# Get False Alarm Record List - DescribeWafAttackFalseAlarmListInfo ## Overview Get False Alarm Record List ## Definition ### Public Parameters | Parameter Name | Type | Description Information | Required | |:---|:---|:---|:---| | **Action** | string | Corresponding API command name, the current API is `DescribeWafAttackFalseAlarmListInfo`. | **Yes** | | **PublicKey** | string | The user's public key can be obtained from [Console](https://console.dezai.com/uaccount/api_manage) | **Yes** | | **Signature** | string | User signature generated based on public key and API command, see [Signature Algorithm](/docs/api/summary/signature.md) | **Yes** | ### Request Parameters | Parameter Name | Type | Description Information | Required | |:---|:---|:---|:---| | **ProjectId** | string | Project ID. If not filled in, the default project is used, sub-accounts must be filled in. Please refer to the [GetProjectList interface](/docs/api/summary/get_project_list). |No| | **Offset** | int | Record Offset, equivalent to PageNum |**Yes**| | **Limit** | int | Record limit number, equivalent to PageSize |**Yes**| | **FullDomain** | string | The domain name to be queried, which has a higher priority than Domain. |No| ### Response Field | Field Name | Type | Description Information | Required | |:---|:---|:---|:---| | **RetCode** | int | Return status code. If it is 0, it means successful return. If it is not 0, it means failure. |**Yes**| | **Action** | string | Operation command name. |**Yes**| | **Message** | string | Returns an error message, providing detailed description when `RetCode` is non-zero. |No| | **TotalCount** | int | False Alarm Record Total |**Yes**| | **DetailList** | array[[*WafAttack*](#wafattack)] | False Alarm Record List, see WafAttack |**Yes**| #### Data Model #### WafAttack | Field Name | Type | Description Information | Required | |:---|:---|:---|:---| | **Region** | string | Region |No| | **RequestHeaders** | string | Request Header |**Yes**| | **RequestBody** | string | Request body |**Yes**| | **ClientPort** | string | Client Port |**Yes**| | **RequestID** | string | Request uid |**Yes**| | **ClientIPInfo** | [*CityInfo*](#cityinfo) | Source IP Information |**Yes**| | **Protocol** | string | Protocol |No| | **ServerName** | string | Server Name |No| | **DestIp** | string | Target IP Address |No| | **Port** | string | Port |No| | **Alerts** | array[[*WafAlert*](#wafalert)] | Alarm matching information, refer to WafAlert |No| | **Attack** | string | Attack Type |No| | **Method** | string | Request Method |No| | **FalsePositive** | boolean | False Alarm |No| | **RiskRank** | string | Risk Level |No| | **TimeStamp** | int | Attack Timestamp |No| | **Host** | string | Hostname |No| | **Referer** | string | Reference Address |No| | **Count** | int | Attack Times |No| | **Uri** | string | URI |No| | **Client** | string | Client |No| | **Mode** | string | Working Mode |No| | **Action** | string | Matching Action |No| | **UA** | string | User Agent |No| | **Args** | string | Parameters |No| | **Id** | string | |No| #### CityInfo | Field Name | Type | Description Information | Required | |:---|:---|:---|:---| | **CountryName** | string | Country |No| | **RegionName** | string | Region |No| | **CityName** | string | City |No| | **OwnerDomain** | string | Belonging Domain |No| | **Latitude** | string | Latitude |No| | **Longitude** | string | Longitude |No| | **Timezone** | string | Time Zone |No| #### WafAlert | Field Name | Type | Description Information | Required | |:---|:---|:---|:---| | **Match** | string | The translation is as follows:
"""Hit Content |**Yes**| | **Description** | string | Rule Description |No| | **Id** | int | Matching Rule ID |No| ## Example ### Request Example ``` https://api.dezai.com/?Action=DescribeWafAttackFalseAlarmListInfo &ProjectId=org-xxx &Domain=www.test.com &Offset=0 &Limit=10 &FullDomain=izRcaHFo ``` ### Response Example ```json { "Action": "DescribeWafAttackFalseAlarmListInfoResponse", "DetailList": [ { "AccessId": "183.238.16.138-a9736253", "Action": "DENY", "Alerts": [ { "Description": "XSS", "Id": 32003, "Match": { "0": "\u003cscript", "1": "\u003cscript", "2": "\u003c", "5": "script" } } ], "Args": "", "Attack": "xss", "Client": "183.238.16.138", "ClientIPInfo": { "city_name": "深圳", "country_name": "中国", "latitude": "22.547", "longitude": "114.085947", "owner_domain": "", "region_name": "广东", "timezone": "Asia/Shanghai" }, "Count": 1, "DestIp": "106.75.79.224", "FalsePositive": true, "Host": "www.test.com", "Id": "5e8c1dbb243527db1df82677", "Method": "GET", "Mode": "SIMULATE", "Port": "80", "Protocol": "http", "Referer": "NULL", "Region": "cn-bj", "RequestBody": null, "RequestHeaders": { "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "AcceptEncoding": "", "AcceptLanguage": "en-US", "CacheControl": "", "Connection": "", "Cookie": "", "Host": "www.test.com", "UpgradeInsecureRequests": "", "UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)", "XForwardFor": "" }, "RiskRank": "high", "ServerName": "www.test.com", "TimeStamp": 1586240955, "TopId": 50146955, "UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)", "Uri": "/home.html?user=\u0026password=\u0026action!login:cantLogin%3Cscript%3Ealert(1344)%3C/script%3E=AppScan" } ], "RetCode": 0, "TotalCount": 1 } ```