Get False Alarm Record List - DescribeWafAttackFalseAlarmListInfo
Overview
Get False Alarm Record List
Definition
Public Parameters
Parameter Name | Type | Description Information | Required |
---|---|---|---|
Action | string | Corresponding API command name, the current API is DescribeWafAttackFalseAlarmListInfo . | Yes |
PublicKey | string | The user’s public key can be obtained from Console | Yes |
Signature | string | User signature generated based on public key and API command, see Signature Algorithm | Yes |
Request Parameters
Parameter Name | Type | Description Information | Required |
---|---|---|---|
ProjectId | string | Project ID. If not filled in, the default project is used, sub-accounts must be filled in. Please refer to the GetProjectList interface. | No |
Offset | int | Record Offset, equivalent to PageNum | Yes |
Limit | int | Record limit number, equivalent to PageSize | Yes |
FullDomain | string | The domain name to be queried, which has a higher priority than Domain. | No |
Response Field
Field Name | Type | Description Information | Required |
---|---|---|---|
RetCode | int | Return status code. If it is 0, it means successful return. If it is not 0, it means failure. | Yes |
Action | string | Operation command name. | Yes |
Message | string | Returns an error message, providing detailed description when RetCode is non-zero. | No |
TotalCount | int | False Alarm Record Total | Yes |
DetailList | array[WafAttack] | False Alarm Record List, see WafAttack | Yes |
Data Model
WafAttack
Field Name | Type | Description Information | Required |
---|---|---|---|
Region | string | Region | No |
Protocol | string | Protocol | No |
ServerName | string | Server Name | No |
DestIp | string | Target IP Address | No |
Port | string | Port | No |
Alerts | array[WafAlert] | Alarm matching information, refer to WafAlert | No |
Attack | string | Attack Type | No |
Method | string | Request Method | No |
FalsePositive | boolean | False Alarm | No |
RiskRank | string | Risk Level | No |
TimeStamp | int | Attack Timestamp | No |
Host | string | Hostname | No |
Referer | string | Reference Address | No |
Count | int | Attack Times | No |
Uri | string | URI | No |
Client | string | Client | No |
Mode | string | Working Mode | No |
Action | string | Matching Action | No |
UA | string | User Agent | No |
Args | string | Parameters | No |
WafAlert
Field Name | Type | Description Information | Required |
---|---|---|---|
Description | string | Rule Description | No |
Id | int | Matching Rule ID | No |
Example
Request Example
https://api.dezai.com/?Action=DescribeWafAttackFalseAlarmListInfo
&ProjectId=org-xxx
&Domain=www.test.com
&Offset=0
&Limit=10
&FullDomain=izRcaHFo
Response Example
{
"Action": "DescribeWafAttackFalseAlarmListInfoResponse",
"DetailList": [
{
"AccessId": "183.238.16.138-a9736253",
"Action": "DENY",
"Alerts": [
{
"Description": "XSS",
"Id": 32003,
"Match": {
"0": "\u003cscript",
"1": "\u003cscript",
"2": "\u003c",
"5": "script"
}
}
],
"Args": "",
"Attack": "xss",
"Client": "183.238.16.138",
"ClientIPInfo": {
"city_name": "深圳",
"country_name": "中国",
"latitude": "22.547",
"longitude": "114.085947",
"owner_domain": "",
"region_name": "广东",
"timezone": "Asia/Shanghai"
},
"Count": 1,
"DestIp": "106.75.79.224",
"FalsePositive": true,
"Host": "www.test.com",
"Id": "5e8c1dbb243527db1df82677",
"Method": "GET",
"Mode": "SIMULATE",
"Port": "80",
"Protocol": "http",
"Referer": "NULL",
"Region": "cn-bj",
"RequestBody": null,
"RequestHeaders": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"AcceptEncoding": "",
"AcceptLanguage": "en-US",
"CacheControl": "",
"Connection": "",
"Cookie": "",
"Host": "www.test.com",
"UpgradeInsecureRequests": "",
"UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"XForwardFor": ""
},
"RiskRank": "high",
"ServerName": "www.test.com",
"TimeStamp": 1586240955,
"TopId": 50146955,
"UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"Uri": "/home.html?user=\u0026password=\u0026action!login:cantLogin%3Cscript%3Ealert(1344)%3C/script%3E=AppScan"
}
],
"RetCode": 0,
"TotalCount": 1
}