Prolexic Analytics API v2

Retrieve analytics data from Prolexic DDoS protection and monitoring services.

Learn more:


Overview

The Prolexic Analytics API exposes analytics data from Prolexic DDoS protection and monitoring services such as alerts and network bandwidth timeseries data.

Who Should Use This API

The Prolexic Analytics API helps you better integrate Prolexic’s data into your local environment. You can track network usage and review traffic spikes during attacks using timeseries data. You can also pull attack reports and alert information into local SIEM instances to streamline emergency response and post-event triage using events data.

Getting started

To configure this API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named Prolexic Analytics API, and set the access level to READ-ONLY.

Rate limiting

Prolexic Analytics API endpoints are subject to a rate-limiting constraint, which is currently set to 1000 requests per hour. When this limit is reached, an HTTP 429 error (Too Many Requests) is returned. This should be considered carefully when implementing endpoints that act on single list entries in a loop. This is consistent with all protected Akamai assets exposed via API calls.

Resources

This section provides details on each API operation.

The following list provides a road map of all the conceptual objects you deal with when interacting with the Prolexic Analytics API, and provides pointers to where you can learn more.

  • Metrics: Metrics contain telemetry collected from Akamai networks or your FBM netflow exports.

  • Metric Types: Metric types encapsulate the available types of data from the metrics endpoint.

  • Attack Reports: Attack reports eports created by the SOCC regarding attack events of interest that occur within your traffic.

  • Events: A list of security events with information on the location of the event and additional attack information.

  • Critical Events: A list of security events marked with the highest level severity.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
Get metrics data POST prolexic-analytics/v2/metrics
List metric types GET prolexic-analytics/v2/metric-types/{contract}
List attack reports GET prolexic-analytics/v2/attack-reports/contract/{contract}/start/{start}/end/{end}
Get an attack report GET prolexic-analytics/v2/attack-report/contract/{contract}/attack-id/{attackId}
List events GET prolexic-analytics/v2/events/contract/{contract}
List critical events GET prolexic-analytics/v2/critical-events/contract/{contract}

Get metrics data

Lists metrics specified in the type object, falling between given start and end times, sampled at the given rate and attached to given contract. The maximum range between start and end is 90 days.

If some (not all) requested types are invalid, invalid types are silently dropped, and the response only contains data for valid requests. More meaningful errors result if you are requesting data for only one type at a time.

POST prolexic-analytics/v2/metrics

Content-Type: application/json

Request Body:

{
    "contract": "venus",
    "start": 1322390037,
    "end": 1400385899,
    "samples": 100,
    "type": {
        "routed": [
            "bandwidthIn"
        ],
        "fbm": [
            {
                "metric": "bandwidth",
                "protocol": "total",
                "subnet": "1.1.1.0/24"
            },
            {
                "metric": "packets",
                "protocol": "tcp",
                "ip": "1.1.1.10"
            }
        ]
    }
}

Status 200 application/json

Response Body:

{
    "status": true,
    "data": [
        {
            "service": "routed",
            "metric": "bandwidthIn",
            "points": [
                [
                    1392609960,
                    211014
                ],
                [
                    1396886760,
                    202529
                ]
            ]
        },
        {
            "service": "fbm",
            "metric": "bandwidthIn",
            "protocol": "total",
            "subnet": "1.1.1.0/24",
            "points": [
                [
                    1392609960,
                    211014
                ],
                [
                    1396886760,
                    202529
                ]
            ]
        },
        {
            "service": "routed",
            "metric": "bandwidthIn",
            "protocol": "tcp",
            "ip": "1.1.1.10",
            "points": [
                [
                    1392609960,
                    211014
                ],
                [
                    1396886760,
                    202529
                ]
            ]
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Metrics acquired successfully"
}

List metric types

Retrieve a list of metric types for a specific customer.

GET prolexic-analytics/v2/metric-types/{contract}

Sample: prolexic-analytics/v2/metric-types/coral

Parameter Type Sample Description
URL parameters
contract String coral The policy domain name of the data center or proxy that events belong to.

Status 200 application/json

Response Body:

{
    "status": true,
    "currentContract": "coral",
    "statusMsg": "Metric Types list acquired successfully",
    "data": {
        "routed": {
            "metrics": {
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "packetsIn": {
                    "desc": "Customer inbound traffic, packets per second"
                }
            }
        },
        "connect": {
            "metrics": {
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "packetsIn": {
                    "desc": "Customer inbound packets, packets per second"
                }
            }
        },
        "mitigationPost": {
            "metrics": {
                "packets": {
                    "desc": "Customer traffic packets per second"
                },
                "bandwidth": {
                    "desc": "Customer traffic bits per second"
                }
            }
        },
        "proxy": {
            "metrics": {
                "latency": {
                    "desc": "Average latency of request"
                },
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "bandwidthOut": {
                    "desc": "Customer outbound traffic, bits per second"
                },
                "connections": {
                    "desc": "Connections count"
                },
                "packetsOut": {
                    "desc": "Customer outbound traffic, packets per second"
                },
                "requests": {
                    "desc": "Requests count"
                },
                "packetsIn": {
                    "desc": "Customer inbound traffic, packets per second"
                }
            }
        },
        "mitigationPre": {
            "metrics": {
                "packets": {
                    "desc": "Customer traffic packets per second"
                },
                "bandwidth": {
                    "desc": "Customer traffic bits per second"
                }
            }
        },
        "fbm": {
            "metrics": {
                "bandwidth": {
                    "desc": "Customer traffic bits per second",
                    "subnets": [
                        "1.1.2.0/24"
                    ],
                    "protocols": [
                        "total",
                        "icmp",
                        "igmp",
                        "udp",
                        "tcp"
                    ]
                },
                "packets": {
                    "desc": "Customer traffic packets per second",
                    "subnets": [
                        "1.1.2.0/24"
                    ],
                    "protocols": [
                        "total",
                        "icmp",
                        "igmp",
                        "udp",
                        "tcp"
                    ]
                }
            }
        }
    }
}

List attack reports

Retrieves a list of attack reports for a customer within the specified time range.

GET prolexic-analytics/v2/attack-reports/contract/{contract}/start/{start}/end/{end}

Sample: prolexic-analytics/v2/attack-reports/contract/coral/start/1397049511/end/1399641518

Parameter Type Sample Description
URL parameters
contract String coral The policy domain name of the data center or proxy that attack reports belong to.
start Integer 1397049511 Unix timestamp for beginning of attack report search.
end Integer 1399641518 Unix timestamp for end of attack report search.

Status 200 application/json

Response Body:

{
    "status": true,
    "data": [
        {
            "attackId": 2985,
            "destinationPort": "80",
            "peaks": [
                {
                    "location": "DCA",
                    "peakId": 17277,
                    "bandwidth": 6500000000,
                    "pps": 700000
                },
                {
                    "location": "HKG",
                    "peakId": 17276,
                    "bandwidth": 3000000000,
                    "pps": 600000
                }
            ],
            "eventStartTime": 1381320180,
            "ticketId": 97585,
            "eventEndTime": 1381349454,
            "eventStartTimeAsString": "2013-10-09 12:03:00",
            "endTime": 1381363451,
            "eventId": 4202,
            "eventEndTimeAsString": "2013-10-09 20:10:54",
            "destinations": [
                {
                    "netmask": 32,
                    "ip": "178.132.240.100"
                },
                {
                    "netmask": 32,
                    "ip": "178.132.240.155"
                }
            ],
            "startTime": 1381063041,
            "eventTypes": [
                "DNS Flood",
                "ICMP Flood",
                "UDP Fragment"
            ]
        },
        {
            "attackId": 2974,
            "destinationPort": "80",
            "peaks": [
                {
                    "location": "DCA",
                    "peakId": 17093,
                    "bandwidth": 300000000,
                    "pps": 200
                },
                {
                    "location": "HKG",
                    "peakId": 17092,
                    "bandwidth": 3000000,
                    "pps": 1000
                }
            ],
            "eventStartTime": 1380714180,
            "ticketId": 97368,
            "eventEndTime": 1380752215,
            "eventStartTimeAsString": "2013-10-02 11:43:00",
            "endTime": 1380847367,
            "eventId": 4170,
            "eventEndTimeAsString": "2013-10-02 22:16:55",
            "destinations": [
                {
                    "netmask": 32,
                    "ip": "178.132.240.126"
                }
            ],
            "startTime": 1380714180,
            "eventTypes": [
                "SYN Flood"
            ]
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Attack reports acquired successfully"
}

Get an attack report

Retrieves an attack report for the specified customer and attackId.

GET prolexic-analytics/v2/attack-report/contract/{contract}/attack-id/{attackId}

Sample: prolexic-analytics/v2/attack-report/contract/coral/attack-id/1966

Parameter Type Sample Description
URL parameters
contract String coral The policy domain name of the data center or proxy that attack reports belong to.
attackId Integer 1966 A unique ID for each attack.

Status 200 application/json

Response Body:

{
    "status": true,
    "data": [
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18594,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "SJC",
            "endTime": 1390261538,
            "eventBw": 500000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 1200,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        },
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18595,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "LON",
            "endTime": 1390261538,
            "eventBw": 90000000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 200000,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Attack report acquired successfully"
}

List events

Retrieves an events list for a customer.

GET prolexic-analytics/v2/events/contract/{contract}

Sample: prolexic-analytics/v2/events/contract/coral

Parameter Type Sample Description
URL parameters
contract String coral The policy domain name of the data center or proxy that attack reports belong to.

Status 200 application/json

Response Body:

{
    "status": true,
    "currentContract": "coral",
    "statusMsg": "Events acquired successfully",
    "data": [
        {
            "service": "man",
            "eventInfo": {
                "location": "mia1",
                "lastOccurred": 1393236546,
                "attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
            },
            "eventType": "alert",
            "isOngoing": false,
            "eventStartTime": 1390975985,
            "eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
            "severity": 80,
            "eventEndTime": 1393236546
        },
        {
            "service": "Mitigation",
            "eventInfo": {
                "eventTicketId": "70167",
                "attackType": "[\"SYN Flood\"]",
                "endTime": false,
                "attackEventId": "2707",
                "destinationIPs": "[178.132.240.114/32, 178.132.240.155/32, 178.132.240.203/32]",
                "startTime": 1392922838
            },
            "eventType": "attack",
            "isOngoing": true,
            "eventStartTime": 1392922838,
            "eventTitle": "[\"SYN Flood\"]",
            "severity": 100,
            "eventEndTime": 0
        }
    ]
}

List critical events

Retrieves a critical events list for a customer.

GET prolexic-analytics/v2/critical-events/contract/{contract}

Sample: prolexic-analytics/v2/critical-events/contract/coral

Parameter Type Sample Description
URL parameters
contract String coral The policy domain name of the data center or proxy that attack reports belong to.

Status 200 application/json

Response Body:

{
    "status": true,
    "currentContract": "coral",
    "statusMsg": "Events acquired successfully",
    "data": [
        {
            "siteType": "DC",
            "source": "wbm",
            "location": "dca1",
            "ip": "192.216.61.102",
            "summary": "WBM TEST 5",
            "instance": "01",
            "interfaceName": "unknown",
            "count": 11,
            "siteCustomerName": "coral",
            "eventId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems",
            "siteName": "dca1",
            "acknowledged": 0,
            "state": 1,
            "recentOccur": 1395842910,
            "expires": 3600,
            "node": "lr1.dca1.plx",
            "importance": 5,
            "notes": "TEST 5",
            "firstOccur": 1393657985,
            "description": "TEST WBM LEVEL 5"
        }
    ]
}

Data

This section provides you with the data model for the Prolexic Analytics API.

Download the JSON schemas for this API.

The data schema tables below list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.

Metric

Encapsulates the target contract and time constraints for the specified metrics.

Download schema: MetricDataInput.json

Sample POST request:

{
    "contract": "venus",
    "start": 1322390037,
    "end": 1400385899,
    "samples": 100,
    "type": {
        "routed": [
            "bandwidthIn"
        ],
        "fbm": [
            {
                "metric": "bandwidth",
                "protocol": "total",
                "subnet": "1.1.1.0/24"
            },
            {
                "metric": "packets",
                "protocol": "tcp",
                "ip": "1.1.1.10"
            }
        ]
    }
}

Metric members

Member Type Required Description
contract String The policy domain name of the data center or proxy.
end Integer The end time of the requested metric in UNIX epoch seconds (UTC).
samples Integer The number on data points to return.
start Integer The start time of the requested metric in UNIX epoch seconds (UTC).
type Metric.type Defines the types of requested metrics.
Metric.type: Defines the types of requested metrics.
connect Array Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second.
fbm Metric.type.fbm[] Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration.
mitigationPost Array Select packets to return traffic packets per second or select bandwidth to return traffic bits per second.
mitigationPre Array Select packets to return traffic packets per second or select bandwidth to return traffic bits per second.
proxy Array Select latency for average latency of request, bandwidthIn for inbound traffic in bits per second, bandwidthOut for outbound traffic in bits per second, connections for a connections count, packetsOut for outbound traffic in packets per second, requests a request count, or packetsIn for inbound traffic inpackets per second.
routed Array Select bandwidthIn to return inbound traffic measured in bits per second or select packetsIn to include inbound packets measured in packets per second.
Metric.type.fbm[]: Array of objects with requested metric, protocol, ip, or subnet. The response are valid subnets for your configuration.
ip String The requested IP address. You can only specify a single ip or subnet per metric.
metric Enumeration Select bandwidth to return traffic bits per second or select packets to return traffic packets per second.
protocol Enumeration The protocol to use in the metric. Valid values are total, icmp, igmp, udp, and tcp.
subnet String The requested subnet. You can only specify a single subnet or ip per metric.

MetricType

Encapsulates information on the types of metrics available to the contract.

Download schema: MetricType.json

Sample GET response:

{
    "status": true,
    "currentContract": "coral",
    "statusMsg": "Metric Types list acquired successfully",
    "data": {
        "routed": {
            "metrics": {
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "packetsIn": {
                    "desc": "Customer inbound traffic, packets per second"
                }
            }
        },
        "connect": {
            "metrics": {
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "packetsIn": {
                    "desc": "Customer inbound packets, packets per second"
                }
            }
        },
        "mitigationPost": {
            "metrics": {
                "packets": {
                    "desc": "Customer traffic packets per second"
                },
                "bandwidth": {
                    "desc": "Customer traffic bits per second"
                }
            }
        },
        "proxy": {
            "metrics": {
                "latency": {
                    "desc": "Average latency of request"
                },
                "bandwidthIn": {
                    "desc": "Customer inbound traffic, bits per second"
                },
                "bandwidthOut": {
                    "desc": "Customer outbound traffic, bits per second"
                },
                "connections": {
                    "desc": "Connections count"
                },
                "packetsOut": {
                    "desc": "Customer outbound traffic, packets per second"
                },
                "requests": {
                    "desc": "Requests count"
                },
                "packetsIn": {
                    "desc": "Customer inbound traffic, packets per second"
                }
            }
        },
        "mitigationPre": {
            "metrics": {
                "packets": {
                    "desc": "Customer traffic packets per second"
                },
                "bandwidth": {
                    "desc": "Customer traffic bits per second"
                }
            }
        },
        "fbm": {
            "metrics": {
                "bandwidth": {
                    "desc": "Customer traffic bits per second",
                    "subnets": [
                        "1.1.2.0/24"
                    ],
                    "protocols": [
                        "total",
                        "icmp",
                        "igmp",
                        "udp",
                        "tcp"
                    ]
                },
                "packets": {
                    "desc": "Customer traffic packets per second",
                    "subnets": [
                        "1.1.2.0/24"
                    ],
                    "protocols": [
                        "total",
                        "icmp",
                        "igmp",
                        "udp",
                        "tcp"
                    ]
                }
            }
        }
    }
}

MetricType members

Member Type Required Description
currentContract String The policy domain name of the data center or proxy.
data MetricType.data Defines the types of metrics you can request.
status Boolean Whether the request for the metrics type list was successful.
statusMsg String A status message that idicates the successful or failed retrival of the metric types list.
MetricType.data: Defines the types of metrics you can request.
connect MetricType.data.connect Valid routed and connect metrics.
fbm MetricType.data.fbm Valid metrics for FBM.
mitigationPost MetricType.data.mitigationPost Valid mitigation metrics.
mitigationPre MetricType.data.mitigationPre Valid mitigation metrics.
proxy MetricType.data.proxy Valid proxy metrics.
routed MetricType.data.routed Valid routed and connect metrics.
MetricType.data.connect: Valid routed and connect metrics.
metrics MetricType.data.connect.metrics Contains a list of available routed or connect metrics.
MetricType.data.connect.metrics: Contains a list of available routed or connect metrics.
bandwidthIn Object The customer inbound traffic measured in bits per second.
packetsIn Object The customer inbound traffic measured in packets per second.
MetricType.data.fbm: Valid metrics for FBM.
metrics MetricType.data.fbm.metrics Contains a list of available FBM metrics.
MetricType.data.fbm.metrics: Contains a list of available FBM metrics.
bandwidth MetricType.data.fbm.metrics.bandwidth Customer traffic measured in bits per second.
packets MetricType.data.fbm.metrics.packets Customer traffic measured in packets per second.
MetricType.data.fbm.metrics.bandwidth: Customer traffic measured in bits per second.
protocols Array The available protocols. Valid values are total, icmp, igmp, udp, and tcp.
subnets Array The subnets available to your contract.
MetricType.data.fbm.metrics.packets: Customer traffic measured in packets per second.
protocols Array The available protocols. Valid values are total, icmp, igmp, udp, and tcp.
subnets Array The subnets available to your contract.
MetricType.data.mitigationPost: Valid mitigation metrics.
metrics MetricType.data.mitigationPost.metrics Contains a list of available mitigation metrics.
MetricType.data.mitigationPost.metrics: Contains a list of available mitigation metrics.
bandwidth Object Customer traffic measured in packets per second.
packets Object Customer traffic measured in packets per second.
MetricType.data.mitigationPre: Valid mitigation metrics.
metrics MetricType.data.mitigationPre.metrics Contains a list of available mitigation metrics.
MetricType.data.mitigationPre.metrics: Contains a list of available mitigation metrics.
bandwidth Object Customer traffic measured in packets per second.
packets Object Customer traffic measured in packets per second.
MetricType.data.proxy: Valid proxy metrics.
metrics MetricType.data.proxy.metrics Contains a list of available proxy metrics.
MetricType.data.proxy.metrics: Contains a list of available proxy metrics.
bandwidthIn Object Customer inbound traffic measured in bits per second.
bandwidthOut Object Customer outbound traffic measured in bits per second.
connections Object The total connections count.
latency Object Average latency of a request.
packetsIn Object Customer outbound traffic measured in packets per second.
packetsOut Object Customer outbound traffic measured in packets per second.
requests Object The total request count.
MetricType.data.routed: Valid routed and connect metrics.
metrics MetricType.data.routed.metrics Contains a list of available routed or connect metrics.
MetricType.data.routed.metrics: Contains a list of available routed or connect metrics.
bandwidthIn Object The customer inbound traffic measured in bits per second.
packetsIn Object The customer inbound traffic measured in packets per second.

Attack

Encapsulates the details of an attack, including location, time, and type of attack.

Download schema: AttackReport.json, AttackReports.json

Sample GET response:

{
    "status": true,
    "data": [
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18594,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "SJC",
            "endTime": 1390261538,
            "eventBw": 500000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 1200,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        },
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18595,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "LON",
            "endTime": 1390261538,
            "eventBw": 90000000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 200000,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Attack report acquired successfully"
}

Attack members

Member Type GET Description
currentContract String The policy domain name of the data center or proxy.
data Attack.data[] Encapsulates the details of an attack.
status Boolean Whether the request for the attack information was successful.
statusMsg String A status message that idicates the successful or failed retrival of the attack information.
Attack.data[]: Encapsulates the details of an attack.
attackId Integer A unique identifier for the attack.
attackTypeName Enumeration The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS.
customerShortName String A nickname for the customer.
destinationPort String The targeted port of the attack, if applicable. Returns null when not applicable.
destinations Attack.data[].destinations[] An array of targeted IP addresses or Subnets for the attack.
endTime Integer The end time of the attack in UNIX epoch seconds (UTC).
eventBw Integer The peak bandwidth for the event.
eventCON Integer The peak number of connections for the event.
eventEndTime Integer The end time of the event in UNIX epoch seconds (UTC).
eventEndTimeAsString String The end time of the event in yyyy-MM-dd HH:mm:ss format.
eventId Integer A unique identifier for the event.
eventPeakId Integer The peak value of ID for the event.
eventPps Integer The peak packets per second for the event.
eventStartTime Integer The start time of the event in UNIX epoch seconds (UTC).
eventStartTimeAsString String The start time of the event in yyyy-MM-dd HH:mm:ss format.
eventType Enumeration The type of event. Valid values are alert and attack.
eventTypes Array The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS.
ip String The target IP address of the event.
location String Indicates where the alert originated from in the network.
netmask Integer CIDR notation indicating the subnet’s mask size. Valid values for IPv4 are between 1 and 32. Valid values for IPv6 are between 1 and 128.
peaks Attack.data[].peaks[] Contains peak statistics from the attack data.
startTime Integer The start time of the attack in UNIX epoch seconds (UTC).
ticketId String A unique identifier for the ticket associated with this attack.
Attack.data[].destinations[]: An array of targeted IP addresses or Subnets for the attack.
ip String A targeted IP address.
netmask Integer A targeted subnet.
Attack.data[].peaks[]: Contains peak statistics from the attack data.
bandwidth Integer The peak measurement of bandwidth.
connections Integer The peak number of connections.
location String The peak value for location.
peakId Integer The peak value for ID.
pps Integer The peak measurement of packets per second.

Event

Encapsulates the details of an event and the associated attack information.

Download schema: EventResponse.json

Sample GET response:

{
    "status": true,
    "currentContract": "coral",
    "statusMsg": "Events acquired successfully",
    "data": [
        {
            "service": "man",
            "eventInfo": {
                "location": "mia1",
                "lastOccurred": 1393236546,
                "attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
            },
            "eventType": "alert",
            "isOngoing": false,
            "eventStartTime": 1390975985,
            "eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
            "severity": 80,
            "eventEndTime": 1393236546
        },
        {
            "service": "Mitigation",
            "eventInfo": {
                "eventTicketId": "70167",
                "attackType": "[\"SYN Flood\"]",
                "endTime": false,
                "attackEventId": "2707",
                "destinationIPs": "[178.132.240.114/32, 178.132.240.155/32, 178.132.240.203/32]",
                "startTime": 1392922838
            },
            "eventType": "attack",
            "isOngoing": true,
            "eventStartTime": 1392922838,
            "eventTitle": "[\"SYN Flood\"]",
            "severity": 100,
            "eventEndTime": 0
        }
    ]
}

Event members

Member Type Required Description
currentContract String The policy domain name of the data center or proxy.
data Event.data[] Contains the attack details of the event.
status Boolean Whether the request for the events list was successful.
statusMsg String A status message that idicates the successful or failed retrival of the events list.
Event.data[]: Contains the attack details of the event.
eventEndTime Integer The end time of the event in UNIX epoch seconds (UTC).
eventInfo Event.data[].eventInfo{alert} If the event is an alert type, this object specifies the alert report information.
eventInfo Event.data[].eventInfo{attack} If the event is an attack type, this object specifies the attack report information.
eventStartTime Integer The start time of the event in UNIX epoch seconds (UTC).
eventTitle String A title that briefly describes the event.
eventType Enumeration The type of event. Valid values are alert and attack.
isOngoing Boolean Indicates whether the event is currently ongoing.
service String Returns Mitigation in the case of an attack report type event. Returns one of the following sources if it is an alert type event: abm, abr, arb, bgp, fbm, or int.
severity Integer The severity level of the event.
Event.data[].eventInfo{alert}: If the event is an alert type, this object specifies the alert report information.
attackId String A unique identifier for the attack.
lastOccurred String The time of the last known activity in UNIX epoch seconds (UTC).
location String Indicates where the alert originated from in the network.
summary String A brief textual description summarizing the type of event and what happened.
Event.data[].eventInfo{attack}: If the event is an attack type, this object specifies the attack report information.
attackEventId String The ID of the attack report associated with the event.
attackType Enumeration The types of attacks. Valid values are ACK Flood, CLDAP Reflection, CharGEN Attack, Connection Flood, DNS Flood, FIN Flood, FIN PUSH Flood, GET Flood, GRE Protocol Flood, HEAD Flood, ICMP Flood, IGMP Flood, mDNS Flood, NTP FLOOD, Netbios Flood, POST Flood, PUSH Flood, PUT Flood, RESET Flood, RIP Flood, RPC Flood, Reserved Protocol Flood, SNMP Flood, SQL Server Reflection, SSDP Flood, SSL GET Flood, SSL POST Flood, SYN Flood, SYN PUSH, Sentinel Flood, TCP Anomaly, TCP Fragment, TFTP Flood, UDP Flood, UDP Fragment, or XMAS.
destinationIps String The targeted IP addresses of the attack.
endTime String The end time of the event in UNIX epoch seconds (UTC).
eventTicketId String A unique identifier for the ticket associated with this event.
startTime String The start time of the attack in UNIX epoch seconds (UTC).

Errors

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

Error responses

Responses from the API include status and statusMsg parameters indicating the success or failure of a request. For a failed request, the status boolean will be set to false and statusMsg will contain a string explaining the error condition, such as in the following example:

{
    "status": false,
    "statusMsg": "Description of failure"
}

For non–2xx HTTPS returned status codes, the error JSON below is returned as outlined. See HTTP Status Codes below for a list of error codes.

HTTP/1.1 429 Too Many Requests
Content-Type: application/problem+json
Reply Body:
{
    "type": "https://developer.akamai.com/api/luna/prolexic-analytics/overview.html#ratelimiting"
    "title": "Too many requests"
    "status" : 429,
    "detail": "additional non-http specific info where relevant"
}

HTTP status codes

This section lists the full range of response codes the API may generate.

Code Description
200 The operation was successful.
201 Resource successfully created.
202 Resource successfully accepted.
204 Successfully processed request.
400 Bad Request.
401 Authentication failure.
403 Access is forbidden.
404 Resource not found.
405 Method not supported.
409 Conflict with current state of resource.
410 Requested resource is no longer available.
411 Content-length header not specified.
413 Request body exceeds maximum allowable size.
423 Requested resource is locked.
429 Too many requests. See Rate Limiting for more information.
500 Internal server error.
501 Functionality not supported.
503 Too many requests. Service is temporarily unavailable.
507 Insufficient storage for size of request. Try again later.

Last modified: 9/26/2018