Available in Classic and VPC
Get details of a security event that occurred while using the IDS service.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /getIDSEventDetail |
Request headers
For headers common to Security Monitoring APIs, see Security Monitoring request headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
ticketId |
String | Required | Unique number of the IDS security event to view
|
Request example
The following is a sample request.
curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSEventDetail'
--header 'x-ncp-apigw-timestamp: {Timestamp}'
--header 'x-ncp-iam-access-key: {Access Key}'
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
--data '{
"ticketId": "526068433"
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
returnCode |
Integer | - | Processing result code for the request |
lbName |
String | - | Name of the load balancer where the security event was detected |
returnMessage |
String | - | Processing result message for the request |
report |
String | - | Security event details |
lbDomainName |
String | - | DNS name of the load balancer where the security event was detected |
lbInstanceNo |
String | - | Instance number of the load balancer where the security event was detected |
Response status codes
For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.
Response example
The following is a sample example.
{
"returnCode": 0,
"lbName": "YOUR_LOAD_BALANCER",
"returnMessage": "SUCCESS",
"report": "◆ Attack type description<br>Brute-force is an attack where word combinations from a dictionary or every value that can be inputted are entered to acquire account information.<br>If a brute-force attack is successful, the attacker may take over the system and it may lead to secondary damage such as information leakage and malicious code infection.◆ Requests<br>Configure so that only trusted IPs can have access.<br>Block access for a certain period of time in case of 5 or more failed login attempts.<br>Use a password that is 8 characters or longer, and a combination of English letters, numbers, and special characters.<br>Change the default server access port.",
"lbDomainName": "***.com",
"lbInstanceNo": "********"
}