MENU
      getIDSList

        getIDSList


        Article summary

        Available in Classic and VPC

        Get the list of security events that occurred while using the IDS (Intrusion Detection System) service.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/getIDSList

        Request headers

        For headers common to Security Monitoring APIs, see Security Monitoring request headers.

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        startDateTimeLongRequiredSecurity event query start time (Unix timestamp)
        • <E.g.> 1720540427000
        endDateTimeLongRequiredSecurity event query end time (Unix timestamp)
        • <E.g.> 1720540427000
        pageIntegerRequiredPage number
        countPerPageIntegerRequiredDisplayed number per page
        orderStringOptionalEvent detection time sort order
        • asc | desc (default)
          • asc: ascending
          • desc: descending
        regionCodeStringOptionalRegion code
        • KR | DEN | JPN | SGN | USWN
          • KR: Korea
          • DEN: Germany
          • JPN: Japan
          • SGN: Singapore
          • USWN: U.S.
        zoneNameStringOptionalZone type
        • KR-1 | KR-2
        attackTypeStringOptionalType of attack detected
        attackIpStringOptionalAttacker IP address
        targetIpStringOptionalIP address targeted for the attack

        Request example

        The following is a sample request.

        curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList'
        --header 'x-ncp-apigw-timestamp: {Timestamp}'
        --header 'x-ncp-iam-access-key: {Access Key}'
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
        --data '{
          "startDateTime": 1719849227000,
          "endDateTime": 1720108427000,
          "page": 1,
          "countPerPage": 20
        }'
        Curl

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        returnCodeInteger-Processing result code for the request
        idsDataList[]Array-IDS security event list
        idsDataList[].ticketIdString-Unique number assigned to the security event
        idsDataList[].dateString-Detection time of the security event (Unix timestamp)
        idsDataList[].productString-Service type
        • IDS | IDS_V2
          • IDS: Classic environment
          • IDS_V2: VPC environment
        idsDataList[].reportTypeString-Report classification
        idsDataList[].eventNmString-Name of the security event detected
        idsDataList[].attackerIpString-Attacker IP address
        idsDataList[].targetIpString-IP address targeted for the attack
        idsDataList[].attackTypeString-Type of attack detected
        idsDataList[].regionString-Region
        idsDataList[].zoneNameString-Zone type
        • KR-1 | KR-2
        idsDataList[].platFormString-Platform type
        • CLASSIC | VPC
        idsDataList[].vpcNameString-VPC name
        returnMessageString-Processing result message for the request
        totalRowsInteger-Total number of lists searched
        pageInteger-No. of page requested

        Response status codes

        For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.

        Response example

        The following is a sample example.

        {
            "returnCode": 0,
            "idsDataList": [
                {
                    "ticketId": "526068433",
                    "date": "1720044438000",
                    "product": "IDS_V2",
                    "reportType": "Detection analysis",
                    "attackerIp": null,
                    "targetIp": "***.***.***.***",
                    "attackType": "SSH Bruteforce",
                    "region": "Korea",
                    "zoneName": "KR-2",
                    "platForm": "VPC",
                    "vpcName": "kr-sm-vpc"
                }
            ],
            "returnMessage": "SUCCESS",
            "totalRows": 1,
            "page": 1
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.