Querying Top Security Statistics by Category
Function
This API is used to query statistics by category, including the attacked domain name, attack source IP address, attacked URL, attack source region, and attack event distribution.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/waf/overviews/classification
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list. Constraints N/A Range Enter 32 characters. Only letters and digits are allowed. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
Definition Obtain the enterprise project ID by calling the ListEnterpriseProject API of Enterprise Project Management Service (EPS). To obtain the resource details in all enterprise projects of a user, set this parameter to all_granted_eps. Constraints N/A Range
Default Value 0 |
from |
Yes |
Long |
Definition Start time. Constraints This parameter must be used together with parameter to. Range 13-bit millisecond timestamp. Default Value N/A |
to |
Yes |
Long |
Definition End time. Constraints This parameter must be used together with parameter from. Range 13-bit millisecond timestamp. Default Value N/A |
top |
No |
Integer |
Definition The first several results you want to query. Constraints N/A Range Maximum value: 10. Default Value 5 |
hosts |
No |
String |
Definition Domain name ID. In the cloud mode, you can call the ListHost API to obtain it. In the dedicated mode, you can call the ListPremiumHost API to obtain it. Constraints N/A Range N/A Default Value If this parameter is not provided, the top service exception statistics of all protected domain names in the project are queried by default. |
instances |
No |
String |
Definition ID of the dedicated WAF engine instance to be queried. Constraints N/A Range N/A Default Value N/A |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
Definition User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). Constraints N/A Range N/A Default Value N/A |
Content-Type |
Yes |
String |
Definition Content type. Constraints N/A Range N/A Default Value application/json;charset=utf8 |
X-Language |
No |
String |
Definition Language. The default value is zh-cn. zh-cn: Chinese; en-us: English Constraints N/A Range
Default Value |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
domain |
DomainClassificationItem object |
Attacked domain name |
attack_type |
AttackTypeClassificationItem object |
Attack event distribution |
ip |
IpClassificationItem object |
Attacking source IP address |
url |
UrlClassificationItem object |
Attacking URL |
geo |
GeoClassificationItem object |
Source region |
Parameter |
Type |
Description |
---|---|---|
total |
Integer |
Total number of DomainItem |
items |
Array of DomainItem objects |
DomainItem details |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition Domain name. Range N/A |
num |
Integer |
Definition Quantity Range N/A |
web_tag |
String |
Definition Website name, which is the website name displayed on the domain name details page on the WAF console. Range N/A |
Parameter |
Type |
Description |
---|---|---|
total |
Integer |
Total number of AttackTypeItem |
items |
Array of AttackTypeItem objects |
AttackTypeItem details |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition Attack Type Range N/A |
num |
Integer |
Definition Quantity Range N/A |
Parameter |
Type |
Description |
---|---|---|
total |
Integer |
Total number of IpItem |
items |
Array of IpItem objects |
IpItem Details |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition IP address Range N/A |
num |
Integer |
Definition Quantity Range N/A |
Parameter |
Type |
Description |
---|---|---|
total |
Integer |
Total number of UrlItem |
items |
Array of UrlItem objects |
UrlItem Details |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition URL path Range N/A |
num |
Integer |
Definition Quantity Range N/A |
host |
String |
Definition Protected domain dame. Range N/A |
Parameter |
Type |
Description |
---|---|---|
total |
Integer |
Total number of GeoItem |
items |
Array of GeoItem objects |
GeoItem details |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition Source region Range N/A |
num |
Integer |
Definition Quantity Range N/A |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error codes of the downstream service. |
error_msg |
String |
Error messages of the downstream service. |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error codes of the downstream service. |
error_msg |
String |
Error messages of the downstream service. |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Example Requests
The following example shows how to query the top 10 security overview statistics in a project. The project ID is specified by project_id. The time is from 2022-05-19 00:00:00 to 2022-06-17 11:14:41. The domain name ID is 1bac09440a814aa98ed08302c580a48b, and engine instance ID is 5a532f83a2fb476ba51ca1de7b1ebc43.
GET https://{Endpoint}/v1/{project_id}/waf/overviews/classification?enterprise_project_id=0&from=1652889600354&to=1655435681354&top=10&hosts=1bac09440a814aa98ed08302c580a48b&instances=5a532f83a2fb476ba51ca1de7b1ebc43
Example Responses
Status code: 200
ok
{ "attack_type" : { "total" : 1, "items" : [ { "key" : "custom_custom", "num" : 2 } ] }, "domain" : { "total" : 2, "items" : [ { "key" : "www.whitelist.com", "num" : 2, "web_tag" : "www.whitelist.com" }, { "key" : "zbx002.apayaduo.cn", "num" : 2, "web_tag" : "" } ] }, "geo" : { "total" : 1, "items" : [ { "key" : "Shanghai", "num" : 2 } ] }, "ip" : { "total" : 1, "items" : [ { "key" : "10.142.4.15", "num" : 2 } ] }, "url" : { "total" : 1, "items" : [ { "key" : "/attack", "num" : 2, "host" : "www.whitelist.com" } ] } }
SDK Sample Code
The SDK sample code is as follows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.waf.v1.region.WafRegion; import com.huaweicloud.sdk.waf.v1.*; import com.huaweicloud.sdk.waf.v1.model.*; public class ListOverviewsClassificationSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); WafClient client = WafClient.newBuilder() .withCredential(auth) .withRegion(WafRegion.valueOf("<YOUR REGION>")) .build(); ListOverviewsClassificationRequest request = new ListOverviewsClassificationRequest(); try { ListOverviewsClassificationResponse response = client.listOverviewsClassification(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkwaf.v1.region.waf_region import WafRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkwaf.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = WafClient.new_builder() \ .with_credentials(credentials) \ .with_region(WafRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListOverviewsClassificationRequest() response = client.list_overviews_classification(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := waf.NewWafClient( waf.WafClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListOverviewsClassificationRequest{} response, err := client.ListOverviewsClassification(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
ok |
400 |
Request failed. |
401 |
The token does not have required permissions. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot