getIDSList

Prev Next

Available in Classic and VPC

Get the list of security events that occurred while using the IDS (Intrusion Detection System) service.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method URI
POST /getIDSList

Request headers

For headers common to Security Monitoring APIs, see Security Monitoring request headers.

Request body

The following describes the request body.

Field Type Required Description
startDateTime Long Required Security event query start time (Unix timestamp)
  • <E.g.> 1720540427000
endDateTime Long Required Security event query end time (Unix timestamp)
  • <E.g.> 1720540427000
page Integer Required Page number
countPerPage Integer Required Displayed number per page
order String Optional Event detection time sort order
  • asc | desc (default)
    • asc: ascending
    • desc: descending
regionCode String Optional Region code
  • KR | DEN | JPN | SGN | USWN
    • KR: Korea
    • DEN: Germany
    • JPN: Japan
    • SGN: Singapore
    • USWN: U.S.
zoneName String Optional Zone type
  • KR-1 | KR-2
attackType String Optional Type of attack detected
attackIp String Optional Attacker IP address
targetIp String Optional IP address targeted for the attack

Request example

The following is a sample request.

curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList'
--header 'x-ncp-apigw-timestamp: {Timestamp}'
--header 'x-ncp-iam-access-key: {Access Key}' 
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' 
--data '{
  "startDateTime": 1719849227000,
  "endDateTime": 1720108427000,
  "page": 1,
  "countPerPage": 20
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field Type Required Description
returnCode Integer - Processing result code for the request
idsDataList[] Array - IDS security event list
idsDataList[].ticketId String - Unique number assigned to the security event
idsDataList[].date String - Detection time of the security event (Unix timestamp)
idsDataList[].product String - Service type
  • IDS | IDS_V2
    • IDS: Classic environment
    • IDS_V2: VPC environment
idsDataList[].reportType String - Report classification
idsDataList[].eventNm String - Name of the security event detected
idsDataList[].attackerIp String - Attacker IP address
idsDataList[].targetIp String - IP address targeted for the attack
idsDataList[].attackType String - Type of attack detected
idsDataList[].region String - Region
idsDataList[].zoneName String - Zone type
  • KR-1 | KR-2
idsDataList[].platForm String - Platform type
  • CLASSIC | VPC
idsDataList[].vpcName String - VPC name
returnMessage String - Processing result message for the request
totalRows Integer - Total number of lists searched
page Integer - No. of page requested

Response status codes

For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.

Response example

The following is a sample example.

{
    "returnCode": 0,
    "idsDataList": [
        {
            "ticketId": "526068433",
            "date": "1720044438000",
            "product": "IDS_V2",
            "reportType": "Detection analysis",
            "attackerIp": null,
            "targetIp": "***.***.***.***",
            "attackType": "SSH Bruteforce",
            "region": "Korea",
            "zoneName": "KR-2",
            "platForm": "VPC",
            "vpcName": "kr-sm-vpc"
        }
    ],
    "returnMessage": "SUCCESS",
    "totalRows": 1,
    "page": 1
}