doc-exports/docs/waf/api-ref/waf_02_0075.html

Querying Top N Attack Source IP Addresses

Function Description

This API is used to query the top N attack source IP addresses.

URI

• URI format

  GET /v1/{project_id}/waf/event/attack/source?top={top}&from={from}&to={to}&hosts={hostids}

  

  An example of a URI is as follows:

  GET /v1/3ac26c59e15a4a11bb680a103a29ddb6/waf/event/attack/type?from=1543976973635&to=1563976973635&hosts=3211757cafa3437aae24d760022e79ba&hosts=93029844064b43739b51ca63036fbc4b&hosts=34fe5f5c60ef4e43a9975296765d1217

• Parameter description

  Table 1 Path parameters

  Parameter	Mandatory	Type	Description
  project_id	Yes	String	Specifies the project ID.
  top	No	Integer	Specifies the top n attack source IP addresses to be queried. The default value is 5.
  from	Yes	Long	Specifies the start time (UTC) in milliseconds. For example, 1548172800000.
  to	Yes	Long	Specifies the end time (UTC) in milliseconds. For example, 1548431999000.
  hosts	No	Array	Specifies the domain IDs.

Request

Request parameters

None

Response

Response parameters

Table 2 Parameter description

Parameter	Type	Description
total	Integer	Specifies the total number of attack source IP addresses.
items	Table 3	Specifies the array of items.

Table 3 items

Parameter	Type	Description
ip	String	Specifies the attack source IP addresses.
num	Integer	Specifies the number of attacks came from the attack source IP addresses.

Example

Response example

{
  "total": 4,
  "items": [
     {"ip": "X.X.1.1", "num": 1000},
     {"ip": "X.X.1.2", "num": 1000},
     {"ip": "X.X.1.3", "num": 1000},
     {"ip": "X.X.1.4", "num": 1000}
   ]
}

Status Code

Table 4 describes the normal status code returned by the API.

Table 4 Status code

Status Code	Description	Meaning
200	OK	The request has succeeded.

For details about error status codes, see Status Codes.

Parent topic: Event Logs