getAVList

Available in Classic and VPC

Get the list of security events that occurred while using the Anti-virus service.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
POST	/securitymonitoring/v1/getAVList (Classic)
POST	/vsecuritymonitoring/v1/getAVList (VPC)

Request headers

For information about the headers common to all Security Monitoring APIs, see Security Monitoring request headers.

Request body

The following describes the request body.

Field	Type	Required	Description
`startDateTime`	Long	Required	Security event query start time Unix timestamp format <E.g.> 1720540427000
`endDateTime`	Long	Required	Security event query end time Unix timestamp format <E.g.> 1720540427000
`page`	Integer	Required	Page number
`countPerPage`	Integer	Required	Displayed number per page
`order`	String	Optional	Event detection time sort order `asc` \| `desc` (default) `asc`: ascending `desc`: descending
`regionCode`	String	Optional	Region code `KR` \| `DEN` \| `JPN` \| `SGN` \| `USWN` `KR`: Korea `DEN`: Germany `JPN`: Japan `SGN`: Singapore `USWN`: U.S.
`zoneName`	String	Optional	Zone type `KR-1` \| `KR-2`
`infectedServerIp`	String	Optional	IP address of the server where the security event was detected
`detectionPath`	String	Optional	Detailed path where the security event was detected
`malwareType`	String	Optional	Type of malware detected

Request example

The following is a sample request.

curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getAVList' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
    "startDateTime": 1720540427000,
    "endDateTime": 1720680827000,
    "page": 1,
    "countPerPage": 20
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`returnCode`	Integer	-	Processing result code for the request
`returnMessage`	String	-	Processing result message for the request
`totalRows`	Integer	-	Total number of lists searched
`page`	Integer	-	No. of page requested
`antiVirusDataList`	Array	-	Anti-virus security event list: antiVirusDataList

`antiVirusDataList`

The following describes antiVirusDataList.

Field	Type	Required	Description
`ticketId`	String	-	Unique number assigned to the security event
`date`	String	-	Detection time of the security event (Unix timestamp)
`product`	String	-	Service type `ANTIVIRUS` \| `ANTIVIRUS_V2` `ANTIVIRUS`: Classic environment `ANTIVIRUS_V2`: VPC environment
`attackType`	String	-	Name of the detected malicious file
`targetIp`	String	-	IP address targeted for the attack
`detectionPath`	String	-	Detailed path where the malware was detected
`actionStatus`	String	-	Action status for the security event
`region`	String	-	Region
`zoneName`	String	-	Zone type `KR-1` \| `KR-2`
`platForm`	String	-	Platform type `CLASSIC` \| `VPC`
`vpcName`	String	-	VPC name

Response status codes

For information about the HTTP status codes common to all Security Monitoring APIs, see Security Monitoring response status codes.

Response example

The following is a sample example.

{
    "returnCode": 0,
    "returnMessage": "SUCCESS",
    "totalRows": 1,
    "page": 1,
    "antiVirusDataList": [
        {
            "ticketId": "526542395",
            "date": "1720649241000",
            "product": "ANTIVIRUS_V2",
            "attackType": "Possible_Hifrm-6",
            "targetIp": "***.***.***.***",
            "detectionPath": "/home/admin/www/include/ckeditor/uploads/e47f3ef3e76a23074bc4e959b1c6e55d.jpg",
            "actionStatus": "Pass",
            "region": "Korea",
            "zoneName": "KR-2",
            "platForm": "VPC",
            "vpcName": "kr-sm-vpc"
        }
    ]
}