Enterprise Threat Protector Reporting API v3

Reports for acceptable user policy (AUP) events, DNS activity, network traffic connections, security connector events, and threat events.

Learn more:


Overview

The Enterprise Threat Protector (ETP) Reporting API lets you access and analyze reports for acceptable user policy (AUP) events, DNS activity, network traffic connections, security connector events, and threat events. This API allows flexible access to reporting features in Akamai Control Center, using your own tools.

This API is for site administrators, project managers, and technical support providers who implement or troubleshoot Enterprise Threat Protector (ETP) for your organization. To use this API, you should have a working knowledge of ETP and how the configurable objects interact. If you are not familiar with these topics, see the ETP Configuration API for more information.

Get started

To configure this API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named ETP Report, and set the access level to READ-WRITE.

API Concepts

To understand this API’s various URL resources and the data it exchanges, you need to familiarize yourself with these concepts:

  • Configuration ID: When you sign up for ETP, you receive a configuration and associated ID. You need to use this parameter for all operations in the ETP Reporting API. See List Configurations in the ETP Configuration API to obtain this value.

  • Filters: You can filter report data by crafting a Filter object, supplied in the operation URL. You specify filter values to either include or exclude data from the report. You can include additional filter entries and values to further parse report data. See the Filter object type.

  • AUP Event: AUP events provide details on a detected or blocked threat, as directed by the acceptable use policy assigned to your location. You can investigate false positives or provide additional details on why a specific page was blocked.

  • DNS Event: DNS Events provide details on detected threats when accessing a malicious domain. ETP then on-ramps the traffic to Nevada for further analysis.

  • Network traffic transaction: Network traffic transactions provide details on all network traffic that is directed to ETP, including suspicious traffic or traffic that bypasses ETP Proxy. If traffic was dropped, the connection data reports why.

  • Proxy network traffic connection: Proxy network traffic connections provide details on the network traffic that’s directed to proxy. Information such as internal client IP, username, group name, and more are logged in this report. The Proxy Activity report also shows what action was applied to traffic.

  • Security Connector Events: Security Connecter events provide details on malicious or suspicious traffic that ETP routes to a sinkhole device per the policy configuration. ETP collects information about the user device or machine that made the request, such as the internal IP address of the end user’s machine. This information allows you or an IT administrator to identify compromised machines in your network.

  • Threat Event: Threat events provide details on a detected or blocked threat, as directed by your custom ETP security lists. You can look at traffic details to gain insight on malicious websites or phishing campaigns.

Data Retention Policy

Enterprise Threat Protector (ETP) stores entries for 30 days, after which data becomes unavailable.

Resources

This section provides details on the API’s various operations.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
AUP event report  
Report AUP event details POST /etp-report/v3/configs/{configId}/aup-events/details{?filters}
DNS activity report  
Report DNS activity event details POST /etp-report/v3/configs/{configId}/dns-activities/details{?filters}
Network traffic connections report  
Report network traffic connections details POST /etp-report/v3/configs/{configId}/network-traffic/connections/details{?filters}
Proxy traffic transactions report  
Report proxy network traffic transaction details POST /etp-report/v3/configs/{configId}/proxy-traffic/transactions/details{?filters}
Threat event report  
Report threat event details POST /etp-report/v3/configs/{configId}/threat-events/details{?filters}

Report AUP event details

Lists AUP events for a given time period.

POST /etp-report/v3/configs/{configId}/aup-events/details{?filters}

Sample: /etp-report/v3/configs/100/aup-events/details?filters=%7B%22action%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22isAlert%22%3A%7B%22in%22%3A%5B%22true%22%5D%7D%2C%22site%22%3A%7B%22in%22%3A%5B%22-1%22%5D%7D%2C%22list%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22policy%22%3A%7B%22in%22%3A%5B%22164%22%5D%7D%2C%22category%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22domain%22%3A%7B%22in%22%3A%5B%22njit.edu.%22%5D%7D%2C%22destinationIp%22%3A%7B%22in%22%3A%5B%221.2.1.43%22%5D%7D%2C%22country%22%3A%7B%22in%22%3A%5B%22US%22%5D%7D%7D

Content-Type: application/json

Object type: Event

Download schema: events-details-postRequest.json

Request body:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}
Parameter Type Sample Description
URL path parameters
configId Integer 100 A unique identifier for each configuration.
Optional query parameters
filters String {"action":{"in":["1"]},"isAlert":{"in":["true"]},"site":{"in":["-1"]},"list":{"in":["1"]},"policy":{"in":["164"]},"category":{"in":["1"]},"domain":{"in":["njit.edu."]},"destinationIp":{"in":["1.2.1.43"]},"country":{"in":["US"]}} Filters report data using the Filter JSON object. You supply this object as the value after you define the filter parameters.

Status 200 application/json

Object type: AUPEvent

Download schema: aup-events-details-postResponse.json

Response body:

{
    "pageInfo": {
        "totalRecords": 97913,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:53Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474893-46281-35384",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "13.110.63.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.61.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.62.55",
                        "asn": "14340",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:53Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019749",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:52Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "teams.microsoft.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474892-14345-62675",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "52.113.194.132",
                        "asn": "8068",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:52Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019748",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-6340-2976",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-42367-7406",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.e2e-etp.org.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-5081-49572",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "4",
                "listName": "DNS Exfiltration",
                "categoryId": "5",
                "categoryName": "DNS Exfiltration",
                "confidenceId": "1",
                "confidenceName": "Suspected",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5135,
                "severityId": 4,
                "threatName": "Suspected DNS tunneling",
                "severityLevel": "Low",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        }
    ]
}
  1. Ensure you have your configId query parameter. See API Concepts for information on how to obtain this parameter.

  2. Optionally, set the filters query parameter. See Filter for information on how to craft this parameter.

  3. Build a new Event object.

  4. POST the object to /etp-report/v3/configs/{configId}/aup-events/details{?filters}.

  5. The operation responds with a AUPEvent object.

Report DNS activity event details

Lists raw DNS events for a given time period. This operation retrieves the first 500 configurable results.

POST /etp-report/v3/configs/{configId}/dns-activities/details{?filters}

Sample: /etp-report/v3/configs/100/dns-activities/details?filters=%7B%22action%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22isAlert%22%3A%7B%22in%22%3A%5B%22true%22%5D%7D%2C%22site%22%3A%7B%22in%22%3A%5B%22-1%22%5D%7D%2C%22list%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22policy%22%3A%7B%22in%22%3A%5B%22164%22%5D%7D%2C%22category%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22domain%22%3A%7B%22in%22%3A%5B%22njit.edu.%22%5D%7D%2C%22destinationIp%22%3A%7B%22in%22%3A%5B%221.2.1.43%22%5D%7D%2C%22country%22%3A%7B%22in%22%3A%5B%22US%22%5D%7D%7D

Content-Type: application/json

Object type: Event

Download schema: events-details-postRequest.json

Request body:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}
Parameter Type Sample Description
URL path parameters
configId Integer 100 A unique identifier for each configuration.
Optional query parameters
filters String {"action":{"in":["1"]},"isAlert":{"in":["true"]},"site":{"in":["-1"]},"list":{"in":["1"]},"policy":{"in":["164"]},"category":{"in":["1"]},"domain":{"in":["njit.edu."]},"destinationIp":{"in":["1.2.1.43"]},"country":{"in":["US"]}} Filters report data using the Filter JSON object. You supply this object as the value after you define the filter parameters.

Status 200 application/json

Object type: DNSActivityEvent

Download schema: dns-activity-events-details-postResponse.json

Response body:

{
    "pageInfo": {
        "totalRecords": 685134,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": -1,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590448430.akamaietpmalwaretest.com.",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "confidenceName": "Unknown",
                "actionId": "1",
                "actionName": "Monitor",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "spocs.getpocket.com.",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "50.16.145.165",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "35.169.67.87",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "52.202.154.119",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "52.204.41.228",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "onRamp": "Yes",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019313",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "172.25.162.210",
                "dnsIp": "198.18.193.241",
                "domain": "cme-linuscmewlhrwlhr-013-wlhr-public.wbx2.com.",
                "queryType": "A",
                "deviceId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
                "deviceName": "WIN81-ENT-210",
                "resolved": [
                    {
                        "type": "A",
                        "response": "62.109.242.31",
                        "asn": "13445",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "5003",
                "siteName": "Off Network ETP Clients",
                "policyId": "32965",
                "policyName": "Westford OFF Network policy",
                "confidenceName": "Unknown",
                "actionId": "10",
                "actionName": "Bypass",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "00019274",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": -1,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590447770.akamaietpmalwaretest.com.",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "confidenceName": "Unknown",
                "actionId": "1",
                "actionName": "Monitor",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.159",
                "dnsIp": "198.18.193.241",
                "domain": "e6589.dscb.akamaiedge.net.",
                "queryType": "A",
                "deviceId": "630ace6b-4f26-41df-b411-cd652512cb04",
                "deviceName": "Lab-Mac-19818179159.local",
                "resolved": [
                    {
                        "type": "A",
                        "response": "23.204.70.172",
                        "asn": "20940",
                        "asname": "qwest"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "51277",
                "siteName": "E2E Mac 179.159 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "confidenceName": "Unknown",
                "actionId": "10",
                "actionName": "Bypass",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "00032083",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        }
    ]
}
  1. Ensure you have your configId query parameter. See API Concepts for information on how to obtain this parameter.

  2. Optionally, set the filters query parameter. See Filter for information on how to craft this parameter.

  3. Build a new Event object.

  4. POST the object to /etp-report/v3/configs/{configId}/dns-activities/details{?filters}.

  5. The operation responds with a DNSActivityEvent object.

Report network traffic connections details

Lists network traffic connections for a given time period.

POST /etp-report/v3/configs/{configId}/network-traffic/connections/details{?filters}

Sample: /etp-report/v3/configs/100/network-traffic/connections/details?filters=%7B%22action%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22isAlert%22%3A%7B%22in%22%3A%5B%22true%22%5D%7D%2C%22site%22%3A%7B%22in%22%3A%5B%22-1%22%5D%7D%2C%22list%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22policy%22%3A%7B%22in%22%3A%5B%22164%22%5D%7D%2C%22category%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22domain%22%3A%7B%22in%22%3A%5B%22njit.edu.%22%5D%7D%2C%22destinationIp%22%3A%7B%22in%22%3A%5B%221.2.1.43%22%5D%7D%2C%22country%22%3A%7B%22in%22%3A%5B%22US%22%5D%7D%7D

Content-Type: application/json

Object type: Event

Download schema: events-details-postRequest.json

Request body:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}
Parameter Type Sample Description
URL path parameters
configId Integer 100 A unique identifier for each configuration.
Optional query parameters
filters String {"action":{"in":["1"]},"isAlert":{"in":["true"]},"site":{"in":["-1"]},"list":{"in":["1"]},"policy":{"in":["164"]},"category":{"in":["1"]},"domain":{"in":["njit.edu."]},"destinationIp":{"in":["1.2.1.43"]},"country":{"in":["US"]}} Filters report data using the Filter JSON object. You supply this object as the value after you define the filter parameters.

Status 200 application/json

Object type: NetworkTrafficConnection

Download schema: network-traffic-events-details-postResponse.json

Response body:

{
    "pageInfo": {
        "totalRecords": 164614,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "connectionId": "0x3706B3154FB0D3711164C",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:48Z",
            "connEndTime": "2020-05-26T06:34:48Z",
            "clientIP": "198.18.179.121",
            "clientPort": 37565,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "198.18.179.121",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "4655ba63-0adb-4ce5-a5a9-ae0fd616ef36",
            "machineName": "DESKTOP-5FL9GBR",
            "clientRequestId": "4655ba63-0adb-4ce5-a5a9-ae0fd616ef36-15904748887626277-3075",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "1",
            "connectionId": "0x3706B3144FB0D23C9E88",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:47Z",
            "connEndTime": "2020-05-26T06:34:47Z",
            "clientIP": "172.25.162.210",
            "clientPort": 34908,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "172.25.162.210",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
            "machineName": "WIN81-ENT-210",
            "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904748107656327-1199",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "2",
            "connectionId": "0x3706B3154FB09DED1164B",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:34Z",
            "connEndTime": "2020-05-26T06:34:34Z",
            "clientIP": "198.18.179.159",
            "clientPort": 33395,
            "destinationIP": "198.18.179.64",
            "destinationPort": 80,
            "siteId": 51277,
            "siteName": "E2E Mac 179.159 site",
            "policyAction": "onramp",
            "onrampType": "etp_client",
            "internalClientIP": "198.18.179.159",
            "httpVersion": "1.1",
            "httpUserAgent": "etpClient (unknown version) CFNetwork/1121.1.2 Darwin/19.3.0 (x86_64) EtpClient:3.0.0",
            "machineId": "630ace6b-4f26-41df-b411-cd652512cb04",
            "machineName": "Lab-Mac-19818179159.local",
            "clientRequestId": "630ace6b-4f26-41df-b411-cd652512cb04-15904748508376060-2350",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "3",
            "connectionId": "0x3706B3144FB084179E86",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:27Z",
            "connEndTime": "2020-05-26T06:34:27Z",
            "clientIP": "172.25.162.210",
            "clientPort": 43337,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "172.25.162.210",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
            "machineName": "WIN81-ENT-210",
            "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904747907591129-1198",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "4",
            "connectionId": "0x3706B3174FB05214C6A4",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:14Z",
            "connEndTime": "2020-05-26T06:34:14Z",
            "clientIP": "198.18.179.110",
            "clientPort": 43231,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "198.18.179.110",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "60978b6d-3b85-4366-920b-ed00935e0706",
            "machineName": "DESKTOP-5FL9GBR",
            "clientRequestId": "60978b6d-3b85-4366-920b-ed00935e0706-15904748554127546-6037",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        }
    ]
}
  1. Ensure you have your configId query parameter. See API Concepts for information on how to obtain this parameter.

  2. Optionally, set the filters query parameter. See Filter for information on how to craft this parameter.

  3. Build a new Event object.

  4. POST the object to /etp-report/v3/configs/{configId}/network-traffic/connections/details{?filters}.

  5. The operation responds with a NetworkTrafficConnection object.

Report proxy network traffic transaction details

Lists proxy network traffic connections for a given time period.

POST /etp-report/v3/configs/{configId}/proxy-traffic/transactions/details{?filters}

Sample: /etp-report/v3/configs/100/proxy-traffic/transactions/details?filters=%7B%22action%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22isAlert%22%3A%7B%22in%22%3A%5B%22true%22%5D%7D%2C%22site%22%3A%7B%22in%22%3A%5B%22-1%22%5D%7D%2C%22list%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22policy%22%3A%7B%22in%22%3A%5B%22164%22%5D%7D%2C%22category%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22domain%22%3A%7B%22in%22%3A%5B%22njit.edu.%22%5D%7D%2C%22destinationIp%22%3A%7B%22in%22%3A%5B%221.2.1.43%22%5D%7D%2C%22country%22%3A%7B%22in%22%3A%5B%22US%22%5D%7D%7D

Content-Type: application/json

Object type: Event

Download schema: events-details-postRequest.json

Request body:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}
Parameter Type Sample Description
URL path parameters
configId Integer 100 A unique identifier for each configuration.
Optional query parameters
filters String {"action":{"in":["1"]},"isAlert":{"in":["true"]},"site":{"in":["-1"]},"list":{"in":["1"]},"policy":{"in":["164"]},"category":{"in":["1"]},"domain":{"in":["njit.edu."]},"destinationIp":{"in":["1.2.1.43"]},"country":{"in":["US"]}} Filters report data using the Filter JSON object. You supply this object as the value after you define the filter parameters.

Status 200 application/json

Object type: ProxyTrafficTransaction

Download schema: proxy-traffic-events-details-postResponse.json

Response body:

{
    "pageInfo": {
        "totalRecords": 44583,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "l7Protocol": "HTTP",
            "isEvent": true,
            "request": {
                "startTime": 1590474813791,
                "connectionId": "0x3706B3124FAFAF8C9574",
                "domain": "statsfe2.ws.microsoft.com.",
                "uri": "/ReportingWebService/ReportingWebService.asmx",
                "method": "POST",
                "clientPort": 48176,
                "destinationIP": "52.183.47.176",
                "destinationPort": 80,
                "uuid": "1b72e77c-254a-4ba9-a456-2a1b4407d65b",
                "clientIp": "172.25.162.210",
                "queryStrings": [],
                "headers": [
                    {
                        "name": "Cache-Control",
                        "value": "no-cache"
                    },
                    {
                        "name": "Content-Length",
                        "value": "2369"
                    },
                    {
                        "name": "Content-Type",
                        "value": "text/xml; charset=utf-8"
                    },
                    {
                        "name": "Host",
                        "value": "statsfe2.ws.microsoft.com"
                    },
                    {
                        "name": "Pragma",
                        "value": "no-cache"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Windows-Update-Agent/7.9.9600.19670 Client-Protocol/1.21 EtpClient:3.0.0"
                    },
                    {
                        "name": "X-Forwarded-For",
                        "value": "172.25.162.210, 172.25.162.210"
                    }
                ]
            },
            "response": {
                "endTime": 1590474813793,
                "hash": "",
                "headers": []
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:33:33Z",
                "detectionType": "inline",
                "siteId": "5003",
                "siteName": "Off Network ETP Clients",
                "policyId": "32965",
                "policyName": "Westford OFF Network policy",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "73",
                "categoryName": "73",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "4",
                "actionName": "Block - Error Page",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_offnet_client",
                "internalClientIP": "172.25.162.210",
                "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904747363383674-1195",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Windows-Update-Agent/7.9.9600.19670 Client-Protocol/1.21 EtpClient:3.0.0",
                "deviceId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
                "deviceName": "WIN81-ENT-210",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "1",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474750161,
                "connectionId": "0x3706B30F4FAEB4B27FB1",
                "domain": "statics.teams.cdn.office.net.",
                "uri": "/evergreen-assets/icons/1x1-000000ff.png",
                "method": "GET",
                "clientPort": 34656,
                "destinationIP": "2600:1409:d000::17df:3490",
                "destinationPort": 443,
                "uuid": "38c91e98-37fc-40f0-876e-ba60104b4d35",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "cb",
                        "value": "1590474712726"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "image/webp,image/apng,image/*,*/*;q=0.8"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "statics.teams.cdn.office.net"
                    },
                    {
                        "name": "Referer",
                        "value": "https://teams.microsoft.com/_"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.12058 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474750226,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "*"
                    },
                    {
                        "name": "Cache-Control",
                        "value": "public, max-age=604777"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Content-Length",
                        "value": "68"
                    },
                    {
                        "name": "Content-MD5",
                        "value": "5E5+z+yZNWYywTzT6qPiUA=="
                    },
                    {
                        "name": "Content-Type",
                        "value": "image/png"
                    },
                    {
                        "name": "Date",
                        "value": "Tue, 26 May 2020 06:32:30 GMT"
                    },
                    {
                        "name": "ETag",
                        "value": "\"0x8D6D3F4152295F5\""
                    },
                    {
                        "name": "Last-Modified",
                        "value": "Wed, 08 May 2019 20:30:59 GMT"
                    },
                    {
                        "name": "Server",
                        "value": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:32:30Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "104",
                "categoryName": "104",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904747127323964-48715",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.12058 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 104,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "104",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "2",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474718273,
                "connectionId": "0x3706B3154FAE37181163A",
                "domain": "clickstream-killswitch.hd-personalization-prod.gcp.example.com.",
                "uri": "/clickstream-killswitch/v1/detail",
                "method": "GET",
                "clientPort": 42380,
                "destinationIP": "130.211.21.250",
                "destinationPort": 443,
                "uuid": "a1d7f692-c932-466a-82f6-e4e85bba7864",
                "clientIp": "172.25.174.232",
                "queryStrings": [],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "content-type",
                        "value": "application/json"
                    },
                    {
                        "name": "Host",
                        "value": "clickstream-killswitch.hd-personalization-prod.gcp.example.com"
                    },
                    {
                        "name": "Origin",
                        "value": "https://www.example.com"
                    },
                    {
                        "name": "Referer",
                        "value": "https://www.example.com/"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474718348,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "https://www.example.com"
                    },
                    {
                        "name": "Content-Length",
                        "value": "1329"
                    },
                    {
                        "name": "Content-Type",
                        "value": "application/json;charset=UTF-8"
                    },
                    {
                        "name": "Date",
                        "value": "Tue, 26 May 2020 06:31:57 GMT"
                    },
                    {
                        "name": "Vary",
                        "value": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers"
                    },
                    {
                        "name": "Via",
                        "value": "1.1 google"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:58Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "55",
                "categoryName": "Streaming Websites",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746798952196-48708",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 55,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "Streaming Websites",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    },
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "3",
            "l7Protocol": "HTTPS",
            "isEvent": true,
            "request": {
                "startTime": 1590474706144,
                "connectionId": "0x3706B3154FAE084111637",
                "domain": "c.go-mpulse.net.",
                "uri": "/api/config.json",
                "method": "GET",
                "clientPort": 41176,
                "destinationIP": "2600:1409:d000:38e::11a6",
                "destinationPort": 443,
                "uuid": "8e86b32f-9a83-4162-a008-3e2c58b09f87",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "key",
                        "value": "FDSGP-LEB9B-T8Y2A-5V5ED-9WX2T"
                    },
                    {
                        "name": "d",
                        "value": "www.akamai.com"
                    },
                    {
                        "name": "t",
                        "value": "5301582"
                    },
                    {
                        "name": "v",
                        "value": "1.667.0"
                    },
                    {
                        "name": "if",
                        "value": ""
                    },
                    {
                        "name": "sl",
                        "value": "0"
                    },
                    {
                        "name": "si",
                        "value": "876aebf5-a115-47de-973b-9ac2ba2cdd1c-qaqswv"
                    },
                    {
                        "name": "r",
                        "value": ""
                    },
                    {
                        "name": "bcn",
                        "value": "%2F%2F173e2548.akstat.io%2F"
                    },
                    {
                        "name": "acao",
                        "value": ""
                    },
                    {
                        "name": "ak.ai",
                        "value": "593889"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "c.go-mpulse.net"
                    },
                    {
                        "name": "Origin",
                        "value": "https://www.akamai.com"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474706146,
                "hash": "",
                "headers": []
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:46Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "31",
                "categoryName": "Chat Site",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "4",
                "actionName": "Block - Error Page",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746699129224-48707",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 31,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "Chat Site",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "4",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474688053,
                "connectionId": "0x3706B3124FADC2CF9570",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uri": "/chat/rest/Visitor/Availability.jsonp",
                "method": "GET",
                "clientPort": 43149,
                "destinationIP": "13.110.63.55",
                "destinationPort": 443,
                "uuid": "7b33eedd-8b7d-463b-80d9-996b74a0a9ee",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "sid",
                        "value": "409d47de-bf85-433c-9c88-79add325835a"
                    },
                    {
                        "name": "r",
                        "value": "906"
                    },
                    {
                        "name": "Availability.prefix",
                        "value": "Visitor"
                    },
                    {
                        "name": "Availability.ids",
                        "value": "[5730f000000HhB2,5730f000000HhAJ,5730f000000HhAY]"
                    },
                    {
                        "name": "callback",
                        "value": "liveagent._.handlePing"
                    },
                    {
                        "name": "deployment_id",
                        "value": "5720f0000009HUh"
                    },
                    {
                        "name": "org_id",
                        "value": "00DA0000000Hu5a"
                    },
                    {
                        "name": "version",
                        "value": "43"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "d.la1-c2-ia4.salesforceliveagent.com"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474688139,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "*"
                    },
                    {
                        "name": "Cache-Control",
                        "value": "no-cache"
                    },
                    {
                        "name": "Connection",
                        "value": "close"
                    },
                    {
                        "name": "Content-Encoding",
                        "value": "gzip"
                    },
                    {
                        "name": "Content-Type",
                        "value": "text/javascript"
                    },
                    {
                        "name": "Expires",
                        "value": "-1"
                    },
                    {
                        "name": "Pragma",
                        "value": "no-cache"
                    },
                    {
                        "name": "X-Content-Type-Options",
                        "value": "nosniff"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:28Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "73",
                "categoryName": "73",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746509095241-48705",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        }
    ]
}
  1. Ensure you have your configId query parameter. See API Concepts for information on how to obtain this parameter.

  2. Optionally, set the filters query parameter. See Filter for information on how to craft this parameter.

  3. Build a new Event object.

  4. POST the object to /etp-report/v3/configs/{configId}/proxy-traffic/transactions/details{?filters}.

  5. The operation responds with a ProxyTrafficTransaction object.

Report threat event details

Lists the count of threat events, grouped for a given granularity.

POST /etp-report/v3/configs/{configId}/threat-events/details{?filters}

Sample: /etp-report/v3/configs/100/threat-events/details?filters=%7B%22action%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22isAlert%22%3A%7B%22in%22%3A%5B%22true%22%5D%7D%2C%22site%22%3A%7B%22in%22%3A%5B%22-1%22%5D%7D%2C%22list%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22policy%22%3A%7B%22in%22%3A%5B%22164%22%5D%7D%2C%22category%22%3A%7B%22in%22%3A%5B%221%22%5D%7D%2C%22domain%22%3A%7B%22in%22%3A%5B%22njit.edu.%22%5D%7D%2C%22destinationIp%22%3A%7B%22in%22%3A%5B%221.2.1.43%22%5D%7D%2C%22country%22%3A%7B%22in%22%3A%5B%22US%22%5D%7D%7D

Content-Type: application/json

Object type: Event

Download schema: events-details-postRequest.json

Request body:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}
Parameter Type Sample Description
URL path parameters
configId Integer 100 A unique identifier for each configuration.
Optional query parameters
filters String {"action":{"in":["1"]},"isAlert":{"in":["true"]},"site":{"in":["-1"]},"list":{"in":["1"]},"policy":{"in":["164"]},"category":{"in":["1"]},"domain":{"in":["njit.edu."]},"destinationIp":{"in":["1.2.1.43"]},"country":{"in":["US"]}} Filters report data using the Filter JSON object. You supply this object as the value after you define the filter parameters.

Status 200 application/json

Object type: ThreatEvent

Download schema: threat-events-details-postResponse.json

Response body:

{
    "pageInfo": {
        "totalRecords": 97913,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:53Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474893-46281-35384",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "13.110.63.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.61.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.62.55",
                        "asn": "14340",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:53Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019749",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:52Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "teams.microsoft.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474892-14345-62675",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "52.113.194.132",
                        "asn": "8068",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:52Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019748",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-6340-2976",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-42367-7406",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.e2e-etp.org.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-5081-49572",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "4",
                "listName": "DNS Exfiltration",
                "categoryId": "5",
                "categoryName": "DNS Exfiltration",
                "confidenceId": "1",
                "confidenceName": "Suspected",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5135,
                "severityId": 4,
                "threatName": "Suspected DNS tunneling",
                "severityLevel": "Low",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        }
    ]
}
  1. Ensure you have your configId query parameter. See API Concepts for information on how to obtain this parameter.

  2. Optionally, set the filters query parameter. See Filter for information on how to craft this parameter.

  3. Build a new Event object.

  4. POST the object to /etp-report/v3/configs/{configId}/threat-events/details{?filters}.

  5. The operation responds with a ThreatEvent object.

Data

This section provides details for each type of data object the API exchanges.

Filter

The filter JSON object allows you to specify values of certain data types to include or exclude from your report. You must provide this object as the filter parameter and not in the body of the request. For example, you can target historical config details for a specific domain, while excluding certain actions that are not relevant to the target report data.

Sample GET:

{
   "action":{
      "in":[
         "1"
      ]
   },
   "isAlert":{
      "in":[
         "true"
      ]
   },
   "site":{
      "in":[
         "-1"
      ]
   },
   "list":{
      "in":[
         "1"
      ]
   },
   "policy":{
      "in":[
         "164"
      ]
   },
   "category":{
      "in":[
         "1"
      ]
   },
   "domain":{
      "in":[
         "njit.edu."
      ]
   }
}

Filter Members

Member Type Description
action String JSON criteria object representing in and not-in clauses for action.
category String JSON criteria object representing in and not-in clauses for category.
confidence String JSON criteria object representing in and not-in clauses for confidence.
destinationIp String JSON criteria object representing in and not-in clauses for destination IP.
destinationPort String JSON criteria object representing in and not-in clauses for destination port.
domain String JSON criteria object representing in and not-in clauses for detection domain.
hostname String JSON criteria object representing in and not-in clauses for hostname.
internalIp String JSON criteria object representing in and not-in clauses for internal IP.
isAlert String JSON criteria object representing in and not-in clauses for alerts.
list String JSON criteria object representing in and not-in clauses for list.
machineName String JSON criteria object representing in and not-in clauses for machine name.
policy String JSON criteria object representing in and not-in clauses for policy.
sinkholeId String JSON criteria object representing in and not-in clauses for sinkhole ID.
sinkholeIp String JSON criteria object representing in and not-in clauses for sinkhole IP.
site String JSON criteria object representing in and not-in clauses for site. A site ID of -1 points to the roaming location.
sourcePort String JSON criteria object representing in and not-in clauses for source port.
uuid String JSON criteria object representing in and not-in clauses for UUID.

Filter.* Members

Member Type Description
in Array An array of strings containing unique identifiers for any filter parameter to include in the report.
nin Array An array of strings containing unique identifiers for any filter parameter to exclude in the report.

Download the JSON schemas for this API.

Event

Contains request parameters for a detailed report of events.

Download schema: events-details-postRequest.json

Sample POST request:

{
    "startTimeSec": 1587459637,
    "endTimeSec": 1589965237,
    "orderBy": "DESC",
    "pageNumber": 1,
    "pageSize": 5,
    "filters": {}
}

Event members

Member Type Description
Event: Contains request parameters for a detailed report of events.
endTimeSec Event.endTimeSec The end time for report data, in epoch seconds.
filters Event.filters Filter options to filter report data
orderBy Enumeration The order of event data, either ASEC or DESC.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
startTimeSec Event.startTimeSec The start time for report data, in epoch seconds.
Event.endTimeSec: The end time for report data, in epoch seconds.
endTimeSec Integer The end time for report data, in epoch seconds.
Event.filters: Filter options to filter report data
filters Enumeration Optionally filter by a dimension of data, either INTERNALIP, SOURCEPORT, DESTINATIONPORT, SINKHOLEID, SINKHOLEIP, HOSTNAME, MACHINENAME, UUID, DESTINATIONIP, SITE, LIST, POLICY, ACTION, CATEGORY, ISALERT, CONFIDENCE, or DOMAIN.
Event.startTimeSec: The start time for report data, in epoch seconds.
startTimeSec Integer The start time for report data, in epoch seconds.

AUPEvent

Encapsulates a detailed list of AUP events for the given time period.

Download schema: aup-events-details-postResponse.json

Sample POST response:

{
    "pageInfo": {
        "totalRecords": 97913,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:53Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474893-46281-35384",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "13.110.63.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.61.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.62.55",
                        "asn": "14340",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:53Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019749",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:52Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "teams.microsoft.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474892-14345-62675",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "52.113.194.132",
                        "asn": "8068",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:52Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019748",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-6340-2976",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-42367-7406",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.e2e-etp.org.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-5081-49572",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "4",
                "listName": "DNS Exfiltration",
                "categoryId": "5",
                "categoryName": "DNS Exfiltration",
                "confidenceId": "1",
                "confidenceName": "Suspected",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5135,
                "severityId": 4,
                "threatName": "Suspected DNS tunneling",
                "severityLevel": "Low",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        }
    ]
}

AUPEvent members

Member Type Description
AUPEvent: Encapsulates a detailed list of AUP events for the given time period.
dataRows AUPEvent.dataRows[] Encapsulates high-level AUP event report details and a list of matching events.
pageInfo AUPEvent.pageInfo Provides pagination information for a report.
AUPEvent.dataRows[]: Encapsulates high-level AUP event report details and a list of matching events.
configId String The contract ID assigned to the request.
event AUPEvent.dataRows[].event Contains details about an event that occurred as a result of a DNS query or a web request.
id Integer A unique identifier for the column object.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
query AUPEvent.dataRows[].query Encapsulates information about the requested DNS query.
AUPEvent.dataRows[].event: Contains details about an event that occurred as a result of a DNS query or a web request.
actionId Integer A unique identifier for the action taken.
actionName String A descriptive name for the action identifier.
blockDescription String A short description of the event.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category identifier.
clientRequestId String A unique identifier for the request client.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level identifier.
correlatedSinkholeEvents AUPEvent.dataRows[].event.correlatedSinkholeEvents[] Contains related sinkhole data for eligible events.
deepScanned Boolean Whether the event generated a deepscan report using static and dynamic malware analysis.
deepscanReportPath String The location of a deepscan report.
detectionTime String The event detected time in ISO 8601 format.
detectionType Enumeration Event detected during online or while offline batch processing. Either ONLINE or OFFLINE.
deviceId String A unique identifier for the device associated with an event.
deviceName String The name of the device associated with an event.
httpUserAgent String The HTTP user agent associated with an event.
httpVersion String The version of HTTP protocol used.
internalClientIP String The IP address of the internal client device used for web traffic.
listId Integer A unique identifier for the list.
listIdentifiers AUPEvent.dataRows[].event.listIdentifiers[] The scanning results from various classifiers. Only availble for web requests.
listName String A descriptive name for the list identifier.
onRamp String Whether onRamp is enabled.
onrampType Enumeration The type of onramp associated with the event. Either dns, web, onramp_dns, etp_client, etp_offnet_client, or explicit_policy.
policyEvaluationSource String Source of the policy evaluation.
policyId Integer A unique identifier for the policy.
policyName String The descriptive name of the matching policy.
reason String A descriptive explanation of why traffic was not allowed.
severityId Integer Indicates the severity of the threat.
severityLevel String A description of the severity level.
siteId String A unique identifier for the site.
siteName String The descriptive name of the source location or branch.
threatId Integer A unique identifier for a threat event.
threatName String The descriptive name for the threat event.
trigger String Event triggered due to domain or IP policy settings.
AUPEvent.dataRows[].event.correlatedSinkholeEvents[]: Contains related sinkhole data for eligible events.
configId String The contract id associated with the request.
destinationIp String The IP address of the destination machine for the event.
destinationPort Integer The destination device’s port number.
eventId String A unique identifier for the event.
eventTime String The timestamp of the event in ISO 8601 format.
hitCount Integer The total count of DNS hits.
hostname String The host device’s name.
internalIp String The internal device’s IP address.
isCorrelated Boolean Whether the events are correlated.
l4Protocol String The layer 4 protocol used to make the web request.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
machineNames Array The name of a device related to the event.
sinkholeId String A unique identifier for the security connector.
sinkholeIp String The IP address of the security connector for the event.
sinkholeName String The security connector’s name.
sourceIp String The source device’s IP address.
sourcePort Integer The source device’s port number.
url String The event’s location.
userAgent String The event device’s user agent.
AUPEvent.dataRows[].event.listIdentifiers[]: The scanning results from various classifiers. Only availble for web requests.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level.
listId Integer A unique identifier for the list.
listName String A descriptive name for the list.
threatId Integer A unique identifier about the threat.
threatName String A descriptive name for the threat.
AUPEvent.dataRows[].query: Encapsulates information about the requested DNS query.
clientIp String The requesting client’s IP address.
deviceId String Id of the device.
deviceName String Name of device used.
dnsIp String The DNS resolver IP address.
domain String The requested domain address.
queryType String The DNS query type.
resolved AUPEvent.dataRows[].query.resolved[] The details about the requested DNS query resolution.
time String Time of DNS request in ISO 8601 format.
uuid String UUId value.
AUPEvent.dataRows[].query.resolved[]: The details about the requested DNS query resolution.
asn String Autonomous system number used for resolution.
asName String Autonomous system name used for resolution.
response String Resolved domain or IP address.
type String DNS resolution type. For example: A or CNAME
AUPEvent.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

DNSActivityEvent

Encapsulates a detailed list of DNS activity events for the given time period.

Download schema: dns-activity-events-details-postResponse.json

Sample POST response:

{
    "pageInfo": {
        "totalRecords": 685134,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": -1,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590448430.akamaietpmalwaretest.com.",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "confidenceName": "Unknown",
                "actionId": "1",
                "actionName": "Monitor",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "spocs.getpocket.com.",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "50.16.145.165",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "35.169.67.87",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "52.202.154.119",
                        "asn": "14618",
                        "asname": "aws"
                    },
                    {
                        "type": "A",
                        "response": "52.204.41.228",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "onRamp": "Yes",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019313",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "172.25.162.210",
                "dnsIp": "198.18.193.241",
                "domain": "cme-linuscmewlhrwlhr-013-wlhr-public.wbx2.com.",
                "queryType": "A",
                "deviceId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
                "deviceName": "WIN81-ENT-210",
                "resolved": [
                    {
                        "type": "A",
                        "response": "62.109.242.31",
                        "asn": "13445",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "5003",
                "siteName": "Off Network ETP Clients",
                "policyId": "32965",
                "policyName": "Westford OFF Network policy",
                "confidenceName": "Unknown",
                "actionId": "10",
                "actionName": "Bypass",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "00019274",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": -1,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590447770.akamaietpmalwaretest.com.",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "confidenceName": "Unknown",
                "actionId": "1",
                "actionName": "Monitor",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "hitCount": 1,
            "alexaRanking": 1000000,
            "query": {
                "time": "2020-05-26T06:00:00Z",
                "clientIp": "198.18.179.159",
                "dnsIp": "198.18.193.241",
                "domain": "e6589.dscb.akamaiedge.net.",
                "queryType": "A",
                "deviceId": "630ace6b-4f26-41df-b411-cd652512cb04",
                "deviceName": "Lab-Mac-19818179159.local",
                "resolved": [
                    {
                        "type": "A",
                        "response": "23.204.70.172",
                        "asn": "20940",
                        "asname": "qwest"
                    }
                ]
            },
            "event": {
                "trigger": "null",
                "siteId": "51277",
                "siteName": "E2E Mac 179.159 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "confidenceName": "Unknown",
                "actionId": "10",
                "actionName": "Bypass",
                "onRamp": "No",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "00032083",
                "policyEvaluationSource": "dns",
                "deepScanned": false
            }
        }
    ]
}

DNSActivityEvent members

Member Type Description
DNSActivityEvent: Encapsulates a detailed list of DNS activity events for the given time period.
dataRows DNSActivityEvent.dataRows[] Encapsulates high-level DNS activity event report details and a list of matching events.
pageInfo DNSActivityEvent.pageInfo Provides pagination information for a report.
DNSActivityEvent.dataRows[]: Encapsulates high-level DNS activity event report details and a list of matching events.
alexaRanking Integer The Alexa ranking for the event.
configId String The contract ID assigned to the request.
event DNSActivityEvent.dataRows[].event Contains details about a DNS activity event.
hitCount Integer The total number of DNS hits.
id Integer A unique identifier for the column object.
query DNSActivityEvent.dataRows[].query Encapsulates information about the requested DNS query.
DNSActivityEvent.dataRows[].event: Contains details about a DNS activity event.
actionId Integer A unique identifier for the action.
actionName String A descriptive name for the action.
clientRequestId String A unique identifier for the request client.
confidenceName String A descriptive name for the confidence level.
deepScanned Boolean Whether the event generated a deepscan report using static and dynamic malware analysis.
internalClientIP String The IP address of the internal client device used for web traffic.
onRamp String Whether onRamp is enabled, which indicates how a request was directed to the ETP Proxy.
onrampType Enumeration The type of onramp associated with the event. Either dns, web, onramp_dns, etp_client, etp_offnet_client, or explicit_policy.
policyEvaluationSource String The source of the policy evaluation
policyId Integer A unique identifier for the policy.
policyName String A descriptive name of the matching policy.
siteId String A unique identifier for the site.
siteName String A descriptive name of the source location or branch.
trigger String Event triggered due to domain or IP policy settings.
DNSActivityEvent.dataRows[].query: Encapsulates information about the requested DNS query.
clientIp String The requesting client’s IP address.
deviceId String Id of the device.
deviceName String Name of device used.
dnsIp String The DNS resolver IP address.
domain String The requested domain address.
queryType String The DNS query type.
resolved DNSActivityEvent.dataRows[].query.resolved[] The details about the requested DNS query resolution.
time String Time of DNS request in ISO 8601 format.
uuid String UUId value.
DNSActivityEvent.dataRows[].query.resolved[]: The details about the requested DNS query resolution.
asn String Autonomous system number used for resolution.
asName String Autonomous system name used for resolution.
response String Resolved domain or IP address.
type String DNS resolution type. For example: A or CNAME
DNSActivityEvent.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

NetworkTrafficConnection

Encapsulates a detailed list of network traffic events for the given time period.

Download schema: network-traffic-events-details-postResponse.json

Sample POST response:

{
    "pageInfo": {
        "totalRecords": 164614,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "connectionId": "0x3706B3154FB0D3711164C",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:48Z",
            "connEndTime": "2020-05-26T06:34:48Z",
            "clientIP": "198.18.179.121",
            "clientPort": 37565,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "198.18.179.121",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "4655ba63-0adb-4ce5-a5a9-ae0fd616ef36",
            "machineName": "DESKTOP-5FL9GBR",
            "clientRequestId": "4655ba63-0adb-4ce5-a5a9-ae0fd616ef36-15904748887626277-3075",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "1",
            "connectionId": "0x3706B3144FB0D23C9E88",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:47Z",
            "connEndTime": "2020-05-26T06:34:47Z",
            "clientIP": "172.25.162.210",
            "clientPort": 34908,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "172.25.162.210",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
            "machineName": "WIN81-ENT-210",
            "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904748107656327-1199",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "2",
            "connectionId": "0x3706B3154FB09DED1164B",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:34Z",
            "connEndTime": "2020-05-26T06:34:34Z",
            "clientIP": "198.18.179.159",
            "clientPort": 33395,
            "destinationIP": "198.18.179.64",
            "destinationPort": 80,
            "siteId": 51277,
            "siteName": "E2E Mac 179.159 site",
            "policyAction": "onramp",
            "onrampType": "etp_client",
            "internalClientIP": "198.18.179.159",
            "httpVersion": "1.1",
            "httpUserAgent": "etpClient (unknown version) CFNetwork/1121.1.2 Darwin/19.3.0 (x86_64) EtpClient:3.0.0",
            "machineId": "630ace6b-4f26-41df-b411-cd652512cb04",
            "machineName": "Lab-Mac-19818179159.local",
            "clientRequestId": "630ace6b-4f26-41df-b411-cd652512cb04-15904748508376060-2350",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "3",
            "connectionId": "0x3706B3144FB084179E86",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:27Z",
            "connEndTime": "2020-05-26T06:34:27Z",
            "clientIP": "172.25.162.210",
            "clientPort": 43337,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "172.25.162.210",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
            "machineName": "WIN81-ENT-210",
            "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904747907591129-1198",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        },
        {
            "id": "4",
            "connectionId": "0x3706B3174FB05214C6A4",
            "domain": "nevada-test.akaetp.net.",
            "connStartTime": "2020-05-26T06:34:14Z",
            "connEndTime": "2020-05-26T06:34:14Z",
            "clientIP": "198.18.179.110",
            "clientPort": 43231,
            "destinationIP": "198.18.179.67",
            "destinationPort": 80,
            "siteId": 5003,
            "siteName": "Off Network ETP Clients",
            "policyAction": "onramp",
            "onrampType": "etp_offnet_client",
            "internalClientIP": "198.18.179.110",
            "httpVersion": "1.1",
            "httpUserAgent": "EtpClient:3.0.0",
            "machineId": "60978b6d-3b85-4366-920b-ed00935e0706",
            "machineName": "DESKTOP-5FL9GBR",
            "clientRequestId": "60978b6d-3b85-4366-920b-ed00935e0706-15904748554127546-6037",
            "ovfActionId": -1,
            "ovfActionName": "N/A",
            "stats": {
                "httpRequestCount": 1,
                "inBytes": 0,
                "outBytes": 0
            },
            "dropInfo": {
                "wasDropped": false,
                "droppedReason": "N/A"
            }
        }
    ]
}

NetworkTrafficConnection members

Member Type Description
NetworkTrafficConnection: Encapsulates a detailed list of network traffic events for the given time period.
dataRows NetworkTrafficConnection.dataRows[] Encapsulates high-level network traffic connection event report details and a list of matching events.
pageInfo NetworkTrafficConnection.pageInfo Provides pagination information for a report.
NetworkTrafficConnection.dataRows[]: Encapsulates high-level network traffic connection event report details and a list of matching events.
clientIP String The requesting client’s IP address.
clientPort Integer The requesting client’s Port.
clientRequestId String Id representing the client request.
connectionId String Unique ID of the network connections.
connEndTime String Connection end time in ISO 8601 format.
connStartTime String Connection start time in ISO 8601 format.
destinationIP String The destination IP address.
destinationPort Integer Destination / origin port.
domain String The requested domain address.
dropInfo NetworkTrafficConnection.dataRows[].dropInfo Contains dropped information of the network connection.
httpUserAgent String User agent specified over Http.
httpVersion String HTTP protocol version used.
id String Unique ID of the network connections event.
internalClientIP String Ip address of the internal client machine.
machineId String unique id for the machine.
machineName String Name of the machine used.
onrampType String OnRampType used.
ovfActionId Integer Id of the OVF action exercised.
ovfActionName String Name of the OVF action exercised.
policyAction String Policy action exercised.
siteId String A unique identifier for the site from where the connection established.
siteName String Site Name from where the connection established.
stats NetworkTrafficConnection.dataRows[].stats Contains stats of the network connection.
NetworkTrafficConnection.dataRows[].dropInfo: Contains dropped information of the network connection.
droppedReason String Dropped reason of that network connection.
wasDropped Boolean Was the network connection dropped.
NetworkTrafficConnection.dataRows[].stats: Contains stats of the network connection.
httpRequestCount Integer Total http request count of that network connection.
inBytes Integer Total incoming bytes of that network connection.
outBytes Integer Total outgoing bytes of that network connection.
NetworkTrafficConnection.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

ProxyTrafficTransaction

Encapsulates a detailed list of proxy traffic transaction events for the given time period.

Download schema: proxy-traffic-events-details-postResponse.json

Sample POST response:

{
    "pageInfo": {
        "totalRecords": 44583,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "l7Protocol": "HTTP",
            "isEvent": true,
            "request": {
                "startTime": 1590474813791,
                "connectionId": "0x3706B3124FAFAF8C9574",
                "domain": "statsfe2.ws.microsoft.com.",
                "uri": "/ReportingWebService/ReportingWebService.asmx",
                "method": "POST",
                "clientPort": 48176,
                "destinationIP": "52.183.47.176",
                "destinationPort": 80,
                "uuid": "1b72e77c-254a-4ba9-a456-2a1b4407d65b",
                "clientIp": "172.25.162.210",
                "queryStrings": [],
                "headers": [
                    {
                        "name": "Cache-Control",
                        "value": "no-cache"
                    },
                    {
                        "name": "Content-Length",
                        "value": "2369"
                    },
                    {
                        "name": "Content-Type",
                        "value": "text/xml; charset=utf-8"
                    },
                    {
                        "name": "Host",
                        "value": "statsfe2.ws.microsoft.com"
                    },
                    {
                        "name": "Pragma",
                        "value": "no-cache"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Windows-Update-Agent/7.9.9600.19670 Client-Protocol/1.21 EtpClient:3.0.0"
                    },
                    {
                        "name": "X-Forwarded-For",
                        "value": "172.25.162.210, 172.25.162.210"
                    }
                ]
            },
            "response": {
                "endTime": 1590474813793,
                "hash": "",
                "headers": []
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:33:33Z",
                "detectionType": "inline",
                "siteId": "5003",
                "siteName": "Off Network ETP Clients",
                "policyId": "32965",
                "policyName": "Westford OFF Network policy",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "73",
                "categoryName": "73",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "4",
                "actionName": "Block - Error Page",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_offnet_client",
                "internalClientIP": "172.25.162.210",
                "clientRequestId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad-15904747363383674-1195",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Windows-Update-Agent/7.9.9600.19670 Client-Protocol/1.21 EtpClient:3.0.0",
                "deviceId": "dc475a9e-c192-4b0b-a34e-a95c0f8dfcad",
                "deviceName": "WIN81-ENT-210",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "1",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474750161,
                "connectionId": "0x3706B30F4FAEB4B27FB1",
                "domain": "statics.teams.cdn.office.net.",
                "uri": "/evergreen-assets/icons/1x1-000000ff.png",
                "method": "GET",
                "clientPort": 34656,
                "destinationIP": "2600:1409:d000::17df:3490",
                "destinationPort": 443,
                "uuid": "38c91e98-37fc-40f0-876e-ba60104b4d35",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "cb",
                        "value": "1590474712726"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "image/webp,image/apng,image/*,*/*;q=0.8"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "statics.teams.cdn.office.net"
                    },
                    {
                        "name": "Referer",
                        "value": "https://teams.microsoft.com/_"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.12058 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474750226,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "*"
                    },
                    {
                        "name": "Cache-Control",
                        "value": "public, max-age=604777"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Content-Length",
                        "value": "68"
                    },
                    {
                        "name": "Content-MD5",
                        "value": "5E5+z+yZNWYywTzT6qPiUA=="
                    },
                    {
                        "name": "Content-Type",
                        "value": "image/png"
                    },
                    {
                        "name": "Date",
                        "value": "Tue, 26 May 2020 06:32:30 GMT"
                    },
                    {
                        "name": "ETag",
                        "value": "\"0x8D6D3F4152295F5\""
                    },
                    {
                        "name": "Last-Modified",
                        "value": "Wed, 08 May 2019 20:30:59 GMT"
                    },
                    {
                        "name": "Server",
                        "value": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:32:30Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "104",
                "categoryName": "104",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904747127323964-48715",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.12058 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 104,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "104",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "2",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474718273,
                "connectionId": "0x3706B3154FAE37181163A",
                "domain": "clickstream-killswitch.hd-personalization-prod.gcp.example.com.",
                "uri": "/clickstream-killswitch/v1/detail",
                "method": "GET",
                "clientPort": 42380,
                "destinationIP": "130.211.21.250",
                "destinationPort": 443,
                "uuid": "a1d7f692-c932-466a-82f6-e4e85bba7864",
                "clientIp": "172.25.174.232",
                "queryStrings": [],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "content-type",
                        "value": "application/json"
                    },
                    {
                        "name": "Host",
                        "value": "clickstream-killswitch.hd-personalization-prod.gcp.example.com"
                    },
                    {
                        "name": "Origin",
                        "value": "https://www.example.com"
                    },
                    {
                        "name": "Referer",
                        "value": "https://www.example.com/"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474718348,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "https://www.example.com"
                    },
                    {
                        "name": "Content-Length",
                        "value": "1329"
                    },
                    {
                        "name": "Content-Type",
                        "value": "application/json;charset=UTF-8"
                    },
                    {
                        "name": "Date",
                        "value": "Tue, 26 May 2020 06:31:57 GMT"
                    },
                    {
                        "name": "Vary",
                        "value": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers"
                    },
                    {
                        "name": "Via",
                        "value": "1.1 google"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:58Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "55",
                "categoryName": "Streaming Websites",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746798952196-48708",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 55,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "Streaming Websites",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    },
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "3",
            "l7Protocol": "HTTPS",
            "isEvent": true,
            "request": {
                "startTime": 1590474706144,
                "connectionId": "0x3706B3154FAE084111637",
                "domain": "c.go-mpulse.net.",
                "uri": "/api/config.json",
                "method": "GET",
                "clientPort": 41176,
                "destinationIP": "2600:1409:d000:38e::11a6",
                "destinationPort": 443,
                "uuid": "8e86b32f-9a83-4162-a008-3e2c58b09f87",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "key",
                        "value": "FDSGP-LEB9B-T8Y2A-5V5ED-9WX2T"
                    },
                    {
                        "name": "d",
                        "value": "www.akamai.com"
                    },
                    {
                        "name": "t",
                        "value": "5301582"
                    },
                    {
                        "name": "v",
                        "value": "1.667.0"
                    },
                    {
                        "name": "if",
                        "value": ""
                    },
                    {
                        "name": "sl",
                        "value": "0"
                    },
                    {
                        "name": "si",
                        "value": "876aebf5-a115-47de-973b-9ac2ba2cdd1c-qaqswv"
                    },
                    {
                        "name": "r",
                        "value": ""
                    },
                    {
                        "name": "bcn",
                        "value": "%2F%2F173e2548.akstat.io%2F"
                    },
                    {
                        "name": "acao",
                        "value": ""
                    },
                    {
                        "name": "ak.ai",
                        "value": "593889"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "c.go-mpulse.net"
                    },
                    {
                        "name": "Origin",
                        "value": "https://www.akamai.com"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474706146,
                "hash": "",
                "headers": []
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:46Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "31",
                "categoryName": "Chat Site",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "4",
                "actionName": "Block - Error Page",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746699129224-48707",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 31,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "Chat Site",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        },
        {
            "id": "4",
            "l7Protocol": "HTTPS",
            "isEvent": false,
            "request": {
                "startTime": 1590474688053,
                "connectionId": "0x3706B3124FADC2CF9570",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uri": "/chat/rest/Visitor/Availability.jsonp",
                "method": "GET",
                "clientPort": 43149,
                "destinationIP": "13.110.63.55",
                "destinationPort": 443,
                "uuid": "7b33eedd-8b7d-463b-80d9-996b74a0a9ee",
                "clientIp": "172.25.174.232",
                "queryStrings": [
                    {
                        "name": "sid",
                        "value": "409d47de-bf85-433c-9c88-79add325835a"
                    },
                    {
                        "name": "r",
                        "value": "906"
                    },
                    {
                        "name": "Availability.prefix",
                        "value": "Visitor"
                    },
                    {
                        "name": "Availability.ids",
                        "value": "[5730f000000HhB2,5730f000000HhAJ,5730f000000HhAY]"
                    },
                    {
                        "name": "callback",
                        "value": "liveagent._.handlePing"
                    },
                    {
                        "name": "deployment_id",
                        "value": "5720f0000009HUh"
                    },
                    {
                        "name": "org_id",
                        "value": "00DA0000000Hu5a"
                    },
                    {
                        "name": "version",
                        "value": "43"
                    }
                ],
                "headers": [
                    {
                        "name": "Accept",
                        "value": "*/*"
                    },
                    {
                        "name": "Accept-Encoding",
                        "value": "gzip, deflate, br"
                    },
                    {
                        "name": "Accept-Language",
                        "value": "en-US,en;q=0.9"
                    },
                    {
                        "name": "Connection",
                        "value": "keep-alive"
                    },
                    {
                        "name": "Host",
                        "value": "d.la1-c2-ia4.salesforceliveagent.com"
                    },
                    {
                        "name": "User-Agent",
                        "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
                    }
                ]
            },
            "response": {
                "endTime": 1590474688139,
                "hash": "",
                "headers": [
                    {
                        "name": "Access-Control-Allow-Origin",
                        "value": "*"
                    },
                    {
                        "name": "Cache-Control",
                        "value": "no-cache"
                    },
                    {
                        "name": "Connection",
                        "value": "close"
                    },
                    {
                        "name": "Content-Encoding",
                        "value": "gzip"
                    },
                    {
                        "name": "Content-Type",
                        "value": "text/javascript"
                    },
                    {
                        "name": "Expires",
                        "value": "-1"
                    },
                    {
                        "name": "Pragma",
                        "value": "no-cache"
                    },
                    {
                        "name": "X-Content-Type-Options",
                        "value": "nosniff"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "null",
                "detectionTime": "2020-05-26T06:31:28Z",
                "detectionType": "N/A",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "0",
                "policyName": "0",
                "listId": "-1",
                "listName": "unknown",
                "categoryId": "73",
                "categoryName": "73",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "5",
                "actionName": "Allow",
                "blockDescription": "The URL hosts malware.",
                "reason": "Acceptable use policy",
                "severityId": 0,
                "severityLevel": "Unclassified",
                "onrampType": "etp_client",
                "internalClientIP": "172.25.174.232",
                "clientRequestId": "c37a4c4e-a7cd-400f-820d-b82762c52975-15904746509095241-48705",
                "deepscanReportPath": "",
                "httpVersion": "1.1",
                "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 EtpClient:3.0.0",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "deepScanned": false,
                "matchedGroups": [],
                "listIdentifiers": [
                    {
                        "listId": -1,
                        "categoryId": 73,
                        "confidenceId": -1,
                        "threatId": 0,
                        "listName": "unknown",
                        "categoryName": "73",
                        "confidenceName": "Unknown",
                        "threatName": "Unclassified"
                    }
                ]
            },
            "userIdentity": {
                "encryptedUserID": "",
                "encryptedUserName": "",
                "groups": []
            }
        }
    ]
}

ProxyTrafficTransaction members

Member Type Description
ProxyTrafficTransaction: Encapsulates a detailed list of proxy traffic transaction events for the given time period.
dataRows ProxyTrafficTransaction.dataRows[] Encapsulates high-level proxy traffic transaction event report details and a list of matching events.
pageInfo ProxyTrafficTransaction.pageInfo Provides pagination information for a report.
ProxyTrafficTransaction.dataRows[]: Encapsulates high-level proxy traffic transaction event report details and a list of matching events.
configId String The contract id associated with the request.
event ProxyTrafficTransaction.dataRows[].event Contains details about an event that occurred as a result of a DNS query or a web request.
id String Unique ID of the network connections.
isEvent Boolean Whether the traffic creates an event.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
request ProxyTrafficTransaction.dataRows[].request The details about the web request.
response ProxyTrafficTransaction.dataRows[].response The details about the response to the web request.
userIdentity ProxyTrafficTransaction.dataRows[].userIdentity Encapsulates user information.
ProxyTrafficTransaction.dataRows[].event: Contains details about an event that occurred as a result of a DNS query or a web request.
actionId Integer A unique identifier for the action taken.
actionName String A descriptive name for the action identifier.
blockDescription String A short description of the event.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category identifier.
clientRequestId String A unique identifier for the request client.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level identifier.
correlatedSinkholeEvents ProxyTrafficTransaction.dataRows[].event.correlatedSinkholeEvents[] Contains related sinkhole data for eligible events.
deepScanned Boolean Whether the event generated a deepscan report using static and dynamic malware analysis.
deepscanReportPath String The location of a deepscan report.
detectionTime String The event detected time in ISO 8601 format.
detectionType Enumeration Event detected during online or while offline batch processing. Either ONLINE or OFFLINE.
deviceId String A unique identifier for the device associated with an event.
deviceName String The name of the device associated with an event.
httpUserAgent String The HTTP user agent associated with an event.
httpVersion String The version of HTTP protocol used.
internalClientIP String The IP address of the internal client device used for web traffic.
listId Integer A unique identifier for the list.
listIdentifiers ProxyTrafficTransaction.dataRows[].event.listIdentifiers[] The scanning results from various classifiers. Only availble for web requests.
listName String A descriptive name for the list identifier.
onRamp String Whether onRamp is enabled.
onrampType Enumeration The type of onramp associated with the event. Either dns, web, onramp_dns, etp_client, etp_offnet_client, or explicit_policy.
policyEvaluationSource String Source of the policy evaluation.
policyId Integer A unique identifier for the policy.
policyName String The descriptive name of the matching policy.
reason String A descriptive explanation of why traffic was not allowed.
severityId Integer Indicates the severity of the threat.
severityLevel String A description of the severity level.
siteId String A unique identifier for the site.
siteName String The descriptive name of the source location or branch.
threatId Integer A unique identifier for a threat event.
threatName String The descriptive name for the threat event.
trigger String Event triggered due to domain or IP policy settings.
ProxyTrafficTransaction.dataRows[].event.correlatedSinkholeEvents[]: Contains related sinkhole data for eligible events.
configId String The contract id associated with the request.
destinationIp String The IP address of the destination machine for the event.
destinationPort Integer The destination device’s port number.
eventId String A unique identifier for the event.
eventTime String The timestamp of the event in ISO 8601 format.
hitCount Integer The total count of DNS hits.
hostname String The host device’s name.
internalIp String The internal device’s IP address.
isCorrelated Boolean Whether the events are correlated.
l4Protocol String The layer 4 protocol used to make the web request.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
machineNames Array The name of a device related to the event.
sinkholeId String A unique identifier for the security connector.
sinkholeIp String The IP address of the security connector for the event.
sinkholeName String The security connector’s name.
sourceIp String The source device’s IP address.
sourcePort Integer The source device’s port number.
url String The event’s location.
userAgent String The event device’s user agent.
ProxyTrafficTransaction.dataRows[].event.listIdentifiers[]: The scanning results from various classifiers. Only availble for web requests.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level.
listId Integer A unique identifier for the list.
listName String A descriptive name for the list.
threatId Integer A unique identifier about the threat.
threatName String A descriptive name for the threat.
ProxyTrafficTransaction.dataRows[].request: The details about the web request.
clientIP String The IP address of the source branch(in case of NATed) or machine.
clientPort Integer The TCP port used by the client machine to connect the destination.
connectionId String The unique identifier of the TCP connection created.
destinationIP String The IP address of the target machine to send the request.
destinationPort Integer The TCP port used to connect the destination machine.
domain String The requested domain address.
headers ProxyTrafficTransaction.dataRows[].request.headers[] The details about the HTTP request headers.
method String The HTTP verb used to interact with the destination.
queryStrings ProxyTrafficTransaction.dataRows[].request.queryStrings[] The details about the query parameters sent as part of the web request.
startTime Integer Time when the web request was made in Unix epoch seconds.
uri String The path part of the URL.
ProxyTrafficTransaction.dataRows[].request.headers[]: The details about the HTTP request headers.
name String The name of the HTTP request header.
value String The value of the HTTP request header.
ProxyTrafficTransaction.dataRows[].request.queryStrings[]: The details about the query parameters sent as part of the web request.
name String The name of the query parameter.
value String The value of the query parameter.
ProxyTrafficTransaction.dataRows[].response: The details about the response to the web request.
endTime Integer Time when the response is received for the request in Unix epoch seconds.
hash String The SHA256 hash of the response body.
headers ProxyTrafficTransaction.dataRows[].response.headers[] The details about the HTTP response headers.
ProxyTrafficTransaction.dataRows[].response.headers[]: The details about the HTTP response headers.
name String The name of the HTTP response header.
value String The value of the HTTP response header.
ProxyTrafficTransaction.dataRows[].userIdentity: Encapsulates user information.
decryptedUserId String The user’s ID in decrypted form.
decryptedUserName String The user’s name in decrypted form.
encryptedUserId String The user’s ID in encrypted form.
encryptedUserName String The user’s name in encrypted form.
groups Array A list of groups the user belongs to.
ProxyTrafficTransaction.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

SinkholeEvent

Encapsulates a detailed list of sinkhole events for the given time period.

Download schema: sinkhole-events-details-postResponse.json

Sample POST response:

{}

SinkholeEvent members

Member Type Description
SinkholeEvent: Encapsulates a detailed list of sinkhole events for the given time period.
dataRows SinkholeEvent.dataRows[] Encapsulates high-level sinkhole event report details and a list of matching events.
pageInfo SinkholeEvent.pageInfo Provides pagination information for a report.
SinkholeEvent.dataRows[]: Encapsulates high-level sinkhole event report details and a list of matching events.
configId Integer The unique customer identifier.
destinationPort Integer Destination TCP/UDP Port.
eventId String Unique ID of the event that is captured by the security connector.
eventTime String Time of event in ISO 8601 format.
hitCount Integer This is number of times the repeated requests(actual traffic) are made to security connector from the affected machine within a time frame.
hostname String Hostname header/SNI host of the destination host.
internalIP String Affected or compromised machine IP.
l4Protocol String The L4 protocol.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
machineNames Array Hostname of the infected machine.
sinkholeId String Unique ID of the security connector.
sinkholeIP String IP of the security connector.
sinkholeName String The unique security connector name.
sourcePort Integer Source TCP/UDP Port.
url String URL when applicable.
userAgent String Full user agent description string.
SinkholeEvent.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

ThreatEvent

Encapsulates a detailed list of threat events for the given time period.

Download schema: threat-events-details-postResponse.json

Sample POST response:

{
    "pageInfo": {
        "totalRecords": 97913,
        "pageNumber": 1,
        "pageSize": 5
    },
    "dataRows": [
        {
            "id": "0",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:53Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "d.la1-c2-ia4.salesforceliveagent.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474893-46281-35384",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "13.110.63.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.61.55",
                        "asn": "14340",
                        "asname": "N/A"
                    },
                    {
                        "type": "A",
                        "response": "13.110.62.55",
                        "asn": "14340",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:53Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019749",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "1",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:52Z",
                "clientIp": "172.25.174.232",
                "dnsIp": "198.18.193.241",
                "domain": "teams.microsoft.com.",
                "uuid": "198.18.193.241-198.18.193.228-1590474892-14345-62675",
                "queryType": "A",
                "deviceId": "c37a4c4e-a7cd-400f-820d-b82762c52975",
                "deviceName": "BOS-WPX5E",
                "resolved": [
                    {
                        "type": "A",
                        "response": "52.113.194.132",
                        "asn": "8068",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:52Z",
                "detectionType": "inline",
                "siteId": "51284",
                "siteName": "E2E WIN 174.232 site",
                "policyId": "38307",
                "policyName": "E2E-CML-test",
                "listId": "24",
                "listName": "24",
                "categoryId": "24",
                "categoryName": "24",
                "confidenceId": "-1",
                "confidenceName": "Unknown",
                "actionId": "6",
                "actionName": "Classify",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "Yes",
                "threatId": 2000,
                "severityId": 0,
                "threatName": "AUP",
                "severityLevel": "Unclassified",
                "onrampType": "etp-client",
                "internalClientIP": "N/A",
                "clientRequestId": "00019748",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "2",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-6340-2976",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "3",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-42367-7406",
                "queryType": "A",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "A",
                        "response": "34.193.182.244",
                        "asn": "14618",
                        "asname": "aws"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "1",
                "listName": "Malware",
                "categoryId": "1",
                "categoryName": "Malware",
                "confidenceId": "2",
                "confidenceName": "Known",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5070,
                "severityId": 2,
                "threatName": "Known Malware",
                "severityLevel": "High",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        },
        {
            "id": "4",
            "configId": "1041",
            "l7Protocol": "DNS",
            "query": {
                "time": "2020-05-26T06:34:51Z",
                "clientIp": "198.18.179.121",
                "dnsIp": "198.18.193.241",
                "domain": "1590449691.akamaietpmalwaretest.com.e2e-etp.org.",
                "uuid": "198.18.193.241-198.18.179.134-1590474891-5081-49572",
                "queryType": "AAAA",
                "deviceId": "N/A",
                "deviceName": "Not Available",
                "resolved": [
                    {
                        "type": "N/A",
                        "response": "N/A",
                        "asn": "N/A",
                        "asname": "N/A"
                    }
                ]
            },
            "event": {
                "correlatedSinkholeEvents": [
                    {
                        "sinkholeId": "ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11",
                        "eventId": "1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301",
                        "sourcePort": 48022,
                        "destinationPort": 80,
                        "l4Protocol": "TCP",
                        "hostname": "akamaietpcnctest.com",
                        "userAgent": "curl/7.47.0",
                        "l7Protocol": "HTTP",
                        "eventTime": "2020-05-22T02:16:34Z",
                        "url": "/",
                        "sinkholeName": "ETP_DNS_SINKHOLE",
                        "hitCount": 1,
                        "configId": 1041,
                        "internalIP": "198.18.179.187",
                        "sinkholeIP": "172.25.162.242",
                        "machineNames": [
                            "N/A"
                        ]
                    }
                ],
                "trigger": "domain",
                "detectionTime": "2020-05-26T06:34:51Z",
                "detectionType": "inline",
                "siteId": "-1",
                "siteName": "Unidentified IPs",
                "policyId": "2240",
                "policyName": "Default",
                "listId": "4",
                "listName": "DNS Exfiltration",
                "categoryId": "5",
                "categoryName": "DNS Exfiltration",
                "confidenceId": "1",
                "confidenceName": "Suspected",
                "actionId": "1",
                "actionName": "Monitor",
                "description": "None",
                "reason": "Akamai Intelligence (DNS)",
                "onRamp": "No",
                "threatId": 5135,
                "severityId": 4,
                "threatName": "Suspected DNS tunneling",
                "severityLevel": "Low",
                "onrampType": "",
                "internalClientIP": "N/A",
                "clientRequestId": "",
                "policyEvaluationSource": "dns"
            }
        }
    ]
}

ThreatEvent members

Member Type Description
ThreatEvent: Encapsulates a detailed list of threat events for the given time period.
dataRows ThreatEvent.dataRows[] Encapsulates high-level threat event report details and a list of matching events.
pageInfo ThreatEvent.pageInfo Provides pagination information for a report.
ThreatEvent.dataRows[]: Encapsulates high-level threat event report details and a list of matching events.
configId String The contract id associated with the request.
event ThreatEvent.dataRows[].event Contains details about an event that occurred as a result of a DNS query or a web request.
id Integer A unique identifier for the column object.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
query ThreatEvent.dataRows[].query Encapsulates information about the requested DNS query.
ThreatEvent.dataRows[].event: Contains details about an event that occurred as a result of a DNS query or a web request.
actionId Integer A unique identifier for the action taken.
actionName String A descriptive name for the action identifier.
blockDescription String A short description of the event.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category identifier.
clientRequestId String A unique identifier for the request client.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level identifier.
correlatedSinkholeEvents ThreatEvent.dataRows[].event.correlatedSinkholeEvents[] Contains related sinkhole data for eligible events.
deepScanned Boolean Whether the event generated a deepscan report using static and dynamic malware analysis.
deepscanReportPath String The location of a deepscan report.
detectionTime String The event detected time in ISO 8601 format.
detectionType Enumeration Event detected during online or while offline batch processing. Either ONLINE or OFFLINE.
deviceId String A unique identifier for the device associated with an event.
deviceName String The name of the device associated with an event.
httpUserAgent String The HTTP user agent associated with an event.
httpVersion String The version of HTTP protocol used.
internalClientIP String The IP address of the internal client device used for web traffic.
listId Integer A unique identifier for the list.
listIdentifiers ThreatEvent.dataRows[].event.listIdentifiers[] The scanning results from various classifiers. Only availble for web requests.
listName String A descriptive name for the list identifier.
onRamp String Whether onRamp is enabled.
onrampType Enumeration The type of onramp associated with the event. Either dns, web, onramp_dns, etp_client, etp_offnet_client, or explicit_policy.
policyEvaluationSource String Source of the policy evaluation.
policyId Integer A unique identifier for the policy.
policyName String The descriptive name of the matching policy.
reason String A descriptive explanation of why traffic was not allowed.
severityId Integer Indicates the severity of the threat.
severityLevel String A description of the severity level.
siteId String A unique identifier for the site.
siteName String The descriptive name of the source location or branch.
threatId Integer A unique identifier for a threat event.
threatName String The descriptive name for the threat event.
trigger String Event triggered due to domain or IP policy settings.
ThreatEvent.dataRows[].event.correlatedSinkholeEvents[]: Contains related sinkhole data for eligible events.
configId String The contract id associated with the request.
destinationIp String The IP address of the destination machine for the event.
destinationPort Integer The destination device’s port number.
eventId String A unique identifier for the event.
eventTime String The timestamp of the event in ISO 8601 format.
hitCount Integer The total count of DNS hits.
hostname String The host device’s name.
internalIp String The internal device’s IP address.
isCorrelated Boolean Whether the events are correlated.
l4Protocol String The layer 4 protocol used to make the web request.
l7Protocol Enumeration The layer 7 protocol used to make the DNS query or web request. Either DNS, HTTP, or HTTPS.
machineNames Array The name of a device related to the event.
sinkholeId String A unique identifier for the security connector.
sinkholeIp String The IP address of the security connector for the event.
sinkholeName String The security connector’s name.
sourceIp String The source device’s IP address.
sourcePort Integer The source device’s port number.
url String The event’s location.
userAgent String The event device’s user agent.
ThreatEvent.dataRows[].event.listIdentifiers[]: The scanning results from various classifiers. Only availble for web requests.
categoryId Integer A unique identifier for the category.
categoryName String A descriptive name for the category.
confidenceId Integer A unique identifier about the event confidence level.
confidenceName String A descriptive name for the confidence level.
listId Integer A unique identifier for the list.
listName String A descriptive name for the list.
threatId Integer A unique identifier about the threat.
threatName String A descriptive name for the threat.
ThreatEvent.dataRows[].query: Encapsulates information about the requested DNS query.
clientIp String The requesting client’s IP address.
deviceId String Id of the device.
deviceName String Name of device used.
dnsIp String The DNS resolver IP address.
domain String The requested domain address.
queryType String The DNS query type.
resolved ThreatEvent.dataRows[].query.resolved[] The details about the requested DNS query resolution.
time String Time of DNS request in ISO 8601 format.
uuid String UUId value.
ThreatEvent.dataRows[].query.resolved[]: The details about the requested DNS query resolution.
asn String Autonomous system number used for resolution.
asName String Autonomous system name used for resolution.
response String Resolved domain or IP address.
type String DNS resolution type. For example: A or CNAME
ThreatEvent.pageInfo: Provides pagination information for a report.
pageNumber Integer The requested number of pages.
pageSize Integer The number of records in a given page.
totalRecords Integer The total number of records for the specified criteria.

Errors

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

Error Responses

The API responds with HTTP Problem error objects that provide details useful for debugging. For example:

{
    "type": "https://problems.omni.akamaiapis.net/http/forbidden",
    "title": "Forbidden",
    "detail": "Insufficient permissions. Code-01",
    "status": 403,
    "instance": "3e3f11da-e205-409a-be77-24e459f29fa8"
}

HTTP Status Codes

The API produces the following set of HTTP status codes for both success and failure scenarios:

Code Description
200 The operation was successful.
403 Access is forbidden.
404 Resource not found.