vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/waf/api-ref/waf_02_0071.html
Li, Qiao 914011d51b waf_api_1109 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>
2022-11-16 15:31:27 +00:00

225 lines
17 KiB
HTML
Raw Blame History

<a name="waf_02_0071"></a><a name="waf_02_0071"></a>
<h1 class="topictitle1">Querying Attack Event Logs by ID</h1>
<div id="body64730543"><div class="section" id="waf_02_0071__section62974086"><h4 class="sectiontitle">Function Description</h4><p class="msonormal" id="waf_02_0071__p8682632">This API is used to query attack event logs by ID.</p>
</div>
<div class="section" id="waf_02_0071__section29895862"><h4 class="sectiontitle">URI</h4><ul id="waf_02_0071__ul32204626"><li id="waf_02_0071__li21406185">URI format<p id="waf_02_0071__p58437941"><a name="waf_02_0071__li21406185"></a><a name="li21406185"></a>GET /v1/{project_id}/waf/event/{event_id}</p>
</li><li id="waf_02_0071__li56179423">Parameter description
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0071__table35852760" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Path parameters</caption><thead align="left"><tr id="waf_02_0071__row31235826"><th align="left" class="cellrowborder" valign="top" width="25.507449255074494%" id="mcps1.3.2.2.2.1.2.5.1.1"><p id="waf_02_0071__p47073998"><strong id="waf_02_0071__b846802116410">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.348265173482652%" id="mcps1.3.2.2.2.1.2.5.1.2"><p id="waf_02_0071__p54897527"><strong id="waf_02_0071__b8415102415419">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.348265173482652%" id="mcps1.3.2.2.2.1.2.5.1.3"><p id="waf_02_0071__p17514708"><strong id="waf_02_0071__b13160112615415">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="39.796020397960206%" id="mcps1.3.2.2.2.1.2.5.1.4"><p id="waf_02_0071__p9405262"><strong id="waf_02_0071__b142591284412">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0071__row23628748"><td class="cellrowborder" valign="top" width="25.507449255074494%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0071__p34880439">project_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0071__p6743286">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0071__p9335282">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0071__p17960338">Specifies the project ID.</p>
</td>
</tr>
<tr id="waf_02_0071__row27425315"><td class="cellrowborder" valign="top" width="25.507449255074494%" headers="mcps1.3.2.2.2.1.2.5.1.1 "><p id="waf_02_0071__p6858037">event_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.2 "><p id="waf_02_0071__p18630111">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.348265173482652%" headers="mcps1.3.2.2.2.1.2.5.1.3 "><p id="waf_02_0071__p32644042">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.796020397960206%" headers="mcps1.3.2.2.2.1.2.5.1.4 "><p id="waf_02_0071__p26921758">Specifies the event ID.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
<div class="section" id="waf_02_0071__section627304"><h4 class="sectiontitle">Request</h4><p id="waf_02_0071__p1352520244119">Request parameters</p>
<p class="msonormal" id="waf_02_0071__p33178753">None</p>
</div>
<div class="section" id="waf_02_0071__section5645742"><h4 class="sectiontitle">Response</h4><div class="p" id="waf_02_0071__p152401133171113">Response parameters
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0071__table51758747" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="waf_02_0071__row5012580"><th align="left" class="cellrowborder" valign="top" width="32.35676432356764%" id="mcps1.3.4.2.1.2.4.1.1"><p id="waf_02_0071__p3365875"><strong id="waf_02_0071__b19031448174113">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="27.84721527847215%" id="mcps1.3.4.2.1.2.4.1.2"><p id="waf_02_0071__p4200491"><strong id="waf_02_0071__b2220150184117">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="39.7960203979602%" id="mcps1.3.4.2.1.2.4.1.3"><p id="waf_02_0071__p4695475"><strong id="waf_02_0071__b796765164111">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0071__row42259276"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p449360">id</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p36398200">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p62573101">Specifies the event ID.</p>
</td>
</tr>
<tr id="waf_02_0071__row26286999"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p48872202">time</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p66334269">Integer</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p4366680">Specifies the attack time since Unix Epoch in milliseconds.</p>
</td>
</tr>
<tr id="waf_02_0071__row39300124"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p29193512">policy_id</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p15864239">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p9935003">Specifies the policy ID.</p>
</td>
</tr>
<tr id="waf_02_0071__row22306171"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p61969401">sip</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p53465551">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p35742374">Specifies an attack source IP address.</p>
</td>
</tr>
<tr id="waf_02_0071__row53245913"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p17951700">host</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p44801571">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p5048623">Specifies an attacked domain name.</p>
</td>
</tr>
<tr id="waf_02_0071__row1175675116105"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p17757165115102">host_id</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p207571151201017">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p1757185115105">Specifies a domain name ID.</p>
</td>
</tr>
<tr id="waf_02_0071__row45437607"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p56567512">url</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p18565754">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p27431092">Specifies the attacked URL, excluding a domain name.</p>
</td>
</tr>
<tr id="waf_02_0071__row45553242"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p65933996">attack</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p39053483">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p9215550">Specifies the attack type.</p>
</td>
</tr>
<tr id="waf_02_0071__row15831091"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p7249984">rule</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p50377813">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p54071067">Specifies the ID of the matched rule.</p>
</td>
</tr>
<tr id="waf_02_0071__row16877560"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p24905097">payload</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p4047008">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p59372194">Specifies the hit load.</p>
</td>
</tr>
<tr id="waf_02_0071__row64587704"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p64221512">action</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p34559993">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p47896050">Specifies the protective action.</p>
<ul id="waf_02_0071__ul796714441001"><li id="waf_02_0071__li8961110143613"><strong id="waf_02_0071__b7284114331315">Block</strong>: WAF blocks and logs detected attacks.</li><li id="waf_02_0071__li13967710173618"><span class="parmvalue" id="waf_02_0071__parmvalue9749147101319"><b>Log only</b></span>: WAF logs detected attacks only.</li><li id="waf_02_0071__li282010561717"><strong id="waf_02_0071__b79771050194118">Allow</strong>: WAF allows the requests that meet the specified conditions.</li><li id="waf_02_0071__li121691754983"><strong id="waf_02_0071__b1481976612">Verification code</strong>: A verification code is displayed when the number of requests reaches the maximum limit in a CC attack protection rule. Upon completing the verification, you are no longer restricted by the maximum number of requests allowed.</li><li id="waf_02_0071__li1711020199499"><strong id="waf_02_0071__b1774113218149">Filter</strong>: WAF implements data masking.</li><li id="waf_02_0071__li10428145124816"><span class="parmvalue" id="waf_02_0071__parmvalue1589162882312"><b>Mismatch</b></span>: The cached web page in the WAF engine does not match the original web page.</li></ul>
</td>
</tr>
<tr id="waf_02_0071__row17870339163918"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p5870123917396">payload_location</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p13870439123910">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p1687016394393">Specifies the location in the request packet where the attack occurs. The options are as follows: <strong id="waf_02_0071__b958115414617">body</strong>, <strong id="waf_02_0071__b75831354860">url</strong>, <strong id="waf_02_0071__b65841854062">params</strong>, and <strong id="waf_02_0071__b358405413611">header</strong>.</p>
</td>
</tr>
<tr id="waf_02_0071__row19854951193920"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p108696500394">request_line</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p58701950173910">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p1387295083914">Specifies the attack request method.</p>
</td>
</tr>
<tr id="waf_02_0071__row19266654123915"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p18555205333912">headers</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p12556353143912">Object</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p15557105373911">Specifies the attack request header.</p>
</td>
</tr>
<tr id="waf_02_0071__row19620115918423"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p86201659124213">cookie</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p136205593429">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p76201459124218">Specifies the cookie.</p>
</td>
</tr>
<tr id="waf_02_0071__row11807555434"><td class="cellrowborder" valign="top" width="32.35676432356764%" headers="mcps1.3.4.2.1.2.4.1.1 "><p id="waf_02_0071__p868012414320">body</p>
</td>
<td class="cellrowborder" valign="top" width="27.84721527847215%" headers="mcps1.3.4.2.1.2.4.1.2 "><p id="waf_02_0071__p6683646437">String</p>
</td>
<td class="cellrowborder" valign="top" width="39.7960203979602%" headers="mcps1.3.4.2.1.2.4.1.3 "><p id="waf_02_0071__p568317415433">Specifies the body of an attack request.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="section" id="waf_02_0071__section141961441151113"><h4 class="sectiontitle">Example</h4><p id="waf_02_0071__p26624452424">Event ID <strong id="waf_02_0071__b47172510548">0000-0000-0000-13-56ef71f5745764348192f844658dd144</strong> is used as an example.</p>
<div class="p" id="waf_02_0071__p1271619465119">Response example<pre class="screen" id="waf_02_0071__screen02073411119">{
"id": "0000-0000-0000-13-56ef71f5745764348192f844658dd144",
"time": 1499817600,
"policy_id": "xxx",
"sip": "X.X.1.1",
"host": "a.com",
"host_id": "123",
"url": "/login",
"attack": "sqli",
"rule": "20001",
"payload": "1 or 1=1",
"action": "block",
"payload_location": "params",
"request_line": "GET / ",
"headers": {
"Connection": "keep-alive",
"User-Agent": "curl"
},
"cookie": "sid=123; uid=456",
"body": "user=admin&amp;pass=abc123"
}
</pre>
</div>
</div>
<div class="section" id="waf_02_0071__section50811679"><h4 class="sectiontitle">Status Code</h4><div class="p" id="waf_02_0071__waf_02_0012_a652d4922b7df48fca0a65bc1a38ea5f2"><a href="#waf_02_0071__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0">Table 3</a> describes the normal status code returned by the API.
<div class="tablenoborder"><a name="waf_02_0071__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0"></a><a name="waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0"></a><table cellpadding="4" cellspacing="0" summary="" id="waf_02_0071__waf_02_0012_t82c3440f3efb42a38b9d4dc4011a33d0" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Status code</caption><thead align="left"><tr id="waf_02_0071__waf_02_0012_r3d6e2f205c444705bdbb9daaac74e575"><th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.6.2.2.2.4.1.1"><p id="waf_02_0071__waf_02_0012_af3c4073076f24eca88d94e3fa1effdc6">Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.41%" id="mcps1.3.6.2.2.2.4.1.2"><p id="waf_02_0071__waf_02_0012_en-us_topic_0144911667_p4531342288">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="58.589999999999996%" id="mcps1.3.6.2.2.2.4.1.3"><p id="waf_02_0071__waf_02_0012_ada185614bba24140995b8123b3e9faa8">Meaning</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_02_0071__waf_02_0012_rc7b2adc390904a1ba79e303017797786"><td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.6.2.2.2.4.1.1 "><p id="waf_02_0071__waf_02_0012_a93f3895d44bb4226934cc626ac50e37b">200</p>
</td>
<td class="cellrowborder" valign="top" width="19.41%" headers="mcps1.3.6.2.2.2.4.1.2 "><p id="waf_02_0071__waf_02_0012_en-us_topic_0144911667_p7538425819">OK</p>
</td>
<td class="cellrowborder" valign="top" width="58.589999999999996%" headers="mcps1.3.6.2.2.2.4.1.3 "><p id="waf_02_0071__waf_02_0012_en-us_topic_0144911667_p369874114414">The request has succeeded.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p id="waf_02_0071__waf_02_0012_en-us_topic_0144911667_p482819399522">For details about error status codes, see <a href="waf_02_0085.html">Status Codes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="waf_02_0069.html">Event Logs</a></div>
</div>
</div>
View Git Blame Copy Permalink