Help Center/ Cloud Firewall/ API Reference/ API/ Log Analysis/ Querying Top Attack Log Statistics
Updated on 2025-08-12 GMT+08:00

Querying Top Attack Log Statistics

Function

This API is used to query top attack log statistics.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/cfw/logs/top-attack

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

fw_instance_id

Yes

String

Definition

Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

range

No

Integer

Definition

Time range.

Constraints

N/A

Range

0 (last hour), 1 (last day), or 2 (last seven days)

Default Value

N/A

log_type

Yes

String

Definition

Log type.

Constraints

N/A

Range

internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs)

Default Value

N/A

start_time

No

Long

Definition

Start time.

Constraints

N/A

Range

Milliseconds-level timestamp.

Default Value

N/A

end_time

No

Long

Definition

End time.

Constraints

N/A

Range

Milliseconds-level timestamp.

Default Value

N/A

vgw_id

No

Array of strings

Definition

VGW ID

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

action

Yes

Integer

Definition

Action.

Constraints

N/A

Range

0: all

1: block

Default Value

N/A

item

Yes

Array of strings

Definition

Aggregation type.

Constraints

N/A

Range

src_region_id: top external attack source regions

attack_type: attack type

in_src_ip: top internal attack source IP addresses

out_src_ip: top external attack source IP addresses

dst_port: top attacked ports

dst_ip: top attacked IP addresses

attack_rule: top attack rules

src_ip: top attack source IP addresses

level: top threat levels

Default Value

N/A

size

No

Integer

Definition

Number of aggregated records.

Constraints

N/A

Range

0 to 10

Default Value

5

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

data

AttackTopRespBody object

Table 4 AttackTopRespBody

Parameter

Type

Description

attack_rule

Array of TopInfo objects

Definition

Top attack rules.

Range

N/A

attack_type

Array of TopInfo objects

Definition

Top attack types.

Range

N/A

dst_ip

Array of TopInfo objects

Definition

Top attack target IP addresses.

Range

N/A

dst_port

Array of TopInfo objects

Definition

Top attacked ports.

Range

N/A

in_src_ip

Array of TopInfo objects

Definition

Top internal attack source IP addresses.

Range

N/A

level

Array of TopInfo objects

Definition

Top threat levels.

Range

N/A

out_src_ip

Array of TopInfo objects

Definition

Top external attack source IP addresses.

Range

N/A

src_ip

Array of TopInfo objects

Definition

Top attack source IP addresses.

Range

N/A

src_region_id

Array of TopInfo objects

Definition

Source region ID.

Range

N/A

Table 5 TopInfo

Parameter

Type

Description

count

Long

Definition

Number of times.

Range

N/A

item

String

Definition

Item.

Range

N/A

item_id

String

Definition

Item ID.

Range

N/A

Status code: 400

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Definition

Error code.

Range

N/A

error_msg

String

Definition

Error message.

Range

N/A

Example Requests

Query the top attack types at the Internet border. The project ID is 7db2c6e2934046dd8c5a996ed4780c5b, the firewall ID is a7df0f6c-da03-4511-ad0b-b17b589ff0ec, and the time range is 7 days.

https://{Endpoint}/v1/7db2c6e2934046dd8c5a996ed4780c5b/cfw/logs/top-attack?fw_instance_id=a7df0f6c-da03-4511-ad0b-b17b589ff0ec&item=attack_type&log_type=internet&action=0&range=2

Example Responses

Status code: 200

OK

{
  "data" : {
    "attack_type" : [ {
      "count" : 51,
      "item" : "Vulnerability Exploit Attack",
      "item_id" : "Vulnerability Exploit Attack"
    } ]
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00200007",
  "error_msg" : "Incorrect time range."
}

Status Codes

Status Code

Description

200

OK

400

Bad Request

Error Codes

See Error Codes.