Hasko, Vladimir
f083e18983
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-committed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
23 KiB
Querying Attack Event Details
Function
This API is used to query the details about an attack event.
URI
GET /v1/{project_id}/waf/event/{eventid}
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID |
eventid |
Yes |
String |
Event ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Content-Type |
No |
String |
Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8 |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
total |
Integer |
Number of attack events |
items |
Array of ShowEventItems objects |
Attack event details |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Event ID |
time |
Integer |
Occurrences |
policyid |
String |
Policy ID |
sip |
String |
Source IP address |
host |
String |
Domain name |
url |
String |
Attacked URL |
attack |
String |
Attack type. The value of attack type can be:
|
rule |
String |
ID of the matched rule. Note that there is no ID for a precise protection. |
payload |
String |
Hit payload |
payload_location |
String |
Malicious load location |
action |
String |
Protective action |
request_line |
String |
Request method and path |
headers |
Headers object |
Request header |
cookie |
String |
Request cookie |
status |
String |
Response code status |
process_time |
Integer |
The time of the WAF service processing the request. |
region |
String |
Geographical location of the source IP address. |
host_id |
String |
Domain name ID |
response_time |
Long |
Time to response |
response_size |
Integer |
Response body size |
response_body |
String |
Response body content. |
request_body |
String |
Request body |
Parameter |
Type |
Description |
|---|---|---|
content-length |
String |
Request length |
host |
String |
Domain name |
content-type |
String |
Content type. |
user-agent |
String |
proxy |
accept |
String |
Type of the received content |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 401
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Example Requests
GET https://{Endpoint}/v1/{project_id}/waf/event{event_id}?enterprise_project_id=0
Example Responses
Status code: 200
Request succeeded.
{
"total" : 1,
"items" : [ {
"id" : "09-0000-0000-0000-12120220421093806-a60a6166",
"time" : 1650505086000,
"policyid" : "173ed802272a4b0798049d7edffeff03",
"host" : "x.x.x.x:xxxxxx-xxx-xxx-xxx-xxxxxxxxx",
"url" : "/mobile/DBconfigReader.jsp",
"attack" : "vuln",
"rule" : "091004",
"payload" : " /mobile/dbconfigreader.jsp",
"payload_location" : "uri",
"sip" : "x.x.x.x",
"action" : "block",
"request_line" : "GET /mobile/DBconfigReader.jsp",
"headers" : {
"accept" : "*/*",
"host" : "x.x.x.x:81",
"user-agent" : "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 CSIRTx/2022"
},
"cookie" : "HWWAFSESID=2a0bf76a111c93926d; HWWAFSESTIME=1650505086260",
"status" : "418",
"region" : "Reserved IP",
"host_id" : "e093a352fd3a4ddd994c585e2e1dda59",
"response_time" : 0,
"response_size" : 3318,
"response_body" : "",
"process_time" : 0
} ]
}
Status Codes
Status Code |
Description |
|---|---|
200 |
Request succeeded. |
400 |
Request failed. |
401 |
The token does not have required permissions. |
500 |
Internal server error. |
Error Codes
See Error Codes.