Docs
api
Web Application Firewall(UEWAF)
DescribeWafAttackDetailListInfo

Query WAF Attack Details - DescribeWafAttackDetailListInfo

Overview

Query WAF Attack Details

Definition

Public Parameters

Parameter NameTypeDescription InformationRequired
ActionstringCorresponding API command name, the current API is DescribeWafAttackDetailListInfo.Yes
PublicKeystringThe user’s public key can be obtained from ConsoleYes
SignaturestringUser signature generated based on public key and API command, see Signature AlgorithmYes

Request Parameters

Parameter NameTypeDescription InformationRequired
ProjectIdstringProject ID, leave blank for default projectNo
OffsetintPage OffsetYes
LimitintPage Quantity LimitYes
TimeTypestringTime unit; Options: Hour|Day|Week|Month|Custom; Default is HourNo
AttackType.NstringAttack Types [“scan”, “loopholes”, “xss”, “cc”, “sql”, “exec”, “webshell”, “infoleak”, “eaa”, “protocol”, “other”]No
RiskRank.NstringRisk LevelNo
ActionType.NstringMatching actions, intercept, allow, alertNo
BeginTimeintCustom Start TimestampNo
EndTimeintCustom End TimestampNo
FullDomainstringThe domain name to be queried, query all when empty.No

Response Field

Field NameTypeDescription InformationRequired
RetCodeintReturn status code. If it is 0, it means successful return. If it is not 0, it means failure.Yes
ActionstringOperation command name.Yes
MessagestringReturns an error message, providing detailed description when RetCode is non-zero.No
DetailListarray[WafAttack]Attack Details List, refer to WafAttackNo
TotalCountintTotal Attack DetailsNo

Data Model

WafAttack

Field NameTypeDescription InformationRequired
RegionstringRegionNo
ProtocolstringProtocolNo
ServerNamestringServer NameNo
DestIpstringTarget IP AddressNo
PortstringPortNo
Alertsarray[WafAlert]Alarm matching information, refer to WafAlertNo
AttackstringAttack TypeNo
MethodstringRequest MethodNo
FalsePositivebooleanFalse AlarmNo
RiskRankstringRisk LevelNo
TimeStampintAttack TimestampNo
HoststringHostnameNo
RefererstringReference AddressNo
CountintAttack TimesNo
UristringURINo
ClientstringClientNo
ModestringWorking ModeNo
ActionstringMatching ActionNo
UAstringUser AgentNo
ArgsstringParametersNo

WafAlert

Field NameTypeDescription InformationRequired
DescriptionstringRule DescriptionNo
IdintMatching Rule IDNo

Example

Request Example

https://api.dezai.com/?Action=DescribeWafAttackDetailListInfo
&ProjectId=org-xxx
&AttackType=xss
&RiskRank=high
&Domain=www.test.com
&Offset=0
&Limit=10
&TimeType=Hour

Response Example

{
  "Action": "DescribeWafAttackDetailListInfoResponse",
  "DetailList": [
    {
      "AccessId": "183.238.16.138-f97f82ee",
      "Action": "DENY",
      "Alerts": [
        {
          "Description": "XSS",
          "Id": 32003,
          "Match": {
            "0": "alert(",
            "14": "alert(",
            "34": "alert"
          }
        }
      ],
      "Args": "ctg=%22%20onmouseover=%22alert(1295)",
      "Attack": "xss",
      "Client": "183.238.16.138",
      "ClientIPInfo": {
        "city_name": "深圳",
        "country_name": "中国",
        "latitude": "22.547",
        "longitude": "114.085947",
        "owner_domain": "",
        "region_name": "广东",
        "timezone": "Asia/Shanghai"
      },
      "Count": 1,
      "DestIp": "106.5.9.224",
      "FalsePositive": false,
      "Host": "www.test.com",
      "Id": "5e8c1db1243527db1df81bc2",
      "Method": "GET",
      "Mode": "SIMULATE",
      "Port": "80",
      "Protocol": "http",
      "Referer": "NULL",
      "Region": "cn-bj",
      "RequestBody": null,
      "RequestHeaders": {
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "AcceptEncoding": "",
        "AcceptLanguage": "en-US",
        "CacheControl": "",
        "Connection": "",
        "Cookie": "",
        "Host": "www.test.com",
        "UpgradeInsecureRequests": "",
        "UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
        "XForwardFor": ""
      },
      "RiskRank": "high",
      "ServerName": "www.test.com",
      "TimeStamp": 1586240945,
      "TopId": 0,
      "UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
      "Uri": "/professor.php?ctg=%22%20onmouseover=%22alert(1295)"
    }
  ],
  "RetCode": 0,
  "TotalCount": 1
}