalyticsEntityEnum)
Enum: "geo_location" "ip_address" "uri" "signatures" "threat_campaign" "violations" "bot_signature"

Defines the analytics data aggregation criteria.

required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category for the request
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "entity": "geo_location",
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "urls": 0,
  • "signatures": 0,
  • "rating": 0,
  • "ip_addresses": 0,
  • "_links": {
    }
}

Retrieve the time interval

Retrieves the time interval which was used to get the number of web application requests.

Request Body schema: application/json
required
required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category of the request.
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "alerted": [
    ],
  • "blocked": [
    ],
  • "_links": {
    }
}

Retrieve trends of web application requests

Retrieves the trends of web application requests which were made during a particular time period.

Request Body schema: application/json
required
entity
required
string (WafEventAnalyticsEntityEnum)
Enum: "geo_location" "ip_address" "uri" "signatures" "threat_campaign" "violations" "bot_signature"

Defines the analytics data aggregation criteria.

required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • request_status - the WAF result after evaluating the request; possible values: 'alerted', 'blocked'
  • geo_location - the country that originated the request; you can find a list of countries at: /v1/geolocations
  • uri - the URI of the request; for example: '/login'
  • policy_name - the name of the WAF policy that enforced the request
  • app_name - the name of the application in the request
  • violation_rating - the violation rating of the request; possible values: '0', '1', '2', '3', '4', '5'
  • ip_client - the client IP address of the request
  • ip_address_intelligence - IP intelligence address of the request
  • severity - the request severity category
  • stack_name - the stack name
  • bot_category - the bot category for the request
  • bot_signature_name - the name of the bot signature for the request
  • client_class - the name of the bot client class for the request
  • client_type - the name of the bot client type for the request
  • sig_ids - the attack signature ID for the request
  • violations - the violation name for the request
  • sub_violations - the sub violation name for the request
  • threat_campaign_names - the threat campaign name for the request

Supported operators:

  • and
  • or
  • eq
  • neq

Supported functions:

  • contains(...)
  • not(contains(...))

Responses

Request samples

Content type
application/json
{
  • "entity": "geo_location",
  • "period": {
    },
  • "filter": "string"
}

Response samples

Content type
application/hal+json
{
  • "alerted_percent": 0,
  • "alerted_count": 0,
  • "alerted_trend": 0,
  • "blocked_percent": 0,
  • "blocked_count": 0,
  • "blocked_trend": 0,
  • "urls": 0,
  • "rating": 0,
  • "ip_addresses": 0,
  • "_links": {
    }
}

Retrieve WAF security report configurations

Retrieves a list of the report configuration for all WAF security reports.

query Parameters
limit
integer
Examples:
  • limit=2 - return 2 pages

Limits the number of items to return per page.

page
integer
Examples:
  • page=3 - return page number 3

The number of the page to return. Ignored if limit parameter is absent.

sort
string
Examples:
  • sort=address,hostname - two column ascending sort
  • sort=-hostname - single column descending sort
  • sort=address,-hostname - mixed ascending/descending sort

The column name to sort results. Prefix column name with minus sign to sort in descending order.

select
string
Examples:
  • select=name,state,status - selected column names

The names of the specific fields to return.

filter
string
Examples:
  • filter=status eq 'completed' - query by equality
  • filter=hostname startswith 'mbip' - query by string
  • filter=port gte 80 - query by numerical condition

Filter conditions for result queries. Queries by equality, string, or numerical conditions are possible.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "count": 0,
  • "total": 0,
  • "_embedded": {
    }
}

Create a WAF security report

Creates a new WAF security report.

Request Body schema: application/json
required
id
string <uuid>

UUID of WAF security report.

name
required
string^[-a-zA-Z0-9._/:\s]+$

The name of the security report.

description
string <= 255 characters

Specifies the description of the security report.

required
object
time_frame_in_days
integer
Enum: 1 7 30 90

Specifies the report time period.

Array of objects

Specifies the scoped categories.

top_level
integer
Enum: 5 10 20

Specifies the number of the top level items of the report.

request_type
string
Enum: "illegal" "alerted" "blocked"

Specifies the type of the report requests.

user_defined
boolean

Specifies whether the report is user defined.

created_by
string

The creator of the security report.

Responses

Request samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "WAF security report description",
  • "scope": {
    },
  • "time_frame_in_days": 1,
  • "categories": [
    ],
  • "top_level": 5,
  • "request_type": "illegal",
  • "user_defined": true,
  • "created_by": "string"
}

Response samples

Content type
application/hal+json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "WAF security report description",
  • "scope": {
    },
  • "time_frame_in_days": 1,
  • "categories": [
    ],
  • "top_level": 5,
  • "request_type": "illegal",
  • "user_defined": true,
  • "created_by": "string",
  • "_links": {
    }
}

Retrieve a WAF security report

Retrieves a specific WAF security report

path Parameters
report_id
required
string

Security report's report_id

query Parameters
select
string
Examples:
  • select=name,state,status - selected column names

The names of the specific fields to return.

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "WAF security report description",
  • "scope": {
    },
  • "time_frame_in_days": 1,
  • "categories": [
    ],
  • "top_level": 5,
  • "request_type": "illegal",
  • "user_defined": true,
  • "created_by": "string",
  • "_links": {
    }
}

Update a security report

Updates a specific security report identified by report_id

path Parameters
report_id
required
string

Security report's report_id

Request Body schema: application/json
required
id
string <uuid>

UUID of WAF security report.

name
required
string^[-a-zA-Z0-9._/:\s]+$

The name of the security report.

description
string <= 255 characters

Specifies the description of the security report.

required
object
time_frame_in_days
integer
Enum: 1 7 30 90

Specifies the report time period.

Array of objects

Specifies the scoped categories.

top_level
integer
Enum: 5 10 20

Specifies the number of the top level items of the report.

request_type
string
Enum: "illegal" "alerted" "blocked"

Specifies the type of the report requests.

user_defined
boolean

Specifies whether the report is user defined.

created_by
string

The creator of the security report.

Responses

Request samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "WAF security report description",
  • "scope": {
    },
  • "time_frame_in_days": 1,
  • "categories": [
    ],
  • "top_level": 5,
  • "request_type": "illegal",
  • "user_defined": true,
  • "created_by": "string"
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "WAF security report description",
  • "scope": {
    },
  • "time_frame_in_days": 1,
  • "categories": [
    ],
  • "top_level": 5,
  • "request_type": "illegal",
  • "user_defined": true,
  • "created_by": "string",
  • "_links": {
    }
}

Delete a WAF security report

Deletes a specific WAF security report.

path Parameters
report_id
required
string

Security report's report_id

Responses

Response samples

Content type
application/json
{
  • "status": 400,
  • "message": "bad request"
}

Retrieve most abundant bad actor detection requests for geolocation

Retrieves the 10 most abundant (by count) bad actor detection requests for geolocation during a specified time interval.

Request Body schema: application/json
required
object (WafEventAnalyticsPeriod)
filter
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • app_name - Successfully deployed application name. Example value 'test_app_name'. Supported operators:
  • or
example
any

Responses

Request samples

Content type
application/json
{
  • "period": {
    },
  • "filter": "string",
  • "example": null
}

Response samples

Content type
application/hal+json
{
  • "top": [
    ],
  • "_links": {
    }
}

Return a list of Application behavioral DOS statuses Deprecated

Retrieves a list of Application behavioral DOS statuses.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "count": 0,
  • "total": 0,
  • "_embedded": {
    }
}

Return a list of virtual server behavioral DOS statuses

Retrieves a list of virtual server behavioral DOS statuses.

query Parameters
limit
integer
Examples:
  • limit=2 - return 2 pages

Limits the number of items to return per page.

prev_vs_name
string

last VS name in previous response if any, used for pagination.

prev_instance_id
string <uuid>

last instance ID in previous response if any, used for pagination.

Responses

Response samples

Content type
application/hal+json
{
  • "_links": {
    },
  • "count": 0,
  • "total": 0,
  • "_embedded": {
    }
}

Return the BADOS application statistics for the given time interval Deprecated

Return the BADOS application statistics for the given time interval.

Request Body schema: application/json
required
required
object (WafEventAnalyticsPeriod)
app_name
required
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • app_name - Successfully deployed application name. Example value 'test_app_name'.

Responses

Request samples

Content type
application/json
{
  • "period": {
    },
  • "app_name": "test_app_name"
}

Response samples

Content type
application/hal+json
{
  • "stress_level": [
    ],
  • "baseline_dps": [
    ],
  • "incoming_rps": [
    ],
  • "successful_tps": [
    ],
  • "unsuccessful_rps": [
    ],
  • "mitigated_bad_actor_rps": [
    ],
  • "mitigated_global_rps": [
    ],
  • "mitigated_signature_rps": [
    ],
  • "_links": {
    }
}

Return the BADOS virtual server statistics for the given time interval

Return the BADOS virtual server statistics for the given time interval.

Request Body schema: application/json
required
required
object (WafEventAnalyticsPeriod)
vs_name
required
string

Defines the analytics filtering criteria. The supported properties are as follows:

  • vs_name - Virtual server name.
instance_id
required
string <uuid>

Defines the analytics filtering criteria. The supported properties are as follows:

  • instance_id - Managed instance ID.

Responses

Request samples

Content type
application/json
{
  • "period": {
    },
  • "vs_name": "test_vs_name",
  • "instance_id": "123e4567-e89b-12d3-a456-426614174000"
}

Response samples

Content type
application/hal+json
{
  • "stress_level": [
    ],
  • "baseline_dps": [
    ],
  • "incoming_rps": [
    ],
  • "successful_tps": [
    ],
  • "unsuccessful_rps": [
    ],
  • "mitigated_bad_actor_rps": [
    ],
  • "mitigated_global_rps": [
    ],
  • "mitigated_signature_rps": [
    ],
  • "_links": {
    }
}

Retrieve time series instance metrics

Retrieve time series instance-related metrics for a specified time frame and resolution, optionally matching a provided filter.

query Parameters
names
required
string
Examples:
  • names=http.transactions - query a single metric
  • names=cpu.idle,cpu.system - query multiple metrics
  • names=SUM(http.transactions) - query aggregated value of a metric

Defines one or more metrics to be returned. When groupBy is used only one metric should be used. An aggregation function can be added such as SUM, AVG, COUNT, MIN, MAX, RATE.

filter
string
Examples:
  • filter=deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055' - filter using an equality expression
  • filter=transactionOutcome neq 'incomplete' - filter using an inequality expression
  • filter=port gte 80 - filter using a numerical condition
  • filter=(deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055') AND (cpu.core eq 'all') - multiple predicates

A logical expression for filtering query results. consists of one or more predicates in the form of .

start
string

The start of the time window to include metrics from (inclusive).

end
string

The end of the time window to include metrics from (non-inclusive) – default to “now”.

resolution
string

Defines the returned data granularity.

aggregate
boolean

Defines if result should be returned aggregated.

Responses

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve list of time series access metrics

Retrieve time series access-related metrics for a specified time frame and resolution, optionally matching a provided filter.

query Parameters
names
required
string
Examples:
  • names=global_access_stat.current_connectivity_sessions - query a single metric, supports only global_access_stat.current_connectivity_sessions

Defines one or more metrics to be returned. Supports global_access_stat.current_connectivity_sessions only. By default groups by DeviceId_CM

filter
string
Examples:
  • filter=deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055' - filter using an equality expression
  • filter=(deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055' or deviceId eq '78032542-C56B-EB96-6F19-E1BB685CF022') - multiple predicates

A logical expression for filtering query results. consists of one or more predicates in the form of .

start
string

The start of the time window to include metrics from (inclusive).

end
string

The end of the time window to include metrics from (non-inclusive) – default to “now”.

resolution
string

Defines the returned data granularity.

sort
boolean

when true. orders and assigns a rank to device by the avg(metric) over time window.

aggregate
boolean

Defines if result should be returned aggregated.

Responses

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve applications time series metrics

Retrieves applications-related time series metrics for a specified time frame and resolution, optionally matching a provided filter.

query Parameters
names
required
string
Examples:
  • names=http.transactions - query a single metric
  • names=cpu.idle,cpu.system - query multiple metrics
  • names=SUM(http.transactions) - query aggregated value of a metric

Defines one or more metrics to be returned. When groupBy is used only one metric should be used. An aggregation function can be added such as SUM, AVG, COUNT, MIN, MAX, RATE.

filter
string
Examples:
  • filter=deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055' - filter using an equality expression
  • filter=transactionOutcome neq 'incomplete' - filter using an inequality expression
  • filter=port gte 80 - filter using a numerical condition
  • filter=(deviceId eq '91032542-C56B-EB96-6F19-E1BB685CF055') AND (cpu.core eq 'all') - multiple predicates

A logical expression for filtering query results. consists of one or more predicates in the form of .

start
string

The start of the time window to include metrics from (inclusive).

end
string

The end of the time window to include metrics from (non-inclusive) – default to “now”.

resolution
string

Defines the returned data granularity.

aggregate
boolean

Defines if result should be returned aggregated.

Responses

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve applications health

Retrieve the health status of all existing application services that match an optionally provided filter. This API supports paging.

query Parameters
limit
integer
Default: 100
Examples:
  • limit=10 - returns upto 10 items per page

Limits the number of items to return per page.

page
integer
Examples:
  • page=5 - return page number 5

The number of the page to return. Ignored if limit parameter is absent.

sort
string
Examples:
  • sort=name - column ascending sort
  • sort=location - single column descending sort
  • sort=name,location - mixed ascending/descending sort

The column name to sort results. Prefix column name with minus sign to sort in descending order.

select
string
Examples:
  • select=name,status - selected column names

The names of the specific fields to return.

filter
string
Examples:
  • filter=status eq 'Deployed' - query by equality
  • filter=name startswith 'app' - query by string

Filter conditions for result queries. Queries by equality, string, or numerical conditions are possible.

Responses

Response samples

Content type
application/hal+json
{
  • "bigIpId": "string",
  • "tenantName": "string",
  • "objectName": "string",
  • "parentObjectName": "string",
  • "objectType": "string",
  • "parentObjectType": "string",
  • "applicationName": "string",
  • "health": "string",
  • "sourceId": "string",
  • "description": "string",
  • "lastUpdated": "string",
  • "_links": {
    }
}

Retrieve application-services locations

Retrieve a list of application-services locations, for the application-service topology view.

path Parameters
app_service_name
required
string

application service name (unique)

Responses

Response samples

Content type
application/hal+json
{
  • "name": "string",
  • "instances": [
    ]
}

Returns a list of virtual servers for a given application service

Returns a list of virtual servers for a given application service, with their health.

path Parameters
app_service_name
required
string

application service name (unique)

query Parameters
id
required
string <uuid>

ID of the application

instance_id
string <uuid>

UUID of instance (instance-id)

type
required
string
Enum: "AS3" "FAST"

type of application

Responses

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve pool properties

Retrieves pool properties for the specified pool.

path Parameters
app_service_name
required
string

application service name (unique)

virtual_server_name
required
string

virtual server name (unique for application)

pool_name
required
string

pool name (unique)

query Parameters
instance_id
string <uuid>

UUID of instance (device-id)

app_id
required
string <uuid>

application service id (unique)

Responses

Response samples

Content type
application/hal+json
{
  • "name": "string",
  • "throughput": 0,
  • "health": "string",
  • "num_active_alerts": 0,
  • "num_pool_members": 0,
  • "num_healthy_pool_members": 0,
  • "percent_healthy_pool_members": "string",
  • "num_unhealthy_pool_members": 0,
  • "percent_unhealthy_pool_members": "string",
  • "lb_method": "string",
  • "virtual_server": "string",
  • "monitor_type": [
    ],
  • "_links": {
    }
}

Retrieve application service properties

Retrieves application service properties for the specified application-service.

path Parameters
app_service_name
required
string

application name (unique)

query Parameters
instance_id
string <uuid>

UUID of instance (device-id)

app_id
required
string <uuid>

application service id (unique)

Responses

Response samples

Content type
application/hal+json
{
  • "name": "string",
  • "description": "string",
  • "last_update": "2019-08-24T14:15:22Z",
  • "health": "Critical",
  • "active_alerts": 0,
  • "virtual_servers": 0,
  • "source": "Template",
  • "template_name": "string",
  • "location": "string",
  • "pools": 0,
  • "pool_members": 0,
  • "security": [
    ],
  • "_links": {
    }
}

Retrieve summary of the WAF policies attached to applications

Retrieves summary of the WAF policies attached to applications.

Responses

Response samples

Content type
application/hal+json
{
  • "total_applications": 0,
  • "applications_with_waf_policies": 0,
  • "blocking": 0,
  • "transparent": 0,
  • "mixed": 0,
  • "no_policy": 0,
  • "_links": {
    }
}

Retrieve summary of applications health

Retrieve a summary of the distribution of applications health to generate a pie chart.

Responses

Response samples

Content type
application/hal+json
{
  • "total_applications": 0,
  • "application_health_summary": [
    ],
  • "_links": {
    }
}

Retrieve summary of applications alerts

Retrieve a summary of the distribution of application alerts by level to generate a pie chart.

query Parameters
app_name
string

application name (unique)

instance_id
string <uuid>

UUID of instance (device-id)

Responses

Response samples

Content type
application/hal+json
{
  • "total_alerts": 0,
  • "application_alerts_summary": [
    ],
  • "_links": {
    }
}

Retrieve endpoints data

Retrieves endpoints data for a specified pool.

path Parameters
app_name
required
string

application name (unique)

virtual_name
required
string

virtual server name (unique)

pool_name
required
string

pool name (unique)

query Parameters
app_id
required
string <uuid>

id of application

instance_id
string <uuid>

UUID of instance (device-id)

Responses

Response samples

Content type
application/hal+json
[
  • {
    }
]

Retrieve application health status

Retrieves application health status for a specified application.

path Parameters
app_name
required
string

application name (unique)

query Parameters
instance_id
string <uuid>

UUID of instance (device-id)

Responses

Response samples

Content type
application/hal+json
{
  • "name": "string",
  • "health": "Good",
  • "_links": {
    }
}

Retrieve virtual server properties

Retrieves virtual server properties for a specified virtual server.

path Parameters
app_service_name
required
string

application service name (unique)

virtual_server_name
required
string

virtual server name (unique for application)

query Parameters
instance_id
string <uuid>

UUID of instance (device-id)

app_id
required
string <uuid>

application service id (unique)

Responses

Response samples

Content type
application/hal+json
{
  • "name": "string",
  • "pools": 0,
  • "virtual_address": "string",
  • "virtual_port": 0,
  • "https_certificate": "string",
  • "enabled_protocols_and_profiles": [
    ],
  • "enabled_security_policies": [
    ],
  • "irules": {
    },
  • "_links": {
    }
}

Returns endpoint properties

Returns endpoint properties for a specified endpoint.

path Parameters
app_service_name
required
string

application service name (unique)

virtual_server_name
required
string

virtual server name (unique for application)

pool_name
required
string

pool name (unique)

endpoint-name
required
string

endpoint-name (unique)

query Parameters
instance_id
required
string <uuid>

UUID of instance (device-id)

app_id
required
string <uuid>

application service id (unique)

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "ip_address": "string",
  • "location": "string",
  • "health": "string"
}

Retrieve properties of a FQDN in the GSLB

Retrieves properties of a specific Fully Qualified Domain Name (FQDN) in the GSLB.

path Parameters
fqdn_name
required
string

Fully Qualified Domain Name (unique)

Responses

Response samples

Content type
application/hal+json