Query WAF Attack Details - DescribeWafAttackDetailListInfo
Overview
Query WAF Attack Details
Definition
Public Parameters
| Parameter Name | Type | Description Information | Required |
|---|---|---|---|
| Action | string | Corresponding API command name, the current API is DescribeWafAttackDetailListInfo. | Yes |
| PublicKey | string | The user’s public key can be obtained from Console | Yes |
| Signature | string | User signature generated based on public key and API command, see Signature Algorithm | Yes |
Request Parameters
| Parameter Name | Type | Description Information | Required |
|---|---|---|---|
| ProjectId | string | Project ID, leave blank for default project | No |
| Offset | int | Page Offset | Yes |
| Limit | int | Page Quantity Limit | Yes |
| TimeType | string | Time unit; Options: Hour|Day|Week|Month|Custom; Default is Hour | No |
| AttackType.N | string | Attack Types [“scan”, “loopholes”, “xss”, “cc”, “sql”, “exec”, “webshell”, “infoleak”, “eaa”, “protocol”, “other”] | No |
| RiskRank.N | string | Risk Level | No |
| ActionType.N | string | Matching actions, intercept, allow, alert | No |
| BeginTime | int | Custom Start Timestamp | No |
| EndTime | int | Custom End Timestamp | No |
| FullDomain | string | The domain name to be queried, query all when empty. | No |
| WafMode | string | Working Mode: Block ACTIVE| Allow INACTIVE| Alert SIMULATE | No |
| SrcIP | string | Source IP | No |
Response Field
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| RetCode | int | Return status code. If it is 0, it means successful return. If it is not 0, it means failure. | Yes |
| Action | string | Operation command name. | Yes |
| Message | string | Returns an error message, providing detailed description when RetCode is non-zero. | No |
| DetailList | array[WafAttack] | Attack Details List, refer to WafAttack | No |
| TotalCount | int | Total Attack Details | No |
Data Model
WafAttack
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| Region | string | Region | No |
| RequestHeaders | string | Request Header | Yes |
| RequestBody | string | Request body | Yes |
| ClientPort | string | Client Port | Yes |
| RequestID | string | Request uid | Yes |
| ClientIPInfo | CityInfo | Source IP Information | Yes |
| Protocol | string | Protocol | No |
| ServerName | string | Server Name | No |
| DestIp | string | Target IP Address | No |
| Port | string | Port | No |
| Alerts | array[WafAlert] | Alarm matching information, refer to WafAlert | No |
| Attack | string | Attack Type | No |
| Method | string | Request Method | No |
| FalsePositive | boolean | False Alarm | No |
| RiskRank | string | Risk Level | No |
| TimeStamp | int | Attack Timestamp | No |
| Host | string | Hostname | No |
| Referer | string | Reference Address | No |
| Count | int | Attack Times | No |
| Uri | string | URI | No |
| Client | string | Client | No |
| Mode | string | Working Mode | No |
| Action | string | Matching Action | No |
| UA | string | User Agent | No |
| Args | string | Parameters | No |
| Id | string | No |
CityInfo
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| CountryName | string | Country | No |
| RegionName | string | Region | No |
| CityName | string | City | No |
| OwnerDomain | string | Belonging Domain | No |
| Latitude | string | Latitude | No |
| Longitude | string | Longitude | No |
| Timezone | string | Time Zone | No |
WafAlert
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| Match | string | The translation is as follows: """Hit Content | Yes |
| Description | string | Rule Description | No |
| Id | int | Matching Rule ID | No |
Example
Request Example
https://api.dezai.com/?Action=DescribeWafAttackDetailListInfo
&ProjectId=org-xxx
&AttackType=xss
&RiskRank=high
&Domain=www.test.com
&Offset=0
&Limit=10
&TimeType=Hour
&WafMode=ATXLsRWf
&SrcIP=dLZPvjMaResponse Example
{
"Action": "DescribeWafAttackDetailListInfoResponse",
"DetailList": [
{
"AccessId": "183.238.16.138-f97f82ee",
"Action": "DENY",
"Alerts": [
{
"Description": "XSS",
"Id": 32003,
"Match": {
"0": "alert(",
"14": "alert(",
"34": "alert"
}
}
],
"Args": "ctg=%22%20onmouseover=%22alert(1295)",
"Attack": "xss",
"Client": "183.238.16.138",
"ClientIPInfo": {
"city_name": "深圳",
"country_name": "中国",
"latitude": "22.547",
"longitude": "114.085947",
"owner_domain": "",
"region_name": "广东",
"timezone": "Asia/Shanghai"
},
"Count": 1,
"DestIp": "106.5.9.224",
"FalsePositive": false,
"Host": "www.test.com",
"Id": "5e8c1db1243527db1df81bc2",
"Method": "GET",
"Mode": "SIMULATE",
"Port": "80",
"Protocol": "http",
"Referer": "NULL",
"Region": "cn-bj",
"RequestBody": null,
"RequestHeaders": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"AcceptEncoding": "",
"AcceptLanguage": "en-US",
"CacheControl": "",
"Connection": "",
"Cookie": "",
"Host": "www.test.com",
"UpgradeInsecureRequests": "",
"UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"XForwardFor": ""
},
"RiskRank": "high",
"ServerName": "www.test.com",
"TimeStamp": 1586240945,
"TopId": 0,
"UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"Uri": "/professor.php?ctg=%22%20onmouseover=%22alert(1295)"
}
],
"RetCode": 0,
"TotalCount": 1
}