Docs
api
Web Application Firewall(UEWAF)
DescribeWafAttackFalseAlarmListInfo

Get False Alarm Record List - DescribeWafAttackFalseAlarmListInfo

Overview

Get False Alarm Record List

Definition

Public Parameters

Parameter NameTypeDescription InformationRequired
ActionstringCorresponding API command name, the current API is DescribeWafAttackFalseAlarmListInfo.Yes
PublicKeystringThe user’s public key can be obtained from ConsoleYes
SignaturestringUser signature generated based on public key and API command, see Signature AlgorithmYes

Request Parameters

Parameter NameTypeDescription InformationRequired
ProjectIdstringProject ID. If not filled in, the default project is used, sub-accounts must be filled in. Please refer to the GetProjectList interface.No
OffsetintRecord Offset, equivalent to PageNumYes
LimitintRecord limit number, equivalent to PageSizeYes
FullDomainstringThe domain name to be queried, which has a higher priority than Domain.No

Response Field

Field NameTypeDescription InformationRequired
RetCodeintReturn status code. If it is 0, it means successful return. If it is not 0, it means failure.Yes
ActionstringOperation command name.Yes
MessagestringReturns an error message, providing detailed description when RetCode is non-zero.No
TotalCountintFalse Alarm Record TotalYes
DetailListarray[WafAttack]False Alarm Record List, see WafAttackYes

Data Model

WafAttack

Field NameTypeDescription InformationRequired
RegionstringRegionNo
ProtocolstringProtocolNo
ServerNamestringServer NameNo
DestIpstringTarget IP AddressNo
PortstringPortNo
Alertsarray[WafAlert]Alarm matching information, refer to WafAlertNo
AttackstringAttack TypeNo
MethodstringRequest MethodNo
FalsePositivebooleanFalse AlarmNo
RiskRankstringRisk LevelNo
TimeStampintAttack TimestampNo
HoststringHostnameNo
RefererstringReference AddressNo
CountintAttack TimesNo
UristringURINo
ClientstringClientNo
ModestringWorking ModeNo
ActionstringMatching ActionNo
UAstringUser AgentNo
ArgsstringParametersNo

WafAlert

Field NameTypeDescription InformationRequired
DescriptionstringRule DescriptionNo
IdintMatching Rule IDNo

Example

Request Example

https://api.dezai.com/?Action=DescribeWafAttackFalseAlarmListInfo
&ProjectId=org-xxx
&Domain=www.test.com
&Offset=0
&Limit=10
&FullDomain=izRcaHFo

Response Example

{
  "Action": "DescribeWafAttackFalseAlarmListInfoResponse",
  "DetailList": [
    {
      "AccessId": "183.238.16.138-a9736253",
      "Action": "DENY",
      "Alerts": [
        {
          "Description": "XSS",
          "Id": 32003,
          "Match": {
            "0": "\u003cscript",
            "1": "\u003cscript",
            "2": "\u003c",
            "5": "script"
          }
        }
      ],
      "Args": "",
      "Attack": "xss",
      "Client": "183.238.16.138",
      "ClientIPInfo": {
        "city_name": "深圳",
        "country_name": "中国",
        "latitude": "22.547",
        "longitude": "114.085947",
        "owner_domain": "",
        "region_name": "广东",
        "timezone": "Asia/Shanghai"
      },
      "Count": 1,
      "DestIp": "106.75.79.224",
      "FalsePositive": true,
      "Host": "www.test.com",
      "Id": "5e8c1dbb243527db1df82677",
      "Method": "GET",
      "Mode": "SIMULATE",
      "Port": "80",
      "Protocol": "http",
      "Referer": "NULL",
      "Region": "cn-bj",
      "RequestBody": null,
      "RequestHeaders": {
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "AcceptEncoding": "",
        "AcceptLanguage": "en-US",
        "CacheControl": "",
        "Connection": "",
        "Cookie": "",
        "Host": "www.test.com",
        "UpgradeInsecureRequests": "",
        "UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
        "XForwardFor": ""
      },
      "RiskRank": "high",
      "ServerName": "www.test.com",
      "TimeStamp": 1586240955,
      "TopId": 50146955,
      "UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
      "Uri": "/home.html?user=\u0026password=\u0026action!login:cantLogin%3Cscript%3Ealert(1344)%3C/script%3E=AppScan"
    }
  ],
  "RetCode": 0,
  "TotalCount": 1
}