Help Center/ Web Application Firewall/ API Reference/ APIs/ Dashboard/ Querying Top Security Statistics by Category

Updated on 2024-11-08 GMT+08:00

View PDF

Querying Top Security Statistics by Category

Function

This API is used to query statistics by category, including the attacked domain name, attack source IP address, attacked URL, attack source region, and attack event distribution. Note that APIs related to the dashboard cannot be used to query data for custom time. Only data displayed on the console for yesterday, today, past 3 days, past 7 days, and past 30 days can be queried.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/overviews/classification

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management cons. Then, in the Projects area, view Project ID** of the corresponding project.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.
from	Yes	Long	Start time (13-digit timestamp in millisecond). This parameter must be used together with to.
to	Yes	Long	End time (13-digit timestamp in millisecond). This parameter must be used together with from.
top	No	Integer	The first several results you want to query. Maximum value: 10. Default value: 5.
hosts	No	String	Domain name IDs. In the cloud mode, domain name IDs can be obtained by calling the ListHost API. In the dedicated mode, domain name IDs can be obtained by calling the ListPremiumHost API. By default, this parameter is not required, and the statistics data of all protected domain names in the project is queried. To query data about several specified domain names, refer to the request example.
instances	No	String	Instance IDs you want to query. This parameter is required only for dedicated WAF instances and load-balancing instances (ELB mode).

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.
X-Language	No	String	Language. The default value is en-us. zh-cn (Chinese)/en-us (English)

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
domain	DomainClassificationItem object	Attacked domain name
attack_type	AttackTypeClassificationItem object	Attack event distribution
ip	IpClassificationItem object	Attacking source IP address
url	UrlClassificationItem object	Attacking URL
geo	GeoClassificationItem object	Source region

**Table 5** DomainClassificationItem
Parameter	Type	Description
total	Integer	Total number of DomainItem
items	Array of DomainItem objects	DomainItem details

**Table 6** DomainItem
Parameter	Type	Description
key	String	Domain name
num	Integer	Quantity.
web_tag	String	Website name, which is the same as the website name in the domain name details on the WAF console.

**Table 7** AttackTypeClassificationItem
Parameter	Type	Description
total	Integer	Total number of AttackTypeItem
items	Array of AttackTypeItem objects	AttackTypeItem details

**Table 8** AttackTypeItem
Parameter	Type	Description
key	String	Attack type
num	Integer	Quantity.

**Table 9** IpClassificationItem
Parameter	Type	Description
total	Integer	Total number of IpItem
items	Array of IpItem objects	IpItem Details

**Table 10** IpItem
Parameter	Type	Description
key	String	IP address.
num	Integer	Quantity.

**Table 11** UrlClassificationItem
Parameter	Type	Description
total	Integer	Total number of UrlItem
items	Array of UrlItem objects	UrlItem Details

**Table 12** UrlItem
Parameter	Type	Description
key	String	URL path.
num	Integer	Quantity.
host	String	Domain name

**Table 13** GeoClassificationItem
Parameter	Type	Description
total	Integer	Total number of GeoItem
items	Array of GeoItem objects	GeoItem details

**Table 14** GeoItem
Parameter	Type	Description
key	String	Source region
num	Integer	Quantity.

Status code: 400

**Table 15** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 16** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 17** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 18** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 19** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 20** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

The following example shows how to query the top 10 security overview statistics in a project. The project ID is specified by project_id. The time is from 2022-05-19 00:00:00 to 2022-06-17 11:14:41. The domain name ID is 1bac09440a814aa98ed08302c580a48b, and engine instance ID is 5a532f83a2fb476ba51ca1de7b1ebc43.

GET https://{Endpoint}/v1/{project_id}/waf/overviews/classification?enterprise_project_id=0&from=1652889600354&to=1655435681354&top=10&hosts=1bac09440a814aa98ed08302c580a48b&instances=5a532f83a2fb476ba51ca1de7b1ebc43

Example Responses

Status code: 200

{
  "attack_type" : {
    "total" : 1,
    "items" : [ {
      "key" : "custom_custom",
      "num" : 2
    } ]
  },
  "domain" : {
    "total" : 2,
    "items" : [ {
      "key" : "www.whitelist.com",
      "num" : 2,
      "web_tag" : "www.whitelist.com"
    }, {
      "key" : "zbx002.apayaduo.cn",
      "num" : 2,
      "web_tag" : ""
    } ]
  },
  "geo" : {
    "total" : 1,
    "items" : [ {
      "key" : "Shanghai",
      "num" : 2
    } ]
  },
  "ip" : {
    "total" : 1,
    "items" : [ {
      "key" : "10.142.4.15",
      "num" : 2
    } ]
  },
  "url" : {
    "total" : 1,
    "items" : [ {
      "key" : "/attack",
      "num" : 2,
      "host" : "www.whitelist.com"
    } ]
  }
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ListOverviewsClassificationSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ListOverviewsClassificationRequest request = new ListOverviewsClassificationRequest();
        try {
            ListOverviewsClassificationResponse response = client.listOverviewsClassification(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListOverviewsClassificationRequest()
        response = client.list_overviews_classification(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListOverviewsClassificationRequest{}
	response, err := client.ListOverviewsClassification(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     