Querying Attack Log Statistics
Function
This API is used to query attack log statistics.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/cfw/logs/attack-detail
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
fw_instance_id |
Yes |
String |
Definition Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
range |
No |
Integer |
Definition Time range. Constraints N/A Range 0 (last hour), 1 (last day), or 2 (last seven days) Default Value N/A |
log_type |
Yes |
String |
Definition Log type. Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A |
start_time |
No |
Long |
Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A |
end_time |
No |
Long |
Definition End time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A |
vgw_id |
No |
Array of strings |
Definition VGW ID Constraints N/A Range 32-bit UUID. Default Value N/A |
action |
Yes |
Integer |
Definition Action. Constraints N/A Range 0: all 1: block Default Value N/A |
item |
Yes |
String |
Definition Aggregation type. Constraints N/A Range src_region_id: top external attack source regions attack_type: attack type in_src_ip: top internal attack source IP addresses out_src_ip: top external attack source IP addresses dst_port: top attacked ports dst_ip: top attacked IP addresses attack_rule: top attack rules src_ip: top attack source IP addresses Default Value N/A |
value |
Yes |
String |
Definition Statistical object. Constraints N/A Range N/A Default Value N/A |
Request Parameters
None
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
data |
AttackDetailVO object |
Parameter |
Type |
Description |
---|---|---|
app_count |
Long |
Definition Number of applications. Range N/A |
attack_rule_count |
Long |
Definition Number of attack rules. Range N/A |
attack_type_count |
Long |
Definition Number of attack types. Range N/A |
count |
Long |
Definition Number of attacks. Range N/A |
dst_ip_count |
Long |
Definition Number of destination IP addresses. Range N/A |
dst_port_count |
Long |
Definition Number of attacked ports. Range N/A |
end_time |
Long |
Definition End time. Range N/A |
records |
Array of AttackLog objects |
Definition Attack event details. Range N/A |
src_ip_count |
Long |
Definition Number of source IP addresses. Range N/A |
start_time |
Long |
Definition Start time. Range N/A |
total |
Long |
Definition Total number. Range N/A |
Parameter |
Type |
Description |
---|---|---|
action |
String |
Definition Action. Range N/A |
app |
String |
Definition Application. Range N/A |
attack_rule |
String |
Definition Attack rule. Range N/A |
attack_rule_id |
String |
Definition Attack rule ID. Range N/A |
attack_type |
String |
Definition Attack type. Range N/A |
direction |
String |
Definition Attack direction. Range N/A |
dst_ip |
String |
Definition Destination IP address. Range N/A |
dst_port |
Integer |
Definition Destination port. Range N/A |
dst_region_id |
String |
Definition Destination region ID. Range N/A |
dst_region_name |
String |
Definition Destination region name. Range N/A |
dst_province_id |
String |
Definition Destination province ID. Range N/A |
dst_province_name |
String |
Definition Destination province name. Range N/A |
dst_city_id |
String |
Definition Destination city ID. Range N/A |
dst_city_name |
String |
Definition Destination city name. Range N/A |
event_time |
Long |
Definition Occurrence time. Range N/A |
level |
String |
Definition Risk severity. Range N/A |
protocol |
String |
Definition Protocol. Range N/A |
source |
String |
Definition Source. Range N/A |
src_ip |
String |
Definition Source IP address. Range N/A |
real_ip |
String |
Definition Real IP address. Range N/A |
tag |
Integer |
Definition Tag. Range N/A |
src_port |
Integer |
Definition Source port. Range N/A |
src_region_id |
String |
Definition Source region ID. Range N/A |
src_region_name |
String |
Definition Source region name. Range N/A |
src_province_id |
String |
Definition Source province ID. Range N/A |
src_province_name |
String |
Definition Source province name. Range N/A |
src_city_id |
String |
Definition Source city ID. Range N/A |
src_city_name |
String |
Definition Source city. Range N/A |
vgw_id |
String |
Definition VGW Id Range N/A |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Definition Error code. Range N/A |
error_msg |
String |
Definition Error message. Range N/A |
Example Requests
https://{Endpoint}/v1/7db2c6e2934046dd8c5a996ed4780c5b/cfw/logs/attack-detail?fw_instance_id=a7df0f6c-da03-4511-ad0b-b17b589ff0ec&log_type=internet&range=2&item=src_region_id&action=0&value=US Query detailed attack log statistics. The project ID is 7db2c6e2934046dd8c5a996ed4780c5b, the firewall ID is a7df0f6c-da03-4511-ad0b-b17b589ff0ec, the time range is 7 days, and the external attack source region is US.
Example Responses
Status code: 200
OK
{ "data" : { "app_count" : 1, "attack_rule_count" : 1, "attack_type_count" : 1, "count" : 1, "dst_ip_count" : 1, "dst_port_count" : 1, "end_time" : 1751014701000, "records" : [ { "action" : "permit", "app" : "UDP-ANY", "attack_rule" : "Realtek Jungle SDK Command Injection Vulnerability (CVE-2021-35394)", "attack_rule_id" : "806310", "attack_type" : "Vulnerability Exploit Attack", "dst_ip" : "121.37.223.24", "dst_port" : 9034, "dst_region_id" : "CN", "dst_region_name" : "China", "dst_province_id" : "GD", "dst_province_name" : "Guangdong", "dst_city_id" : "Guangzhou", "dst_city_name" : "Guangzhou", "event_time" : 1751014701000, "level" : "CRITICAL", "protocol" : "UDP", "source" : "predefined", "src_ip" : "92.112.125.103", "tag" : -1, "src_port" : 43533, "src_region_id" : "US", "src_region_name" : "United States" } ], "src_ip_count" : 1, "start_time" : 1751014701000, "total" : 1 } }
Status code: 400
Bad Request
{ "error_code" : "CFW.00200007", "error_msg" : "Incorrect time range." }
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Bad Request |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot