Prolexic Analytics API v2
Retrieve analytics data from Prolexic DDoS protection and monitoring services.
Learn more:
Download this API’s RAML and JSON schema descriptors.
Overview
The Prolexic Analytics API exposes analytics data from Prolexic DDoS protection and monitoring services such as alerts and network bandwidth timeseries data.
Who Should Use This API
The Prolexic Analytics API helps you better integrate Prolexic’s data into your local environment. You can track network usage and review traffic spikes during attacks using timeseries data. You can also pull attack reports and alert information into local SIEM instances to streamline emergency response and post-event triage using events data.
Get started
To configure this API for the first time:
Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this:
https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.To enable this API, choose the API service named Prolexic Analytics API, and set the access level to READ-ONLY.
Rate limiting
Prolexic Analytics API endpoints are subject to a rate-limiting constraint, which is currently set to 1000 requests per hour. When this limit is reached, an HTTP 429 error (Too Many Requests) is returned. This should be considered carefully when implementing endpoints that act on single list entries in a loop. This is consistent with all protected Akamai assets exposed via API calls.
Resources
This section provides details on each API operation.
The following list provides a road map of all the conceptual objects you deal with when interacting with the Prolexic Analytics API, and provides pointers to where you can learn more.
Metrics: Metrics contain telemetry collected from Akamai networks or your FBM netflow exports.
Metric Types: Metric types encapsulate the available types of data from the metrics endpoint.
Attack Reports: Attack reports eports created by the SOCC regarding attack events of interest that occur within your traffic.
Events: A list of security events with information on the location of the event and additional attack information.
Critical Events: A list of security events marked with the highest level severity.
API summary
Download the RAML descriptors for this API.
| Operation | Method | Endpoint |
|---|---|---|
| Get metrics data | POST | prolexic-analytics/ |
| List metric types | GET | prolexic-analytics/ |
| List attack reports | GET | prolexic-analytics/ |
| Get an attack report | GET | prolexic-analytics/ |
| List events | GET | prolexic-analytics/ |
| List critical events | GET | prolexic-analytics/ |
Get metrics data
Lists metrics specified in the type object, falling between given start and end times,
sampled at the given rate and attached to given contract. The maximum range between
start and end is 90 days.
If some (not all) requested types are invalid, invalid types are silently dropped, and the response only contains data for valid requests. More meaningful errors result if you are requesting data for only one type at a time.
POST prolexic-analytics/
Content-Type: application/json
Object type: Metric
Download schema: MetricDataInput.json
Request Body:
{
"contract": "venus",
"start": 1322390037,
"end": 1400385899,
"samples": 100,
"type": {
"routed": [
"bandwidthIn"
],
"fbm": [
{
"metric": "bandwidth",
"protocol": "total",
"subnet": "1.1.1.0/24"
},
{
"metric": "packets",
"protocol": "tcp",
"ip": "1.1.1.10"
}
]
}
}
Status 200
application/json
Object type: Metric
Download schema: MetricResponse.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metrics acquired successfully",
"data": [
{
"service": "routed",
"metric": "bandwidthIn",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
},
{
"service": "fbm",
"metric": "bandwidthIn",
"protocol": "total",
"subnet": "1.1.1.0/24",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
},
{
"service": "routed",
"metric": "bandwidthIn",
"protocol": "tcp",
"ip": "1.1.1.10",
"points": [
[
1392609960,
211014
],
[
1396886760,
202529
]
]
}
]
}
List metric types
Retrieve a list of metric types for a specific customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that events belong to. |
Status 200
application/json
Object type: MetricType
Download schema: MetricType.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metric Types list acquired successfully",
"data": {
"routed": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"connect": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound packets, packets per second"
}
}
},
"mitigationPost": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"proxy": {
"metrics": {
"latency": {
"desc": "Average latency of request"
},
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"bandwidthOut": {
"desc": "Customer outbound traffic, bits per second"
},
"connections": {
"desc": "Connections count"
},
"packetsOut": {
"desc": "Customer outbound traffic, packets per second"
},
"requests": {
"desc": "Requests count"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"mitigationPre": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"fbm": {
"metrics": {
"bandwidth": {
"desc": "Customer traffic bits per second",
"subnets": [
"1.1.2.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
},
"packets": {
"desc": "Customer traffic packets per second",
"subnets": [
"1.1.2.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
}
}
}
}
}
List attack reports
Retrieves a list of attack reports for a customer within the specified time range.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
start |
Integer | 1397049511 |
Unix timestamp for beginning of attack report search. |
end |
Integer | 1399641518 |
Unix timestamp for end of attack report search. |
Status 200
application/json
Object type: Attack
Download schema: AttackReports.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack reports acquired successfully",
"data": [
{
"attackId": 2985,
"destinationPort": "80",
"eventStartTime": 1381320180,
"ticketId": 97585,
"eventEndTime": 1381349454,
"eventStartTimeAsString": "2013-10-09 12:03:00",
"endTime": 1381363451,
"eventId": 4202,
"eventEndTimeAsString": "2013-10-09 20:10:54",
"startTime": 1381063041,
"eventTypes": [
"DNS Flood",
"ICMP Flood",
"UDP Fragment"
],
"peaks": [
{
"location": "DCA",
"peakId": 17277,
"bandwidth": 6500000000,
"pps": 700000
},
{
"location": "HKG",
"peakId": 17276,
"bandwidth": 3000000000,
"pps": 600000
}
],
"destinations": [
{
"netmask": 32,
"ip": "178.132.240.100"
},
{
"netmask": 32,
"ip": "178.132.240.155"
}
]
},
{
"attackId": 2974,
"destinationPort": "80",
"eventStartTime": 1380714180,
"ticketId": 97368,
"eventEndTime": 1380752215,
"eventStartTimeAsString": "2013-10-02 11:43:00",
"endTime": 1380847367,
"eventId": 4170,
"eventEndTimeAsString": "2013-10-02 22:16:55",
"startTime": 1380714180,
"eventTypes": [
"SYN Flood"
],
"peaks": [
{
"location": "DCA",
"peakId": 17093,
"bandwidth": 300000000,
"pps": 200
},
{
"location": "HKG",
"peakId": 17092,
"bandwidth": 3000000,
"pps": 1000
}
],
"destinations": [
{
"netmask": 32,
"ip": "178.132.240.126"
}
]
}
]
}
Get an attack report
Retrieves an attack report for the specified customer and attackId.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
attackId |
Integer | 1966 |
A unique ID for each attack. |
Status 200
application/json
Object type: Attack
Download schema: AttackReport.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack report acquired successfully",
"data": [
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18594,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "SJC",
"endTime": 1390261538,
"eventBw": 500000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 1200,
"ip": "178.132.242.47",
"startTime": 1390244438
},
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18595,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "LON",
"endTime": 1390261538,
"eventBw": 90000000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 200000,
"ip": "178.132.242.47",
"startTime": 1390244438
}
]
}
List events
Retrieves an events list for a customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
Status 200
application/json
Object type: Event
Download schema: EventResponse.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"service": "man",
"eventType": "alert",
"isOngoing": false,
"eventStartTime": 1390975985,
"eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
"severity": 80,
"eventEndTime": 1393236546,
"eventInfo": {
"location": "mia1",
"lastOccurred": 1393236546,
"attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
}
},
{
"service": "Mitigation",
"eventType": "attack",
"isOngoing": true,
"eventStartTime": 1392922838,
"eventTitle": "[\"SYN Flood\"]",
"severity": 100,
"eventEndTime": 0,
"eventInfo": {
"eventTicketId": "70167",
"attackType": "[\"SYN Flood\"]",
"endTime": false,
"attackEventId": "2707",
"destinationIPs": "[178.132.240.114/32, 178.132.240.155/32, 178.132.240.203/32]",
"startTime": 1392922838
}
}
]
}
List critical events
Retrieves a critical events list for a customer.
GET prolexic-analytics/
Sample: prolexic-analytics/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
contract |
String | coral |
The policy domain name of the data center or proxy that attack reports belong to. |
Status 200
application/json
Object type: Event
Download schema: CriticalEvent.json
Response Body:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"siteType": "DC",
"source": "wbm",
"location": "dca1",
"ip": "192.216.61.102",
"summary": "WBM TEST 5",
"instance": "01",
"interfaceName": "unknown",
"count": 11,
"siteCustomerName": "coral",
"eventId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems",
"siteName": "dca1",
"acknowledged": 0,
"state": 1,
"recentOccur": 1395842910,
"expires": 3600,
"node": "lr1.dca1.plx",
"importance": 5,
"notes": "TEST 5",
"firstOccur": 1393657985,
"description": "TEST WBM LEVEL 5"
}
]
}
Data
This section provides you with the data model for the Prolexic Analytics API.
Download the JSON schemas for this API.
The data schema tables below list membership requirements as follows:
| ✓ | Member is required in requests, or always present in responses, even if its value is empty or null. |
| ○ | Member is optional, and may be omitted in some cases. |
Metric
Encapsulates the target contract and time constraints for the specified metrics.
Download schema:
MetricDataInput.json
Sample POST request:
{
"contract": "venus",
"start": 1322390037,
"end": 1400385899,
"samples": 100,
"type": {
"routed": [
"bandwidthIn"
],
"fbm": [
{
"metric": "bandwidth",
"protocol": "total",
"subnet": "1.1.1.0/24"
},
{
"metric": "packets",
"protocol": "tcp",
"ip": "1.1.1.10"
}
]
}
}
Metric members
| Member | Type | Required | Description |
|---|---|---|---|
Metric: Encapsulates the target contract and time constraints for the specified metrics. |
|||
contract |
String | ✓ | The policy domain name of the data center or proxy. |
end |
Integer | ✓ | The end time of the requested metric in UNIX epoch seconds (UTC). |
samples |
Integer | ✓ | The number on data points to return. |
start |
Integer | ✓ | The start time of the requested metric in UNIX epoch seconds (UTC). |
type |
Metric. |
✓ | Defines the types of requested metrics. |
Metric.type: Defines the types of requested metrics. |
|||
connect |
Array | ○ | Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second. |
fbm |
Metric. |
○ | Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration. |
mitigationPost |
Array | ○ | Select packets to return traffic packets per second or select bandwidth to return traffic bits per second. |
mitigationPre |
Array | ○ | Select packets to return traffic packets per second or select bandwidth to return traffic bits per second. |
proxy |
Array | ○ | Select latency for average latency of request, bandwidthIn for inbound traffic in bits per second, bandwidthOut for outbound traffic in bits per second, connections for a connections count, packetsOut for outbound traffic in packets per second, requests a request count, or packetsIn for inbound traffic inpackets per second. |
routed |
Array | ○ | Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second. |
Metric.type.fbm[]: Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration. |
|||
ip |
String | ○ | The requested IP address. You can only specify a single ip or subnet per metric. |
metric |
Enumeration | ✓ | Select bandwidth to return traffic bits per second or select packets to return traffic packets per second. |
protocol |
Enumeration | ✓ | The protocol to use in the metric. Valid values are total, icmp, igmp, udp, and tcp. |
subnet |
String | ○ | The requested subnet. You can only specify a single subnet or ip per metric. |
MetricType
Encapsulates information on the types of metrics available to the contract.
Download schema:
MetricType.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Metric Types list acquired successfully",
"data": {
"routed": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"connect": {
"metrics": {
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"packetsIn": {
"desc": "Customer inbound packets, packets per second"
}
}
},
"mitigationPost": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"proxy": {
"metrics": {
"latency": {
"desc": "Average latency of request"
},
"bandwidthIn": {
"desc": "Customer inbound traffic, bits per second"
},
"bandwidthOut": {
"desc": "Customer outbound traffic, bits per second"
},
"connections": {
"desc": "Connections count"
},
"packetsOut": {
"desc": "Customer outbound traffic, packets per second"
},
"requests": {
"desc": "Requests count"
},
"packetsIn": {
"desc": "Customer inbound traffic, packets per second"
}
}
},
"mitigationPre": {
"metrics": {
"packets": {
"desc": "Customer traffic packets per second"
},
"bandwidth": {
"desc": "Customer traffic bits per second"
}
}
},
"fbm": {
"metrics": {
"bandwidth": {
"desc": "Customer traffic bits per second",
"subnets": [
"1.1.2.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
},
"packets": {
"desc": "Customer traffic packets per second",
"subnets": [
"1.1.2.0/24"
],
"protocols": [
"total",
"icmp",
"igmp",
"udp",
"tcp"
]
}
}
}
}
}
MetricType members
| Member | Type | Required | Description |
|---|---|---|---|
MetricType: Encapsulates information on the types of metrics available to the contract. |
|||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. |
data |
Metric |
✓ | Defines the types of metrics you can request. |
status |
Boolean | ✓ | Whether the request for the metrics type list was successful. |
statusMsg |
String | ✓ | A status message that idicates the successful or failed retrival of the metric types list. |
MetricType.data: Defines the types of metrics you can request. |
|||
connect |
Metric |
✓ | Valid routed and connect metrics. |
fbm |
Metric |
✓ | Valid metrics for FBM. |
mitigationPost |
Metric |
✓ | Valid mitigation metrics. |
mitigationPre |
Metric |
✓ | Valid mitigation metrics. |
proxy |
Metric |
✓ | Valid proxy metrics. |
routed |
Metric |
✓ | Valid routed and connect metrics. |
MetricType.data.connect: Valid routed and connect metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available routed or connect metrics. |
MetricType.data.connect.metrics: Contains a list of available routed or connect metrics. |
|||
bandwidthIn |
Object | ✓ | The customer inbound traffic measured in bits per second. |
packetsIn |
Object | ✓ | The customer inbound traffic measured in packets per second. |
MetricType.data.fbm: Valid metrics for FBM. |
|||
metrics |
Metric |
✓ | Contains a list of available FBM metrics. |
MetricType.data.fbm.metrics: Contains a list of available FBM metrics. |
|||
bandwidth |
Metric |
✓ | Customer traffic measured in bits per second. |
packets |
Metric |
✓ | Customer traffic measured in packets per second. |
MetricType.data.fbm.metrics.bandwidth: Customer traffic measured in bits per second. |
|||
protocols |
Array | ✓ | The available protocols. Valid values are total, icmp, igmp, udp, and tcp. |
subnets |
Array | ✓ | The subnets available to your contract. |
MetricType.data.fbm.metrics.packets: Customer traffic measured in packets per second. |
|||
protocols |
Array | ✓ | The available protocols. Valid values are total, icmp, igmp, udp, and tcp. |
subnets |
Array | ✓ | The subnets available to your contract. |
MetricType.data.mitigationPost: Valid mitigation metrics. |
|||
metrics |
Metric |
○ | Contains a list of available mitigation metrics. |
MetricType.data.mitigationPost.metrics: Contains a list of available mitigation metrics. |
|||
bandwidth |
Object | ✓ | Customer traffic measured in packets per second. |
packets |
Object | ✓ | Customer traffic measured in packets per second. |
MetricType.data.mitigationPre: Valid mitigation metrics. |
|||
metrics |
Metric |
○ | Contains a list of available mitigation metrics. |
MetricType.data.mitigationPre.metrics: Contains a list of available mitigation metrics. |
|||
bandwidth |
Object | ✓ | Customer traffic measured in packets per second. |
packets |
Object | ✓ | Customer traffic measured in packets per second. |
MetricType.data.proxy: Valid proxy metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available proxy metrics. |
MetricType.data.proxy.metrics: Contains a list of available proxy metrics. |
|||
bandwidthIn |
Object | ✓ | Customer inbound traffic measured in bits per second. |
bandwidthOut |
Object | ✓ | Customer outbound traffic measured in bits per second. |
connections |
Object | ✓ | The total connections count. |
latency |
Object | ✓ | Average latency of a request. |
packetsIn |
Object | ✓ | Customer outbound traffic measured in packets per second. |
packetsOut |
Object | ✓ | Customer outbound traffic measured in packets per second. |
requests |
Object | ✓ | The total request count. |
MetricType.data.routed: Valid routed and connect metrics. |
|||
metrics |
Metric |
✓ | Contains a list of available routed or connect metrics. |
MetricType.data.routed.metrics: Contains a list of available routed or connect metrics. |
|||
bandwidthIn |
Object | ✓ | The customer inbound traffic measured in bits per second. |
packetsIn |
Object | ✓ | The customer inbound traffic measured in packets per second. |
Attack
Encapsulates the details of an attack, including location, time, and type of attack.
Download schema:
AttackReport.json, AttackReports.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Attack report acquired successfully",
"data": [
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18594,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "SJC",
"endTime": 1390261538,
"eventBw": 500000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 1200,
"ip": "178.132.242.47",
"startTime": 1390244438
},
{
"attackId": 1966,
"destinationPort": "8080",
"eventStartTime": 1390244438,
"eventPeakId": 18595,
"attackTypeName": "RESET Flood",
"netmask": 32,
"eventEndTime": 1390261538,
"location": "LON",
"endTime": 1390261538,
"eventBw": 90000000,
"ticketId": 70946,
"eventId": 2744,
"eventPps": 200000,
"ip": "178.132.242.47",
"startTime": 1390244438
}
]
}
Attack members
| Member | Type | GET | Description | |||||
|---|---|---|---|---|---|---|---|---|
Attack: Encapsulates the details of an attack, including location, time, and type of attack. |
||||||||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. | |||||
data |
Attack. |
✓ | Encapsulates the details of an attack. | |||||
status |
Boolean | ✓ | Whether the request for the attack information was successful. | |||||
statusMsg |
String | ✓ | A status message that idicates the successful or failed retrival of the attack information. | |||||
Attack.data[]: Encapsulates the details of an attack. |
||||||||
attackId |
Integer | ✓ | A unique identifier for the attack. | |||||
attackTypeName |
Enumeration | ○ | The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS. |
|||||
customer |
String | ✓ | A nickname for the customer. | |||||
destinationPort |
String | ○ | The targeted port of the attack, if applicable. Returns null when not applicable. |
|||||
destinations |
Attack. |
○ | An array of targeted IP addresses or Subnets for the attack. | |||||
endTime |
Integer | ○ | The end time of the attack in UNIX epoch seconds (UTC). | |||||
eventBw |
Integer | ✓ | The peak bandwidth for the event. | |||||
eventCON |
Integer | ○ | The peak number of connections for the event. | |||||
eventEndTime |
Integer | ○ | The end time of the event in UNIX epoch seconds (UTC). | |||||
event |
String | ✓ | The end time of the event in yyyy-MM-dd HH:mm:ss format. |
|||||
eventId |
Integer | ✓ | A unique identifier for the event. | |||||
eventPeakId |
Integer | ○ | The peak value of ID for the event. | |||||
eventPps |
Integer | ✓ | The peak packets per second for the event. | |||||
eventStartTime |
Integer | ✓ | The start time of the event in UNIX epoch seconds (UTC). | |||||
event |
String | ✓ | The start time of the event in yyyy-MM-dd HH:mm:ss format. |
|||||
eventType |
Enumeration | ✓ | The type of event. Valid values are alert and attack. |
|||||
eventTypes |
Array | ✓ | The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS. |
|||||
ip |
String | ✓ | The target IP address of the event. | |||||
location |
String | ✓ | Indicates where the alert originated from in the network. | |||||
netmask |
Integer | ✓ | CIDR notation indicating the subnet’s mask size. Valid values for IPv4 are between 1 and 32. Valid values for IPv6 are between 1 and 128. |
|||||
peaks |
Attack. |
○ | Contains peak statistics from the attack data. | |||||
startTime |
Integer | ✓ | The start time of the attack in UNIX epoch seconds (UTC). | |||||
ticketId |
String | ○ | A unique identifier for the ticket associated with this attack. | |||||
Attack.data[].destinations[]: An array of targeted IP addresses or Subnets for the attack. |
||||||||
ip |
String | ✓ | A targeted IP address. | |||||
netmask |
Integer | ✓ | A targeted subnet. | |||||
Attack.data[].peaks[]: Contains peak statistics from the attack data. |
||||||||
bandwidth |
Integer | ✓ | The peak measurement of bandwidth. | |||||
connections |
Integer | ○ | The peak number of connections. | |||||
location |
String | ✓ | The peak value for location. | |||||
peakId |
Integer | ✓ | The peak value for ID. | |||||
pps |
Integer | ✓ | The peak measurement of packets per second. | |||||
Event
Encapsulates the details of an event and the associated attack information.
Download schema:
EventResponse.json
Sample GET response:
{
"status": true,
"currentContract": "coral",
"statusMsg": "Events acquired successfully",
"data": [
{
"service": "man",
"eventType": "alert",
"isOngoing": false,
"eventStartTime": 1390975985,
"eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
"severity": 80,
"eventEndTime": 1393236546,
"eventInfo": {
"location": "mia1",
"lastOccurred": 1393236546,
"attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
}
},
{
"service": "Mitigation",
"eventType": "attack",
"isOngoing": true,
"eventStartTime": 1392922838,
"eventTitle": "[\"SYN Flood\"]",
"severity": 100,
"eventEndTime": 0,
"eventInfo": {
"eventTicketId": "70167",
"attackType": "[\"SYN Flood\"]",
"endTime": false,
"attackEventId": "2707",
"destinationIPs": "[178.132.240.114/32, 178.132.240.155/32, 178.132.240.203/32]",
"startTime": 1392922838
}
}
]
}
Event members
| Member | Type | Required | Description |
|---|---|---|---|
Event: Encapsulates the details of an event and the associated attack information. |
|||
currentContract |
String | ✓ | The policy domain name of the data center or proxy. |
data |
Event. |
○ | Contains the attack details of the event. |
status |
Boolean | ✓ | Whether the request for the events list was successful. |
statusMsg |
String | ✓ | A status message that idicates the successful or failed retrival of the events list. |
Event.data[]: Contains the attack details of the event. |
|||
eventEndTime |
Integer | ○ | The end time of the event in UNIX epoch seconds (UTC). |
eventInfo |
Event. |
○ | If the event is an alert type, this object specifies the alert report information. |
eventInfo |
Event. |
○ | If the event is an attack type, this object specifies the attack report information. |
eventStartTime |
Integer | ✓ | The start time of the event in UNIX epoch seconds (UTC). |
eventTitle |
String | ○ | A title that briefly describes the event. |
eventType |
Enumeration | ✓ | The type of event. Valid values are alert and attack. |
isOngoing |
Boolean | ✓ | Indicates whether the event is currently ongoing. |
service |
String | ✓ | Returns Mitigation in the case of an attack report type event. Returns one of the following sources if it is an alert type event: abm, abr, arb, bgp, fbm, or int. |
severity |
Integer | ✓ | The severity level of the event. |
Event.data[].eventInfo{alert}: If the event is an alert type, this object specifies the alert report information. |
|||
attackId |
String | ✓ | A unique identifier for the attack. |
lastOccurred |
String | ✓ | The time of the last known activity in UNIX epoch seconds (UTC). |
location |
String | ✓ | Indicates where the alert originated from in the network. |
summary |
String | ○ | A brief textual description summarizing the type of event and what happened. |
Event.data[].eventInfo{attackReport}: If the event is an attack type, this object specifies the attack report information. |
|||
attackEventId |
String | ✓ | The ID of the attack report associated with the event. |
attackType |
Enumeration | ✓ | The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS. |
destinationIps |
String | ✓ | The targeted IP addresses of the attack. |
endTime |
String | ○ | The end time of the event in UNIX epoch seconds (UTC). |
eventTicketId |
String | ○ | A unique identifier for the ticket associated with this event. |
startTime |
String | ✓ | The start time of the attack in UNIX epoch seconds (UTC). |
Errors
This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.
Error responses
Responses from the API include status and statusMsg parameters indicating the success or failure of a request. For a failed request, the status boolean will be set to false and statusMsg will contain a string explaining the error condition, such as in the following example:
{
"status": false,
"statusMsg": "Description of failure"
}
For non–2xx HTTPS returned status codes, the error JSON below is returned as outlined. See HTTP Status Codes below for a list of error codes.
HTTP/1.1 429 Too Many Requests
Content-Type: application/problem+json
Reply Body:
{
"type": "https://developer.akamai.com/api/cloud_security/prolexic_analytics/v1.html#ratelimiting"
"title": "Too many requests"
"status" : 429,
"detail": "additional non-http specific info where relevant"
}
HTTP status codes
This section lists the full range of response codes the API may generate.
| Code | Description |
|---|---|
| 200 | The operation was successful. |
| 201 | Resource successfully created. |
| 202 | Resource successfully accepted. |
| 204 | Successfully processed request. |
| 400 | Bad Request. |
| 401 | Authentication failure. |
| 403 | Access is forbidden. |
| 404 | Resource not found. |
| 405 | Method not supported. |
| 409 | Conflict with current state of resource. |
| 410 | Requested resource is no longer available. |
| 411 | Content-length header not specified. |
| 413 | Request body exceeds maximum allowable size. |
| 423 | Requested resource is locked. |
| 429 | Too many requests. See Rate Limiting for more information. |
| 500 | Internal server error. |
| 501 | Functionality not supported. |
| 503 | Too many requests. Service is temporarily unavailable. |
| 507 | Insufficient storage for size of request. Try again later. |
Last modified: 1/14/2019