Prolexic Analytics API

Prolexic Analytics API exposes the Prolexic Portal Analytics data.

All reply body objects feature the following top-level members:

Member Type Description
status Boolean Indicates success or failure of the request.
statusMsg String Message indicating success or error.
currentContract String The name of the contract used in successful requests.
data Object or Array Result of a successful request.

API Summary

Operation Method Endpoint
Events
List Events GET /prolexic-analytics/v1/events/contract/{contract}
List Critical Events GET /prolexic-analytics/v1/critical-events/contract/{contract}
Metrics
List Metric Types GET /prolexic-analytics/v1/metric-types
Get Metrics Data POST /prolexic-analytics/v1/metrics
Attack Reports
List Attack Reports GET /prolexic-analytics/v1/attack-reports/contract/{contract}/start/{start}/end/{end}
Get an Attack Report GET /prolexic-analytics/v1/attack-report/contract/{contract}/attack-id/{attackId}

List Events

List all events occurring in last 90 days on given contract.

GET /prolexic-analytics/v1/events/contract/{contract}

Example: /prolexic-analytics/v1/events/contract/coral

Parameter Type Sample Description
Required
contract String coral Name of contract events should be attached to.

Status 200 application/json

Response:

{
    "status": true,
    "data": [
        {
            "service": "man",
            "eventInfo": {
                "location": "mia1",
                "lastOccurred": 1393236546,
                "attackId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems"
            },
            "eventType": "alert",
            "isOngoing": false,
            "eventStartTime": 1390975985,
            "eventTitle": "chkInt: Interface GigabitEthernet0/18 is down.",
            "severity": 80,
            "eventEndTime": 1393236546
        },
        {
            "service": "Mitigation",
            "eventInfo": {
                "eventTicketId": "70167",
                "attackType": "[\"SYN Flood\"]",
                "endTime": false,
                "attackEventId": "2707",
                "destinationIPs": "[178.132.240.114/32, 178.132.240.155/32, 178.132.240.203/32]",
                "startTime": 1392922838
            },
            "eventType": "attack",
            "isOngoing": true,
            "eventStartTime": 1392922838,
            "eventTitle": "[\"SYN Flood\"]",
            "severity": 100,
            "eventEndTime": 0
        }
    ],
    "current_contract": "coral",
    "status_msg": "Events acquired successfully"
}

List Critical Events

List critical events per contract that have started in the last 90 days.

GET /prolexic-analytics/v1/critical-events/contract/{contract}

Example: /prolexic-analytics/v1/critical-events/contract/coral

Parameter Type Sample Description
Required
contract String coral Name of contract events should be attached to.

Status 200 application/json

Response:

{
    "status": true,
    "data": [
        {
            "siteType": "DC",
            "source": "wbm",
            "location": "dca1",
            "ip": "192.216.61.102",
            "summary": "WBM TEST 5",
            "instance": "01",
            "interfaceName": "unknown",
            "count": 11,
            "siteCustomerName": "coral",
            "eventId": "05ngsdca1--lr1.dca1.plx-wbm_monitor-34610029-systems",
            "siteName": "dca1",
            "acknowledged": 0,
            "state": 1,
            "recentOccur": 1395842910,
            "expires": 3600,
            "node": "lr1.dca1.plx",
            "importance": 5,
            "notes": "TEST 5",
            "firstOccur": 1393657985,
            "description": "TEST WBM LEVEL 5"
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Events acquired successfully"
}

List Metric Types

GET /prolexic-analytics/v1/metric-types

Status 200 application/json

Response:

{
    "status": true,
    "data": {
        "routed": {
            "metrics": {
                "bandwidthIn": { "desc": "Customer inbound traffic, bits per second" },
                "packetsIn": { "desc": "Customer inbound traffic, packets per second" }
            }
        },
        "connect": {
            "metrics": {
                "bandwidthIn": { "desc": "Customer inbound traffic, bits per second" },
                "packetsIn": { "desc": "Customer inbound packets, packets per second" }
            }
        },
        "mitigationPost": {
            "metrics": {
                "packets": { "desc": "Customer traffic packets per second" },
                "bandwidth": { "desc": "Customer traffic bits per second" }
            }
        },
        "proxy": {
            "metrics": {
                "latency": { "desc": "Average latency of request" },
                "bandwidthIn": { "desc": "Customer inbound traffic, bits per second" },
                "bandwidthOut": { "desc": "Customer outbound traffic, bits per second" },
                "connections": { "desc": "Connections count" },
                "packetsOut": { "desc": "Customer outbound traffic, packets per second" },
                "requests": { "desc": "Requests count" },
                "packetsIn": { "desc": "Customer inbound traffic, packets per second" }
            }
        },
        "mitigationPre": {
            "metrics": {
                "packets": { "desc": "Customer traffic packets per second" },
                "bandwidth": { "desc": "Customer traffic bits per second" }
            }
        },
        "fbm": {
            "metrics": {
                "bandwidth": {
                    "desc": "Customer traffic bits per second",
                    "subnets": [ "1.1.2.0/24" ],
                    "protocols": [ "total", "icmp", "igmp", "udp", "tcp" ]
                },
                "packets": {
                    "desc": "Customer traffic packets per second",
                    "subnets": [ "1.1.2.0/24" ],
                    "protocols": [ "total", "icmp", "igmp", "udp", "tcp" ]
                }
            }
        }
    },
    "currentContract": "coral",
    "statusMsg": "Metric Types list acquired successfully"
}

Get Metrics Data

List metrics specified in type object falling between given start and end times, sampled at given rate and attached to given contract. The maximum range between start and end is 90 days.

If some (not all) requested types are invalid, invalid types are silently dropped, and the response only contains data for valid requests. More meaningful errors result if requesting data for only one type at a time.

POST /prolexic-analytics/v1/metrics

Content-Type: application/json

Request:

{
    "contract": "venus",
    "start": 1322390037,
    "end": 1400385899,
    "samples": 100,
    "type": {
        "routed": [ "bandwidthIn" ],
        "fbm": [
            {
                "metric": "bandwidth",
                "protocol": "total",
                "subnet": "1.1.1.0/24"
            },
            {
                "metric": "packets",
                "protocol": "tcp",
                "ip": "1.1.1.10"
            }
        ]
    }
}

Status 200 application/json

Response:

{
    "status": true,
    "data": [
        {
            "service": "routed",
            "metric": "bandwidthIn",
            "points": [
                [ 1392609960, 211014 ],
                [ 1396886760, 202529 ]
            ]
        },
        {
            "service": "fbm",
            "metric": "bandwidthIn",
            "protocol": "total",
            "subnet": "1.1.1.0/24",
            "points": [
                [ 1392609960, 211014 ],
                [ 1396886760, 202529 ]
            ]
        },
        {
            "service": "routed",
            "metric": "bandwidthIn",
            "protocol": "tcp",
            "ip": "1.1.1.10",
            "points": [
                [ 1392609960, 211014 ],
                [ 1396886760, 202529 ]
            ]
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Metrics acquired successfully"
}

Request body objects feature the following members:

Member Type Description
contract String Name of contract to which metrics apply.
start Number Unix timestamp for beginning of metrics search.
end Number Unix timestamp for end of metrics search.
samples Number Integer value from 2 to 1000.
type Object Represents desired metrics. See below.

The following shows a type object:

{
    "routed": [ "bandwidthIn" ],
    "mitigationPre": [ "packets", "bandwidth" ],
    "fbm": [
        {
            "metric": "bandwidth",
            "protocol": "total",'
            "subnet": "1.1.2.0/24"
        },
        {
            "metric": "packets",
            "protocol": "tcp",
            "ip": "1.1.1.1"
        }
    ]
}

List Attack Reports

List attack events per contract, limited to last 90 days.

GET /prolexic-analytics/v1/attack-reports/contract/{contract}/start/{start}/end/{end}

Example: /prolexic-analytics/v1/attack-reports/contract/coral/start/1397049511/end/1399641518

Parameter Type Sample Description
Required
contract String coral Name of contract attack reports belong to.
end Number 1399641518 Unix timestamp for end of attack report search.
start Number 1397049511 Unix timestamp for beginning of attack report search.

Status 200 application/json

Response:

{
    "status": true,
    "data": [
        {
            "attackId": 2985,
            "destinationPort": "80",
            "peaks": [
                {
                    "location": "DCA",
                    "peakId": 17277,
                    "bandwidth": 6500000000,
                    "pps": 700000
                },
                {
                    "location": "HKG",
                    "peakId": 17276,
                    "bandwidth": 3000000000,
                    "pps": 600000
                }
            ],
            "eventStartTime": 1381320180,
            "ticketId": 97585,
            "eventEndTime": 1381349454,
            "eventStartTimeAsString": "2013-10-09 12:03:00",
            "endTime": 1381363451,
            "eventId": 4202,
            "eventEndTimeAsString": "2013-10-09 20:10:54",
            "destinations": [
                {
                    "netmask": 32,
                    "ip": "178.132.240.100"
                },
                {
                    "netmask": 32,
                    "ip": "178.132.240.155"
                }
            ],
            "startTime": 1381063041,
            "eventTypes": [
                "DNS Flood",
                "ICMP Flood",
                "UDP Fragment"
            ]
        },
        {
            "attackId": 2974,
            "destinationPort": "80",
            "peaks": [
                {
                    "location": "DCA",
                    "peakId": 17093,
                    "bandwidth": 300000000,
                    "pps": 200
                },
                {
                    "location": "HKG",
                    "peakId": 17092,
                    "bandwidth": 3000000,
                    "pps": 1000
                }
            ],
            "eventStartTime": 1380714180,
            "ticketId": 97368,
            "eventEndTime": 1380752215,
            "eventStartTimeAsString": "2013-10-02 11:43:00",
            "endTime": 1380847367,
            "eventId": 4170,
            "eventEndTimeAsString": "2013-10-02 22:16:55",
            "destinations": [
                {
                    "netmask": 32,
                    "ip": "178.132.240.126"
                }
            ],
            "startTime": 1380714180,
            "eventTypes": [ "SYN Flood" ]
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Attack reports acquired successfully"
}

Get an Attack Report

Get full details of an attack report. Attack must be assigned to the given contract.

GET /prolexic-analytics/v1/attack-report/contract/{contract}/attack-id/{attackId}

Example: /prolexic-analytics/v1/attack-report/contract/coral/attack-id/1966

Parameter Type Sample Description
Required
attackId Number 1966 Integer matching the attackId of the attack desired.
contract String coral Name of contract attack report belong to.

Status 200 application/json

Response:

{
    "status": true,
    "data": [
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18594,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "SJC",
            "endTime": 1390261538,
            "eventBw": 500000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 1200,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        },
        {
            "attackId": 1966,
            "destinationPort": "8080",
            "eventStartTime": 1390244438,
            "eventPeakId": 18595,
            "attackTypeName": "RESET Flood",
            "netmask": 32,
            "eventEndTime": 1390261538,
            "location": "LON",
            "endTime": 1390261538,
            "eventBw": 90000000,
            "ticketId": 70946,
            "eventId": 2744,
            "eventPps": 200000,
            "ip": "178.132.242.47",
            "startTime": 1390244438
        }
    ],
    "currentContract": "coral",
    "statusMsg": "Attack report acquired successfully"
}


Last modified: 12/12/2016