Querying Top Attack Log Statistics
Function
This API is used to query top attack log statistics.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/cfw/logs/top-attack
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
fw_instance_id |
Yes |
String |
Definition Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
range |
No |
Integer |
Definition Time range. Constraints N/A Range 0 (last hour), 1 (last day), or 2 (last seven days) Default Value N/A |
log_type |
Yes |
String |
Definition Log type. Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A |
start_time |
No |
Long |
Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A |
end_time |
No |
Long |
Definition End time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A |
vgw_id |
No |
Array of strings |
Definition VGW ID Constraints N/A Range 32-bit UUID. Default Value N/A |
action |
Yes |
Integer |
Definition Action. Constraints N/A Range 0: all 1: block Default Value N/A |
item |
Yes |
Array of strings |
Definition Aggregation type. Constraints N/A Range src_region_id: top external attack source regions attack_type: attack type in_src_ip: top internal attack source IP addresses out_src_ip: top external attack source IP addresses dst_port: top attacked ports dst_ip: top attacked IP addresses attack_rule: top attack rules src_ip: top attack source IP addresses level: top threat levels Default Value N/A |
size |
No |
Integer |
Definition Number of aggregated records. Constraints N/A Range 0 to 10 Default Value 5 |
Request Parameters
None
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
data |
AttackTopRespBody object |
Parameter |
Type |
Description |
---|---|---|
attack_rule |
Array of TopInfo objects |
Definition Top attack rules. Range N/A |
attack_type |
Array of TopInfo objects |
Definition Top attack types. Range N/A |
dst_ip |
Array of TopInfo objects |
Definition Top attack target IP addresses. Range N/A |
dst_port |
Array of TopInfo objects |
Definition Top attacked ports. Range N/A |
in_src_ip |
Array of TopInfo objects |
Definition Top internal attack source IP addresses. Range N/A |
level |
Array of TopInfo objects |
Definition Top threat levels. Range N/A |
out_src_ip |
Array of TopInfo objects |
Definition Top external attack source IP addresses. Range N/A |
src_ip |
Array of TopInfo objects |
Definition Top attack source IP addresses. Range N/A |
src_region_id |
Array of TopInfo objects |
Definition Source region ID. Range N/A |
Parameter |
Type |
Description |
---|---|---|
count |
Long |
Definition Number of times. Range N/A |
item |
String |
Definition Item. Range N/A |
item_id |
String |
Definition Item ID. Range N/A |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Definition Error code. Range N/A |
error_msg |
String |
Definition Error message. Range N/A |
Example Requests
Query the top attack types at the Internet border. The project ID is 7db2c6e2934046dd8c5a996ed4780c5b, the firewall ID is a7df0f6c-da03-4511-ad0b-b17b589ff0ec, and the time range is 7 days.
https://{Endpoint}/v1/7db2c6e2934046dd8c5a996ed4780c5b/cfw/logs/top-attack?fw_instance_id=a7df0f6c-da03-4511-ad0b-b17b589ff0ec&item=attack_type&log_type=internet&action=0&range=2
Example Responses
Status code: 200
OK
{ "data" : { "attack_type" : [ { "count" : 51, "item" : "Vulnerability Exploit Attack", "item_id" : "Vulnerability Exploit Attack" } ] } }
Status code: 400
Bad Request
{ "error_code" : "CFW.00200007", "error_msg" : "Incorrect time range." }
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Bad Request |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot