getIDSList
- Print
- PDF
getIDSList
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in Classic and VPC
Get the list of security events that occurred while using the IDS (Intrusion Detection System) service.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /getIDSList |
Request headers
For headers common to Security Monitoring APIs, see Security Monitoring request headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
startDateTime | Long | Required | Security event query start time (Unix timestamp)
|
endDateTime | Long | Required | Security event query end time (Unix timestamp)
|
page | Integer | Required | Page number |
countPerPage | Integer | Required | Displayed number per page |
order | String | Optional | Event detection time sort order
|
regionCode | String | Optional | Region code
|
zoneName | String | Optional | Zone type
|
attackType | String | Optional | Type of attack detected |
attackIp | String | Optional | Attacker IP address |
targetIp | String | Optional | IP address targeted for the attack |
Request example
The following is a sample request.
curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList'
--header 'x-ncp-apigw-timestamp: {Timestamp}'
--header 'x-ncp-iam-access-key: {Access Key}'
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
--data '{
"startDateTime": 1719849227000,
"endDateTime": 1720108427000,
"page": 1,
"countPerPage": 20
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
returnCode | Integer | - | Processing result code for the request |
idsDataList[] | Array | - | IDS security event list |
idsDataList[].ticketId | String | - | Unique number assigned to the security event |
idsDataList[].date | String | - | Detection time of the security event (Unix timestamp) |
idsDataList[].product | String | - | Service type
|
idsDataList[].reportType | String | - | Report classification |
idsDataList[].eventNm | String | - | Name of the security event detected |
idsDataList[].attackerIp | String | - | Attacker IP address |
idsDataList[].targetIp | String | - | IP address targeted for the attack |
idsDataList[].attackType | String | - | Type of attack detected |
idsDataList[].region | String | - | Region |
idsDataList[].zoneName | String | - | Zone type
|
idsDataList[].platForm | String | - | Platform type
|
idsDataList[].vpcName | String | - | VPC name |
returnMessage | String | - | Processing result message for the request |
totalRows | Integer | - | Total number of lists searched |
page | Integer | - | No. of page requested |
Response status codes
For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.
Response example
The following is a sample example.
{
"returnCode": 0,
"idsDataList": [
{
"ticketId": "526068433",
"date": "1720044438000",
"product": "IDS_V2",
"reportType": "Detection analysis",
"attackerIp": null,
"targetIp": "***.***.***.***",
"attackType": "SSH Bruteforce",
"region": "Korea",
"zoneName": "KR-2",
"platForm": "VPC",
"vpcName": "kr-sm-vpc"
}
],
"returnMessage": "SUCCESS",
"totalRows": 1,
"page": 1
}
Was this article helpful?