• Web Application Firewall

waf
  1. Help Center
  2. Web Application Firewall
  3. API Reference
  4. APIs
  5. Event Logs
  6. Querying Event Distribution

Querying Event Distribution

Function Description

This API is used to query event distribution.

URI

  • URI format
    GET /v1/{project_id}/waf/event/attack/type?from={from}&to={to}&hosts={hostids}
    NOTE:

    The flowing is an example URI:

    GET /v1/3ac26c59e15a4a11bb680a103a29ddb6/waf/event/attack/type?from=1543976973635&to=1563976973635&hosts=3211757cafa3437aae24d760022e79ba&hosts=93029844064b43739b51ca63036fbc4b&hosts=34fe5f5c60ef4e43a9975296765d1217

  • Parameter description
    Table 1 Path parameters

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Specifies the project ID.

    from

    Yes

    Long

    Specifies the start time (UTC) in milliseconds. For example, 1548172800000.

    to

    Yes

    Long

    Specifies the end time (UTC) in milliseconds. For example, 1548431999000.

    hosts

    No

    Array

    Specifies the domain IDs.

Request

Request parameters

None

Response

Response parameters

Table 2 Parameter description

Parameter

Type

Description

xss

Integer

Specifies the number of XSS attacks detected within the time range.

sqli

Integer

Specifies the number of SQL injection attacks detected within the time range.

cmdi

Integer

Specifies the number of command injection attacks detected within the time range.

cc

Integer

Specifies the number of CC attacks detected within the time range.

custom_custom

Integer

Specifies the number of Precise Protection events detected within the time range.

illegal

Integer

Specifies the number of invalid requests detected within the time range.

lfi

Integer

Specifies the number of local file inclusion attacks detected within the time range.

robot

Integer

Specifies the number of malicious crawlers detected within the time range.

antitamper

Integer

Specifies the number of webpage tampering attacks detected within the time range.

rfi

Integer

Specifies the number of remote file inclusion attacks detected within the time range.

vuln

Integer

Specifies the number of other attacks detected within the time range.

custom_whiteblackip

Integer

Specifies the number of Blacklist and Whitelist events detected within the time range.

webshell

Integer

Specifies the number of webshell attacks detected within the time range.

Example

Response example
{
    "xss": 150,
    "sqli": 321,
    "cmdi": 120,
    "robot": 10,
    "custom_whiteblackip": 30,
    "custom_custom": 50,
    "cc": 60,
    "illegal": 10
}

Status Code

Table 3 describes the normal status code returned by the API.
Table 3 Status code

Status Code

Description

Meaning

200

OK

The request has succeeded.

For details about error status codes, see Status Codes.