Querying Attack Event Details
Function
This API is used to query the details about an attack event.
URI
GET /v1/{project_id}/waf/event/{eventid}
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID |
eventid |
Yes |
String |
Event ID. You can call the ListEvent API to obtain the event ID. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
enterprise_project_id |
No |
String |
ID of the enterprise project. It can be obtained by calling the ListEnterpriseProject API of EPS. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Content-Type |
Yes |
String |
Content type Default: application/json;charset=utf8 |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
total |
Integer |
Number of attack events |
items |
Array of ShowEventItems objects |
Attack event details |
Parameter |
Type |
Description |
|---|---|---|
time |
Long |
Timestamp when the attack occurs, in milliseconds. |
policyid |
String |
Policy ID |
sip |
String |
Source IP address |
host |
String |
Domain name |
url |
String |
Attacked URL |
attack |
String |
Attack type |
rule |
String |
ID of the matched rule |
action |
String |
Action |
cookie |
String |
Cookie of the attack request |
headers |
Object |
Header of the attack request |
host_id |
String |
ID of the attacked domain name |
id |
String |
Event ID |
payload |
String |
Malicious load |
payload_location |
String |
Malicious load location |
region |
String |
Geographical location of the source IP address |
process_time |
Integer |
Processing time |
request_line |
String |
Body of the attack request |
response_size |
Integer |
Response body size (byte) |
response_time |
Long |
Response time (ms) |
status |
String |
Status code |
request_body |
String |
Request body |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Status code: 401
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Example Requests
GET https://{Endpoint}/v1/{project_id}/waf/event{event_id}?enterprise_project_id=0
Example Responses
Status code: 200
ok
{
"total" : 1,
"items" : [ {
"id" : "09-0000-0000-0000-12120220421093806-a60a6166",
"time" : 1650505086000,
"policyid" : "173ed802272a4b0798049d7edffeff03",
"host" : "x.x.x.x:xxxxxx-xxx-xxx-xxx-xxxxxxxxx",
"url" : "/mobile/DBconfigReader.jsp",
"attack" : "vuln",
"rule" : "091004",
"payload" : " /mobile/dbconfigreader.jsp",
"payload_location" : "uri",
"sip" : "x.x.x.x",
"action" : "block",
"request_line" : "GET /mobile/DBconfigReader.jsp",
"headers" : {
"ls-id" : "c0d957e6-26a8-4f2e-8216-7fc9332a250f",
"host" : "x.x.x.x:81",
"lb-id" : "68d3c435-2607-45e0-a5e2-38980544dd45",
"accept-encoding" : "gzip",
"user-agent" : "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 CSIRTx/2022"
},
"cookie" : "HWWAFSESID=2a0bf76a111c93926d; HWWAFSESTIME=1650505086260",
"status" : "418",
"region" : "Reserved IP",
"host_id" : "e093a352fd3a4ddd994c585e2e1dda59",
"response_time" : 0,
"response_size" : 3318,
"response_body" : "",
"process_time" : 0,
"request_body" : "{}"
} ]
}
Status Codes
Status Code |
Description |
|---|---|
200 |
ok |
400 |
Request failed. |
401 |
The token does not have required permissions. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
