getIDSList

Prev Next

Available in Classic and VPC

Get the list of security events that occurred while using the IDS (Intrusion Detection System) service.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method URI
POST /securitymonitoring/v1/getIDSList (Classic)
POST /vsecuritymonitoring/v1/getIDSList (VPC)

Request headers

For information about the headers common to all Security Monitoring APIs, see Security Monitoring request headers.

Request body

The following describes the request body.

Field Type Required Description
startDateTime Long Required Security event query start time
  • Unix timestamp format
  • <E.g.> 1720540427000
endDateTime Long Required Security event query end time
  • Unix timestamp format
  • <E.g.> 1720540427000
page Integer Required Page number
countPerPage Integer Required Displayed number per page
order String Optional Event detection time sort order
  • asc | desc (default)
    • asc: ascending
    • desc: descending
regionCode String Optional Region code
  • KR | DEN | JPN | SGN | USWN
    • KR: Korea
    • DEN: Germany
    • JPN: Japan
    • SGN: Singapore
    • USWN: U.S.
zoneName String Optional Zone type
  • KR-1 | KR-2
attackType String Optional Type of attack detected
attackIp String Optional Attacker IP address
targetIp String Optional IP address targeted for the attack

Request example

The following is a sample request.

curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
  "startDateTime": 1719849227000,
  "endDateTime": 1720108427000,
  "page": 1,
  "countPerPage": 20
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field Type Required Description
returnCode Integer - Processing result code for the request
idsDataList Array - IDS security event list: idsDataList
returnMessage String - Processing result message for the request
totalRows Integer - Total number of lists searched
page Integer - No. of page requested

idsDataList

The following describes idsDataList.

Field Type Required Description
ticketId String - Unique number assigned to the security event
date String - Detection time of the security event
  • Unix timestamp format
product String - Service type
  • IDS | IDS_V2
    • IDS: Classic environment
    • IDS_V2: VPC environment
reportType String - Report classification
eventNm String - Name of the security event detected
attackerIp String - Attacker IP address
targetIp String - IP address targeted for the attack
attackType String - Type of attack detected
region String - Region
zoneName String - Zone type
  • KR-1 | KR-2
platForm String - Platform type
  • CLASSIC | VPC
vpcName String - VPC name

Response status codes

For information about the HTTP status codes common to all Security Monitoring APIs, see Security Monitoring response status codes.

Response example

The following is a sample example.

{
    "returnCode": 0,
    "idsDataList": [
        {
            "ticketId": "526068433",
            "date": "1720044438000",
            "product": "IDS_V2",
            "reportType": "Detection analysis",
            "attackerIp": null,
            "targetIp": "***.***.***.***",
            "attackType": "SSH Bruteforce",
            "region": "Korea",
            "zoneName": "KR-2",
            "platForm": "VPC",
            "vpcName": "kr-sm-vpc"
        }
    ],
    "returnMessage": "SUCCESS",
    "totalRows": 1,
    "page": 1
}
Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.