Learn more:
Download this API’s RAML and JSON schema descriptors.
Overview
The Prolexic Analytics API exposes analytics data from Prolexic DDoS protection and monitoring services such as alerts and network bandwidth timeseries data.
Who should use this API
The Prolexic Analytics API helps you better integrate Prolexic’s data into your local environment. You can track network usage and review traffic spikes during attacks using timeseries data. You can also pull attack reports and alert information into local SIEM instances to streamline emergency response and post-event triage using events data.
Get started
To configure this API for the first time:
Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this:
https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.To enable this API, choose the API service named Prolexic Analytics API, and set the access level to READ-ONLY.
API concepts
To understand this API’s various URL resources and the data it exchanges, familiarize yourself with these concepts:
Metrics: Metrics contain telemetry collected from Akamai networks or your flow-based monitoring (FBM) netflow exports.
Metric types: Metric types encapsulate the available types of data from the metrics endpoint.
Attack reports: Attack reports created by the SOCC regarding attack events of interest that occur within your traffic.
Events: A list of security events with information on the location of the event and additional attack information.
Critical events: A list of security events marked with the highest level severity.
Time series: Time series usage and attack data for individual destination IP addresses.
Data facet syntax
This API’s Get time series data operation returns a three-level mapping structure with details about usage and attacks on individual destination IP addresses or CIDR blocks.
In the operation’s response, you can see numerous usage timestamps corresponding to individual data facets. A data facet can have one of these formats:
[ACCESS|BORDER]_FLOW_[DATA_CENTER_NAME]_[NETWORK_PROTOCOL|TOTAL]_[BPS|PPS][ACCESS|BORDER]_FLOW_[NETWORK_PROTOCOL|TOTAL]_[BPS|PPS]
This table shows sample values you may see in a response together with explanations of specific segments:
| Value | Description |
|---|---|
ACCESS_FLOW_DFW3_UDP_BPS |
ACCESS_FLOW represents an Akamai router and DFW3 stands for a data center in Dallas, Texas. UDP indicates the User Datagram Protocol on the transport OSI layer. Finally BPS means the data is shown in bytes per second. |
BORDER_FLOW_TOTAL_PPS |
BORDER_FLOW represents a customer router. All available data centers are included. TOTAL indicates all available OSI network protocols. Finally PPS means the data is shown in packets per second. |
Rate limiting
Prolexic Analytics API endpoints are subject to a rate-limiting constraint, which is currently set to 1000 requests per hour. When this limit is reached, an HTTP 429 error (Too Many Requests) is returned. This should be considered carefully when implementing endpoints that act on single list entries in a loop. This is consistent with all protected Akamai assets exposed via API calls.
Resources
This section provides details on each API operation.
API summary
Download the RAML descriptors for this API.
| Operation | Method | Endpoint |
|---|---|---|
| Get metrics data | POST | prolexic-analytics/ |
| List metric types | GET | prolexic-analytics/ |
| List attack reports | GET | prolexic-analytics/ |
| Get an attack report | GET | prolexic-analytics/ |
| List events | GET | prolexic-analytics/ |
| List critical events | GET | prolexic-analytics/ |
| Get time series data | GET | prolexic-analytics/ |
Get metrics data
Lists metrics specified in the type object, falling between given start and end times,
sampled at the given rate and attached to given contract. The maximum range between
start and end is 90 days.
If some (not all) requested types are invalid, invalid types are silently dropped, and the response only contains data for valid requests. More meaningful errors result if you are requesting data for only one type at a time.
POST prolexic-analytics/
Content-Type: application/json
Object type: Metric
Download schema: MetricDataInput.json
Request body:
{
"contract": "venus",
"start": 1322390037,
"end": 1400385899,
"samples": 100,
"type": {
"routed": [
"bandwidthIn"
],
"fbm": [
{
"metric": "bandwidth",
"protocol": "total",
"subnet": "192.0.2.0/24"
},
{
"metric": "packets",
"protocol": "tcp",
"ip": "192.0.2.10"
}
]
}
}
Status 200
application/json
Object type: Metric
Download schema: MetricResponse.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metrics acquired successfully",
"data": [
{
"service": "routed",
"metric": "bandwidthIn",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
},
{
"service": "fbm",
"metric": "bandwidthIn",
"protocol": "total",
"subnet": "192.0.2.0/24",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
},
{
"service": "routed",
"metric": "bandwidthIn",
"protocol": "tcp",
"ip": "192.0.2.10",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
}
]
}
List metric types
Retrieve a list of metric types for a specific customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that events belong to. |
Status 200
application/json
Object type: MetricType
Download schema: MetricType.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metric Types list acquired successfully",
"data": {
"routed": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"connect": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound packets, packets per second"
}
}
},
"mitigationPost": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"proxy": {
"metrics": {
"latency": {
"desc": "Average latency of request"
},
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"bandwidthOut": {
"desc": "Customer outbound traffic, bits per second"
},
"connections": {
"desc": "Connections count"
},
"packetsOut": {
"desc": "Customer outbound traffic, packets per second"
},
"requests": {
"desc": "Requests count"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"mitigationPre": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"fbm": {
"metrics": {
"bandwidth": {
"desc": "Customer traffic bits per second",
"subnets": [
"198.51.100.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
},
"packets": {
"desc": "Customer traffic packets per second",
"subnets": [
"192.0.2.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
}
}
}
}
}
List attack reports
Retrieves a list of attack reports for a customer within the specified time range.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
start |
Integer | 1397049511 |
Unix timestamp for beginning of attack report search. |
end |
Integer | 1399641518 |
Unix timestamp for end of attack report search. |
Status 200
application/json
Object type: Attack
Download schema: AttackReports.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack reports acquired successfully",
"data": [
{
"attackId": 2985,
"destinationPort": "80",
"eventStartTime": 1381320180,
"ticketId": 97585,
"eventEndTime": 1381349454,
"eventStartTimeAsString": "2013-10-09 12:03:00",
"endTime": 1381363451,
"eventId": 4202,
"eventEndTimeAsString": "2013-10-09 20:10:54",
"startTime": 1381063041,
"eventTypes": [
"DNS Flood",
"ICMP Flood",
"UDP Fragment"
],
"peaks": [
{
"location": "DCA",
"peakId": 17277,
"bandwidth": 6500000000,
"pps": 700000
},
{
"location": "HKG",
"peakId": 17276,
"bandwidth": 3000000000,
"pps": 600000
}
],
"destinations": [
{
"netmask": 32,
"ip": "192.0.2.200"
},
{
"netmask": 32,
"ip": "192.0.2.101"
}
]
},
{
"attackId": 2974,
"destinationPort": "80",
"eventStartTime": 1380714180,
"ticketId": 97368,
"eventEndTime": 1380752215,
"eventStartTimeAsString": "2013-10-02 11:43:00",
"endTime": 1380847367,
"eventId": 4170,
"eventEndTimeAsString": "2013-10-02 22:16:55",
"startTime": 1380714180,
"eventTypes": [
"SYN Flood"
],
"peaks": [
{
"location": "DCA",
"peakId": 17093,
"bandwidth": 300000000,
"pps": 200
},
{
"location": "HKG",
"peakId": 17092,
"bandwidth": 3000000,
"pps": 1000
}
],
"destinations": [
{
"netmask": 32,
"ip": "192.0.2.102"
}
]
}
]
}
Get an attack report
Retrieves an attack report for the specified customer and attackId.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
attackId |
Integer | 1966 |
A unique ID for each attack. |
Status 200
application/json
Object type: Attack
Download schema: AttackReport.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack report acquired successfully",
"data": [
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18594,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "SJC",
"endTime": 1390261538,
"eventBw": 500000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 1200,
"ip": "192.0.2.14",
"startTime": 1390244438
},
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18595,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "LON",
"endTime": 1390261538,
"eventBw": 90000000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 200000,
"ip": "192.0.2.88",
"startTime": 1390244438
}
]
}
List events
Retrieves an events list for a customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
Status 200
application/json
Object type: Event
Download schema: EventResponse.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"service": "man",
"eventType": "alert",
"isOngoing": false,
"eventStartTime": 1390975985,
"eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
"severity": 80,
"eventEndTime": 1393236546,
"eventInfo": {
"location": "mia1",
"lastOccurred": 1393236546,
"attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
}
},
{
"service": "Mitigation",
"eventType": "attack",
"isOngoing": true,
"eventStartTime": 1392922838,
"eventTitle": "[\"SYN Flood\"]",
"severity": 100,
"eventEndTime": 0,
"eventInfo": {
"eventTicketId": "70167",
"attackType": "[\"SYN Flood\"]",
"endTime": false,
"attackEventId": "2707",
"destinationIPs": "[198.51.100.0/24, 192.0.2.0/24, 203.0.113.0/24]",
"startTime": 1392922838
}
}
]
}
List critical events
Retrieves a critical events list for a customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
Status 200
application/json
Object type: Event
Download schema: CriticalEvent.json
Response body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"siteType": "DC",
"source": "wbm",
"location": "dca1",
"ip": "203.0.113.63",
"summary": "WBM TEST 5",
"instance": "01",
"interfaceName": "unknown",
"count": 11,
"siteCustomerName": "coral",
"eventId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems",
"siteName": "dca1",
"acknowledged": 0,
"state": 1,
"recentOccur": 1395842910,
"expires": 3600,
"node": "lr1.dca1.plx",
"importance": 5,
"notes": "TEST 5",
"firstOccur": 1393657985,
"description": "TEST WBM LEVEL 5"
}
]
}
Get time series data
Lists usage and attack information for individual destination IP addresses.
Optionally specify the startTime and endTime to get data from a specific period.
The maximum date range is the last seven days. By default you get data from the last two hours.
Specify locations to include only traffic coming through specific data centers,
or source for specific router types. Indicate the samplingSize to determine the number of timestamps to get
data for. Enable sum to get aggregated data.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
destinations |
String | 203.0.113.0/24,198.51.100.0/24 |
A comma-separated list of destinations. These can be individual IP addresses or CIDR blocks to specify a range of addresses. |
endTime |
Integer | 1596220115 |
The end time for the requested data in epoch seconds. Shows the current time by default. |
locations |
String | mia4,lga3 |
A comma-separated list of data center names to filter the results by. The currently available data centers are: mia4, lga3, lax3, dfw3, ord3, vie3, par3, ams3, sto3, sjc2, dca2, lon2, fra2, hkg2, tyo2, and syd2. Set to agr to show aggregated data from all data centers. |
samplingSize |
Integer | 2 |
The number of timestamps to get the usage data for. If not specified, the API returns all the data available for a selected time period. |
source |
Enumeration | access_flow |
The router type the data went through. Either access_flow for an Akamai router, border_flow for a customer router, or both. The default value is both. |
startTime |
Integer | 1596133715 |
The start time for the requested data in epoch seconds. Shows the current time minus two hours by default. |
sum |
Boolean | true |
Whether to return aggregationData in the response. |
Status 200
application/json
Object type: TimeSeries
Download schema: TimeSeriesDataFeatureSchema.json
Response body:
{
"192.0.2.0/24": {
"BORDER_FLOW_DFW3_ESP_BPS": {
"1594148700000": 183500.8,
"1594148820000": 10110020.267,
"1594148880000": 3023394.133,
"1594148940000": 11543868.4,
"1594149000000": 5758845.867,
"1594149060000": 11029211.467,
"1594149120000": 11703461.067,
"1594149180000": 4535091.2,
"1594149480000": 183500.8,
"1594151160000": 200977.067,
"1594152000000": 113595.733
},
"ACCESS_FLOW_DFW3_ESP_BPS": {
"1594148700000": 183500.8,
"1594148820000": 10110020.267,
"1594148880000": 3023394.133,
"1594148940000": 11543868.4,
"1594149000000": 5758845.867,
"1594149060000": 11029211.467,
"1594149120000": 11703461.067,
"1594149180000": 4535091.2,
"1594149480000": 183500.8,
"1594151160000": 200977.067,
"1594152000000": 113595.733
},
"aggregatedData": {
"ACCESS_FLOW_DFW3_ESP_BPS": 1322132,
"ACCESS_FLOW_DFW3_ESP_PPS": 23444.1223,
"ACCESS_FLOW_DFW3_ICMP_BPS": 1223.22,
"ACCESS_FLOW_DFW3_ICMP_PPS": 1223.344,
"ACCESS_FLOW_DFW3_TCP_BPS": 123445.12,
"ACCESS_FLOW_DFW3_TCP_PPS": 76655.23,
"ACCESS_FLOW_DFW3_TOTAL_BPS": 1234,
"ACCESS_FLOW_DFW3_TOTAL_PPS": 1323,
"ACCESS_FLOW_DFW3_UDP_BPS": 1233,
"ACCESS_FLOW_DFW3_UDP_PPS": 2132,
"BORDER_FLOW_DFW3_ESP_BPS": 12233,
"BORDER_FLOW_DFW3_ESP_PPS": 2133,
"BORDER_FLOW_DFW3_ICMP_BPS": 1233,
"BORDER_FLOW_DFW3_ICMP_PPS": 167888.34,
"BORDER_FLOW_DFW3_TCP_BPS": 766554.23,
"BORDER_FLOW_DFW3_TCP_PPS": 12345.788,
"BORDER_FLOW_DFW3_TOTAL_BPS": 12344.77,
"BORDER_FLOW_DFW3_TOTAL_PPS": 659878.22,
"BORDER_FLOW_DFW3_UDP_BPS": 6555788,
"BORDER_FLOW_DFW3_UDP_PPS": 76555.865
}
}
}
Data
This section provides you with the data model for the Prolexic Analytics API.
Download the JSON schemas for this API.
This section’s data schema tables list membership requirements as follows:
| ✓ | Member is required in requests, or always present in responses, even if its value is empty or null. |
| ○ | Member is optional, and may be omitted in some cases. |
Metric
Encapsulates the target contract and time constraints for the specified metrics.
Download schema:
MetricDataInput.json
Sample POST request:
{
"contract": "venus",
"start": 1322390037,
"end": 1400385899,
"samples": 100,
"type": {
"routed": [
"bandwidthIn"
],
"fbm": [
{
"metric": "bandwidth",
"protocol": "total",
"subnet": "203.0.113.0/24"
},
{
"metric": "packets",
"protocol": "tcp",
"ip": "198.51.100.0/24"
}
]
}
}
Metric members
| Member | Type | Required | Description |
|---|---|---|---|
Metric: Encapsulates the target contract and time constraints for the specified metrics. |
|||
contract |
String | ✓ | The policy domain name of the data center or proxy. |
end |
Integer | ✓ | The end time of the requested metric in UNIX epoch seconds (UTC). |
samples |
Integer | ✓ | The number on data points to return. |
start |
Integer | ✓ | The start time of the requested metric in UNIX epoch seconds (UTC). |
type |
Metric. |
✓ | Defines the types of requested metrics. |
Metric.type: Defines the types of requested metrics. |
|||
connect |
Array | ○ | Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second. |
fbm |
Metric. |
○ | Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration. |
mitigationPost |
Array | ○ | Select packets to return traffic packets per second or select bandwidth to return traffic bits per second. |
mitigationPre |
Array | ○ | Select packets to return traffic packets per second or select bandwidth to return traffic bits per second. |
proxy |
Array | ○ | Select latency for average latency of request, bandwidthIn for inbound traffic in bits per second, bandwidthOut for outbound traffic in bits per second, connections for a connections count, packetsOut for outbound traffic in packets per second, requests a request count, or packetsIn for inbound traffic in packets per second. |
routed |
Array | ○ | Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second. |
Metric.type.fbm[]: Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration. |
|||
ip |
String | ○ | The requested IP address. You can only specify a single ip or subnet per metric. |
metric |
Enumeration | ✓ | Select bandwidth to return traffic bits per second or select packets to return traffic packets per second. |
protocol |
Enumeration | ✓ | The protocol to use in the metric. Valid values are total, icmp, igmp, udp, and tcp. |
subnet |
String | ○ | The requested subnet. You can only specify a single subnet or ip per metric. |
MetricType
Encapsulates information on the types of metrics available to the contract.
Download schema:
MetricType.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metric Types list acquired successfully",
"data": {
"routed": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"connect": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound packets, packets per second"
}
}
},
"mitigationPost": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"proxy": {
"metrics": {
"latency": {
"desc": "Average latency of request"
},
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"bandwidthOut": {
"desc": "Customer outbound traffic, bits per second"
},
"connections": {
"desc": "Connections count"
},
"packetsOut": {
"desc": "Customer outbound traffic, packets per second"
},
"requests": {
"desc": "Requests count"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"mitigationPre": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"fbm": {
"metrics": {
"bandwidth": {
"desc": "Customer traffic bits per second",
"subnets": [
"198.51.100.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
},
"packets": {
"desc": "Customer traffic packets per second",
"subnets": [
"198.51.100.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
}
}
}
}
}
MetricType members
| Member | Type | Required | Description |
|---|---|---|---|
MetricType: Encapsulates information on the types of metrics available to the contract. |
|||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. |
data |
Metric |
✓ | Defines the types of metrics you can request. |
status |
Boolean | ✓ | Whether the request for the metrics type list was successful. |
statusMsg |
String | ✓ | A status message that indicates the successful or failed retrieval of the metric types list. |
MetricType.data: Defines the types of metrics you can request. |
|||
connect |
Metric |
✓ | Valid routed and connect metrics. |
fbm |
Metric |
✓ | Valid metrics for FBM. |
mitigationPost |
Metric |
✓ | Valid mitigation metrics. |
mitigationPre |
Metric |
✓ | Valid mitigation metrics. |
proxy |
Metric |
✓ | Valid proxy metrics. |
routed |
Metric |
✓ | Valid routed and connect metrics. |
MetricType.data.connect: Valid routed and connect metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available routed or connect metrics. |
MetricType.data.connect.metrics: Contains a list of available routed or connect metrics. |
|||
bandwidthIn |
Object | ✓ | The customer inbound traffic measured in bits per second. |
packetsIn |
Object | ✓ | The customer inbound traffic measured in packets per second. |
MetricType.data.fbm: Valid metrics for FBM. |
|||
metrics |
Metric |
✓ | Contains a list of available FBM metrics. |
MetricType.data.fbm.metrics: Contains a list of available FBM metrics. |
|||
bandwidth |
Metric |
✓ | Customer traffic measured in bits per second. |
packets |
Metric |
✓ | Customer traffic measured in packets per second. |
MetricType.data.fbm.metrics.bandwidth: Customer traffic measured in bits per second. |
|||
protocols |
Array | ✓ | The available protocols. Valid values are total, icmp, igmp, udp, and tcp. |
subnets |
Array | ✓ | The subnets available to your contract. |
MetricType.data.fbm.metrics.packets: Customer traffic measured in packets per second. |
|||
protocols |
Array | ✓ | The available protocols. Valid values are total, icmp, igmp, udp, and tcp. |
subnets |
Array | ✓ | The subnets available to your contract. |
MetricType.data.mitigationPost: Valid mitigation metrics. |
|||
metrics |
Metric |
○ | Contains a list of available mitigation metrics. |
MetricType.data.mitigationPost.metrics: Contains a list of available mitigation metrics. |
|||
bandwidth |
Object | ✓ | Customer traffic measured in packets per second. |
packets |
Object | ✓ | Customer traffic measured in packets per second. |
MetricType.data.mitigationPre: Valid mitigation metrics. |
|||
metrics |
Metric |
○ | Contains a list of available mitigation metrics. |
MetricType.data.mitigationPre.metrics: Contains a list of available mitigation metrics. |
|||
bandwidth |
Object | ✓ | Customer traffic measured in packets per second. |
packets |
Object | ✓ | Customer traffic measured in packets per second. |
MetricType.data.proxy: Valid proxy metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available proxy metrics. |
MetricType.data.proxy.metrics: Contains a list of available proxy metrics. |
|||
bandwidthIn |
Object | ✓ | Customer inbound traffic measured in bits per second. |
bandwidthOut |
Object | ✓ | Customer outbound traffic measured in bits per second. |
connections |
Object | ✓ | The total connections count. |
latency |
Object | ✓ | Average latency of a request. |
packetsIn |
Object | ✓ | Customer outbound traffic measured in packets per second. |
packetsOut |
Object | ✓ | Customer outbound traffic measured in packets per second. |
requests |
Object | ✓ | The total request count. |
MetricType.data.routed: Valid routed and connect metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available routed or connect metrics. |
MetricType.data.routed.metrics: Contains a list of available routed or connect metrics. |
|||
bandwidthIn |
Object | ✓ | The customer inbound traffic measured in bits per second. |
packetsIn |
Object | ✓ | The customer inbound traffic measured in packets per second. |
Attack
Contains details about an attack, including location, time, and type of attack.
Download schema:
AttackReports.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack report acquired successfully",
"data": [
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18594,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "SJC",
"endTime": 1390261538,
"eventBw": 500000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 1200,
"ip": "198.51.100.68",
"startTime": 1390244438
},
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18595,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "LON",
"endTime": 1390261538,
"eventBw": 90000000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 200000,
"ip": "198.51.100.70",
"startTime": 1390244438
}
]
}
Attack members
| Member | Type | Required | Description |
|---|---|---|---|
Attack: Contains details about an attack, including location, time, and type of attack. |
|||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. |
data |
Attack. |
✓ | The list of recorded attacks, with details about each attack. |
status |
Boolean | ✓ | Whether the request for the attack information was successful. |
statusMsg |
String | ✓ | A status message that indicates the successful or failed retrieval of the attack information. |
Attack.data[]: The list of recorded attacks, with details about each attack. |
|||
attackId |
Integer | ✓ | A unique identifier for the attack. |
customer |
String | ✓ | A nickname for the customer. |
destinationPort |
String | ○ | The targeted port of the attack, if applicable. Returns null when not applicable. |
destinations |
Attack. |
○ | An array of targeted IP addresses or Subnets for the attack. |
endTime |
Integer | ○ | The end time of the attack in UNIX epoch seconds (UTC). |
eventEndTime |
Integer | ○ | The end time of the event in UNIX epoch seconds (UTC). |
event |
String | ✓ | The end time of the event in yyyy-MM-dd HH:mm:ss format. |
eventId |
Integer | ✓ | A unique identifier for the event. |
eventStartTime |
Integer | ✓ | The start time of the event in UNIX epoch seconds (UTC). |
event |
String | ✓ | The start time of the event in yyyy-MM-dd HH:mm:ss format. |
eventType |
Enumeration | ✓ | The type of event. Valid values are alert and attack. |
eventTypes |
Array | ✓ | The types of attacks, also referred to as attackTypeName or attackType. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS. |
peaks |
Attack. |
○ | Contains peak statistics from the attack data. |
startTime |
Integer | ✓ | The start time of the attack in UNIX epoch seconds (UTC). |
ticketId |
String | ○ | A unique identifier for the ticket associated with this attack. |
Attack.data[].destinations[]: An array of targeted IP addresses or Subnets for the attack. |
|||
ip |
String | ✓ | A targeted IP address. |
netmask |
Integer | ✓ | A targeted subnet. |
Attack.data[].peaks[]: Contains peak statistics from the attack data. |
|||
bandwidth |
Integer | ✓ | The peak measurement of bandwidth. |
connections |
Integer | ○ | The peak number of connections. |
location |
String | ✓ | The peak value for location. |
peakId |
Integer | ✓ | The peak value for ID. |
pps |
Integer | ✓ | The peak measurement of packets per second. |
Event
Encapsulates the details of an event and the associated attack information.
Download schema:
EventResponse.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"service": "man",
"eventType": "alert",
"isOngoing": false,
"eventStartTime": 1390975985,
"eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
"severity": 80,
"eventEndTime": 1393236546,
"eventInfo": {
"location": "mia1",
"lastOccurred": 1393236546,
"attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
}
},
{
"service": "Mitigation",
"eventType": "attack",
"isOngoing": true,
"eventStartTime": 1392922838,
"eventTitle": "[\"SYN Flood\"]",
"severity": 100,
"eventEndTime": 0,
"eventInfo": {
"eventTicketId": "70167",
"attackType": "[\"SYN Flood\"]",
"endTime": false,
"attackEventId": "2707",
"destinationIPs": "[192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24]",
"startTime": 1392922838
}
}
]
}
Event members
| Member | Type | Required | Description |
|---|---|---|---|
Event: Encapsulates the details of an event and the associated attack information. |
|||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. |
data |
Event. |
○ | Contains the attack details of the event. |
status |
Boolean | ✓ | Whether the request for the events list was successful. |
statusMsg |
String | ✓ | A status message that indicates the successful or failed retrieval of the events list. |
Event.data[]: Contains the attack details of the event. |
|||
eventEndTime |
Integer | ○ | The end time of the event in UNIX epoch seconds (UTC). |
eventInfo |
Event. |
○ | If the event is an alert type, this object specifies the alert report information. |
eventInfo |
Event. |
○ | If the event is an attack type, this object specifies the attack report information. |
eventStartTime |
Integer | ✓ | The start time of the event in UNIX epoch seconds (UTC). |
eventTitle |
String | ○ | A title that briefly describes the event. |
eventType |
Enumeration | ✓ | The type of event. Valid values are alert and attack. |
isOngoing |
Boolean | ✓ | Indicates whether the event is currently ongoing. |
service |
String | ✓ | Returns Mitigation in the case of an attack report type event. Returns one of the following sources if it is an alert type event: abm, abr, arb, bgp, fbm, or int. |
severity |
Integer | ✓ | The severity level of the event. |
Event.data[].eventInfo{alert}: If the event is an alert type, this object specifies the alert report information. |
|||
attackId |
String | ✓ | A unique identifier for the attack. |
lastOccurred |
String | ✓ | The time of the last known activity in UNIX epoch seconds (UTC). |
location |
String | ✓ | Indicates where the alert originated from in the network. |
summary |
String | ○ | A brief textual description summarizing the type of event and what happened. |
Event.data[].eventInfo{attackReport}: If the event is an attack type, this object specifies the attack report information. |
|||
attackEventId |
String | ✓ | The ID of the attack report associated with the event. |
attackType |
Enumeration | ✓ | The types of attacks, also referred to as eventTypes or attackTypeName. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS. |
destinationIps |
String | ✓ | The targeted IP addresses of the attack. |
endTime |
String | ○ | The end time of the event in UNIX epoch seconds (UTC). |
eventTicketId |
String | ○ | A unique identifier for the ticket associated with this event. |
startTime |
String | ✓ | The start time of the attack in UNIX epoch seconds (UTC). |
TimeSeries
Contains attack and individual usage information for selected destination IP addresses or CIDR blocks in a three-level mapping object. An IP address or CIDR block keys appear at the top-level. The nested keys represent different report data facets. The lowest level shows keys for each data point’s individual epoch timestamp.
Download schema:
TimeSeriesDataResponse.json
Sample GET response:
{
"192.0.2.0/24": {
"BORDER_FLOW_DFW3_ESP_BPS": {
"1594148700000": 183500.8,
"1594148820000": 10110020.267,
"1594148880000": 3023394.133,
"1594148940000": 11543868.4,
"1594149000000": 5758845.867,
"1594149060000": 11029211.467,
"1594149120000": 11703461.067,
"1594149180000": 4535091.2,
"1594149480000": 183500.8,
"1594151160000": 200977.067,
"1594152000000": 113595.733
},
"ACCESS_FLOW_DFW3_ESP_BPS": {
"1594148700000": 183500.8,
"1594148820000": 10110020.267,
"1594148880000": 3023394.133,
"1594148940000": 11543868.4,
"1594149000000": 5758845.867,
"1594149060000": 11029211.467,
"1594149120000": 11703461.067,
"1594149180000": 4535091.2,
"1594149480000": 183500.8,
"1594151160000": 200977.067,
"1594152000000": 113595.733
},
"aggregatedData": {
"ACCESS_FLOW_DFW3_ESP_BPS": 1322132,
"ACCESS_FLOW_DFW3_ESP_PPS": 23444.1223,
"ACCESS_FLOW_DFW3_ICMP_BPS": 1223.22,
"ACCESS_FLOW_DFW3_ICMP_PPS": 1223.344,
"ACCESS_FLOW_DFW3_TCP_BPS": 123445.12,
"ACCESS_FLOW_DFW3_TCP_PPS": 76655.23,
"ACCESS_FLOW_DFW3_TOTAL_BPS": 1234,
"ACCESS_FLOW_DFW3_TOTAL_PPS": 1323,
"ACCESS_FLOW_DFW3_UDP_BPS": 1233,
"ACCESS_FLOW_DFW3_UDP_PPS": 2132,
"BORDER_FLOW_DFW3_ESP_BPS": 12233,
"BORDER_FLOW_DFW3_ESP_PPS": 2133,
"BORDER_FLOW_DFW3_ICMP_BPS": 1233,
"BORDER_FLOW_DFW3_ICMP_PPS": 167888.34,
"BORDER_FLOW_DFW3_TCP_BPS": 766554.23,
"BORDER_FLOW_DFW3_TCP_PPS": 12345.788,
"BORDER_FLOW_DFW3_TOTAL_BPS": 12344.77,
"BORDER_FLOW_DFW3_TOTAL_PPS": 659878.22,
"BORDER_FLOW_DFW3_UDP_BPS": 6555788,
"BORDER_FLOW_DFW3_UDP_PPS": 76555.865
}
}
}
TimeSeries members
| Member | Type | Description | |
|---|---|---|---|
TimeSeries: Contains attack and individual usage information for selected destination IP addresses or CIDR blocks in a three-level mapping object. An IP address or CIDR block keys appear at the top-level. The nested keys represent different report data facets. The lowest level shows keys for each data point’s individual epoch timestamp. |
|||
aggregationData |
Time |
Contains aggregated time series data for each report data facet during the specified time range. Only appears in the response if you enable the request’s sum parameter. |
|
{address} |
Time |
Contains time series data for an individual destination IP address or a CIDR block. Each CIDR block or IP address key maps to a different report data facet. | |
TimeSeries.aggregationData: Contains aggregated time series data for each report data facet during the specified time range. Only appears in the response if you enable the request’s sum parameter. |
|||
{dataFacet} |
Time |
The specified report data facet, including the affected router type, data centers, OSI model layer, and usage in either bytes per second or packets per second. Each data facet maps to a set of timestamp keys. | |
TimeSeries.aggregationData.{dataFacet}: The specified report data facet, including the affected router type, data centers, OSI model layer, and usage in either bytes per second or packets per second. Each data facet maps to a set of timestamp keys. |
|||
{timestamp} |
Number | The timestamp with associated data usage. Each timestamp key maps to an individual data facet. | |
TimeSeries.{address}: Contains time series data for an individual destination IP address or a CIDR block. Each CIDR block or IP address key maps to a different report data facet. |
|||
{dataFacet} |
Time |
The specified report data facet, including the affected router type, data centers, OSI model layer, and usage in either bytes per second or packets per second. Each data facet maps to a set of timestamp keys. | |
TimeSeries.{address}.{dataFacet}: The specified report data facet, including the affected router type, data centers, OSI model layer, and usage in either bytes per second or packets per second. Each data facet maps to a set of timestamp keys. |
|||
{timestamp} |
Number | The timestamp with associated data usage. Each timestamp key maps to an individual data facet. | |
Errors
This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.
Error responses
Responses from the API include status and statusMsg parameters indicating the success or failure of a request. For a failed request, the status boolean will be set to false and statusMsg will contain a string explaining the error condition, such as in the following example:
{
"status": false,
"statusMsg": "Description of failure"
}
For non–2xx HTTPS returned status codes, the error JSON below is returned as outlined. See HTTP Status Codes below for a list of error codes.
HTTP/1.1 429 Too Many Requests
Content-Type: application/problem+json
Reply Body:
{
"type": "https://developer.akamai.com/api/luna/prolexic-analytics/overview.html#ratelimiting"
"title": "Too many requests"
"status" : 429,
"detail": "additional non-http specific info where relevant"
}
HTTP status codes
This section lists the full range of response codes the API may generate.
| Code | Description |
|---|---|
| 200 | The operation was successful. |
| 201 | Resource successfully created. |
| 202 | Resource successfully accepted. |
| 204 | Successfully processed request. |
| 400 | Bad Request. |
| 401 | Authentication failure. |
| 403 | Access is forbidden. |
| 404 | Resource not found. |
| 405 | Method not supported. |
| 409 | Conflict with current state of resource. |
| 410 | Requested resource is no longer available. |
| 411 | Content-length header not specified. |
| 413 | Request body exceeds maximum allowable size. |
| 423 | Requested resource is locked. |
| 429 | Too many requests. See Rate Limiting for more information. |
| 500 | Internal server error. |
| 501 | Functionality not supported. |
| 503 | Too many requests. Service is temporarily unavailable. |
| 507 | Insufficient storage for size of request. Try again later. |