Querying the List of Attack Events
Function
This API is used to query the attack event list. Currently, this API does not support query of all protection events. The pagesize parameter cannot be set to -1. The larger the data volume, the larger the memory consumption. A maximum of 10,000 data records can be queried. For example, if the number of data records in a user-defined period exceeds 10,000, the data whose page is 101 (or pagesize is greater than 100) cannot be queried. You need to adjust the time range to a longer period and then query the data.
URI
GET /v1/{project_id}/waf/event
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose My Credentials.Then, in the Projects area, view Project ID of the corresponding project. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
You can obtain the ID by calling the ListEnterpriseProject API of EPS. |
|
recent |
No |
String |
Time range for querying logs. This parameter cannot be used together with from or to at the same time. Parameter recent must be used with either from or to. Enumeration values:
|
|
from |
No |
Long |
Start time (13-digit timestamp). This parameter must be used together with to, but cannot be used together with recent. |
|
to |
No |
Long |
End time (13-digit timestamp). This parameter must be used together with from but cannot be used together with recent. |
|
attacks |
No |
Array |
Attack type
|
|
hosts |
No |
Array |
Domain name ID. It can be obtained by calling the **ListHost API. |
|
page |
No |
Integer |
Page number of the data to be returned during pagination query. The default value is 1, indicating that the data on the first page is returned. |
|
pagesize |
No |
Integer |
Number of results on each page during pagination query. Value range: 1 to 100. The default value is 10, indicating that each page contains 10 results. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
|
Content-Type |
Yes |
String |
Content type. Default: application/json;charset=utf8 |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
total |
Integer |
Number of attack events |
|
items |
Array of ListEventItems objects |
Details about an attack event |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Event ID |
|
time |
Long |
Count |
|
policyid |
String |
Policy ID |
|
sip |
String |
Source IP address, which is the IP address of the web visitor (attacker's IP address). |
|
host |
String |
Attacked domain name |
|
url |
String |
Attacked URL |
|
attack |
String |
Attack type
|
|
rule |
String |
ID of the matched rule |
|
payload |
String |
Hit payload |
|
payload_location |
String |
Hit Load Position |
|
action |
String |
Protective action |
|
request_line |
String |
Request method and path |
|
headers |
Object |
HTTP request header |
|
cookie |
String |
Request cookie |
|
status |
String |
Response code status |
|
process_time |
Integer |
Processing time |
|
region |
String |
Geographical location |
|
host_id |
String |
Domain name ID |
|
response_time |
Long |
Time to response |
|
response_size |
Integer |
Response body size |
|
response_body |
String |
Response body |
|
request_body |
String |
Request body |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Example Requests
GET https://{Endpoint}/v1/{project_id}/waf/event?enterprise_project_id=0&page=1&pagesize=10&recent=today
Example Responses
Status code: 200
ok
{
"total" : 1,
"items" : [ {
"id" : "04-0000-0000-0000-21120220421152601-2f7a5ceb",
"time" : 1650525961000,
"policyid" : "25f1d179896e4e3d87ceac0598f48d00",
"host" : "x.x.x.x:xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"url" : "/osclass/oc-admin/index.php",
"attack" : "lfi",
"rule" : "040002",
"payload" : " file=../../../../../../../../../../etc/passwd",
"payload_location" : "params",
"sip" : "x.x.x.x",
"action" : "block",
"request_line" : "GET /osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd",
"headers" : {
"accept-language" : "en",
"ls-id" : "xxxxx-xxxxx-xxxx-xxxx-9c302cb7c54a",
"host" : "x.x.x.x",
"lb-id" : "2f5f15ce-08f4-4df0-9899-ec0cc1fcdc52",
"accept-encoding" : "gzip",
"accept" : "*/*",
"user-agent" : "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36"
},
"cookie" : "HWWAFSESID=2a1d773f9199d40a53; HWWAFSESTIME=1650525961805",
"status" : "418",
"host_id" : "6fbe595e7b874dbbb1505da3e8579b54",
"response_time" : 0,
"response_size" : 3318,
"response_body" : "",
"process_time" : 2,
"request_body" : "{}"
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
ok |
|
400 |
Request failed. |
|
401 |
The token does not have required permissions. |
|
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
