Querying the List of DDoS Attack Events
Function
This API is used to query the list of DDoS attack events.
Calling Method
For details, see Calling APIs.
URI
POST /v2/aad/instances/{instance_id}/ddos-info/attack/events
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
instance_id |
Yes |
String |
Instance ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
token |
|
Content-Type |
Yes |
String |
Content-Type |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
start_time |
Yes |
String |
Start time. |
|
end_time |
Yes |
String |
End time. |
|
offset |
Yes |
Integer |
Maximum records. |
|
limit |
Yes |
Integer |
Start position. |
|
ip |
Yes |
String |
ip |
|
attack_types |
Yes |
Array of strings |
Attack type. The value can be: "SYN Flood", "ACK Flood", "SYN-ACK Flood", "FIN/RST Flood", "TCP ConcurConn Flood", "TCP NewConn Flood", "TCP Fragment Flood", "TCP Fragment Flood", "TCP Bandwidth Overflow", "UDP Flood", "UDP Fragment Flood", "UDP Fragment Flood", "UDP Bandwidth Overflow", "ICMP Flood", "Other Protocol Flood", "DstIP Bandwidth Overflow", "HTTPS Flood", "HTTP Flood", "DNS Query Flood", "DNS Reply Flood", "SIP Flood", "Blacklist Dropped Traffic", "HTTP Flood", "TCP Fragment Abnormal", "TCP Abnormal", "UDP Fragment Abnormal", "UDP Abnormal", "ICMP Abnormal", "Other Protocol Abnormal", "TCP Connection Flood", "DNS Domain Hijacking", "DNS Cache Poisoning", "DNS Reflection", "Large DNS Packet", "SrcIP DNS Query Rate Abnormal", "SrcIP DNS Response Rate Abnormal", "DNS Query Domain Rate Abnormal", "DNS Response Domain Rate Abnormal", "DNS TTL Abnormal", "DNS Malformed", "DNS Cache Match", "Port Scanning", "TCP Malformed", "SrcIP Traffic Overflow", "UDP Garbage Flood", "DNS NXDOMAIN Flood", "Other Flood", "Zone Bandwidth Overflow", "HTTP Connection Flood", "Botnets/Trojans/Worms Attack", "Malicious Domains Attack", "Filter-rule Dropped Traffic", "Web Attack", "SrcIP SIP Rate Abnormal", "Anti-Malware", "Botnet Traffic", "GeoIP Dropped Traffic", "DstIP NewConn Rate Limit", "TCP Traffic Block", "UDP Traffic Block", "ICMP Traffic Block", "Other Protocol Traffic Block", "Host Traffic Over Flow", "UDP Malformed", "TCP Dport Traffic Limit", "TCP Dport Relation Defense", "Filter-rule Dropped Traffic", "Hardware-filter-rule Dropped Carpet-bombing Traffic" |
|
attack_flow_low |
Yes |
String |
Minimum attack traffic. |
|
attack_flow_up |
Yes |
String |
Maximum attack traffic. |
|
attack_status |
Yes |
String |
Attack status. The options are attack and normal (attacks end). |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
total |
Integer |
total |
|
data |
Array of ListDDoSEventData objects |
data |
|
Parameter |
Type |
Description |
|---|---|---|
|
zone_ip |
String |
Protection IP addresses. |
|
start_time |
String |
Start time. |
|
end_time |
String |
End time. |
|
max_drop_kbps |
String |
Peak attack traffic, in kbit/s. |
|
max_drop_pps |
String |
Peak number of attack packets, in pps. |
|
max_in_kbps |
String |
Peak inbound traffic, in kbit/s. |
|
max_in_pps |
String |
Peak rate of incoming packets, in pps. |
|
attack_types |
String |
Attack type. The value can be: "SYN Flood", "ACK Flood", "SYN-ACK Flood", "FIN/RST Flood", "TCP ConcurConn Flood", "TCP NewConn Flood", "TCP Fragment Flood", "TCP Fragment Flood", "TCP Bandwidth Overflow", "UDP Flood", "UDP Fragment Flood", "UDP Fragment Flood", "UDP Bandwidth Overflow", "ICMP Flood", "Other Protocol Flood", "DstIP Bandwidth Overflow", "HTTPS Flood", "HTTP Flood", "DNS Query Flood", "DNS Reply Flood", "SIP Flood", "Blacklist Dropped Traffic", "HTTP Flood", "TCP Fragment Abnormal", "TCP Abnormal", "UDP Fragment Abnormal", "UDP Abnormal", "ICMP Abnormal", "Other Protocol Abnormal", "TCP Connection Flood", "DNS Domain Hijacking", "DNS Cache Poisoning", "DNS Reflection", "Large DNS Packet", "SrcIP DNS Query Rate Abnormal", "SrcIP DNS Response Rate Abnormal", "DNS Query Domain Rate Abnormal", "DNS Response Domain Rate Abnormal", "DNS TTL Abnormal", "DNS Malformed", "DNS Cache Match", "Port Scanning", "TCP Malformed", "SrcIP Traffic Overflow", "UDP Garbage Flood", "DNS NXDOMAIN Flood", "Other Flood", "Zone Bandwidth Overflow", "HTTP Connection Flood", "Botnets/Trojans/Worms Attack", "Malicious Domains Attack", "Filter-rule Dropped Traffic", "Web Attack", "SrcIP SIP Rate Abnormal", "Anti-Malware", "Botnet Traffic", "GeoIP Dropped Traffic", "DstIP NewConn Rate Limit", "TCP Traffic Block", "UDP Traffic Block", "ICMP Traffic Block", "Other Protocol Traffic Block", "Host Traffic Over Flow", "UDP Malformed", "TCP Dport Traffic Limit", "TCP Dport Relation Defense", "Filter-rule Dropped Traffic", "Hardware-filter-rule Dropped Carpet-bombing Traffic" |
|
attack_ips |
String |
Attack source IP address. |
|
attack_ips_desc |
String |
Attack IP address description. |
|
attack_status |
String |
Attack status. The options are attack and normal (attacks end). |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_description |
String |
Error description. |
Example Requests
None
Example Responses
Status code: 200
OK
{
"data" : [ {
"attack_ips" : "",
"attack_ips_desc" : "",
"attack_status" : "NORMAL",
"attack_types" : "Location Attack",
"end_time" : "1719194207000",
"max_drop_kbps" : "417",
"max_drop_pps" : "594",
"max_in_kbps" : "426",
"max_in_pps" : "606",
"star_time" : "1719193603000",
"zone_iP" : "10.10.10.10"
} ],
"total" : 1
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
400 |
Error response |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
