getIDSList
- Print
- PDF
getIDSList
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
- The getIDSList API is a feature provided by the "IDS" of "Security Monitoring" that allows you to check the list of security events detected by the IDS.
- The API request must be IAM-authenticated via API Gateway.
Request
Platform | Method | Request URI |
---|---|---|
Classic | POST | https://securitymonitoring.apigw.ntruss.com/securitymonitoring/v1/getIDSList |
VPC | POST | https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList |
Request Header
Header | Description |
---|---|
x-ncp-apigw-timestamp | It is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC. If the time difference with the API Gateway server is more than 5 minutes, the request is considered invalid. |
x-ncp-iam-access-key | API key issued by NAVER Cloud Platform or access key issued by IAM |
x-ncp-apigw-signature-v2 | Signature used to encrypt the body with the “secret key” that maps with the “access key.” The HMAC encryption algorithm is HMAC SHA256. Reference Call APIs that require IAM authentication |
Request parameters
Parameter | Required | Type | Description |
---|---|---|---|
startDateTime | Yes | long | Event search start time |
endDateTime | Yes | long | Event search end time |
page | Yes | int | Page Number |
countPerPage | Yes | int | Number of displayed items per page |
order | No | string | Sort by Event detection time(asc, desc) default value : desc |
regionCode | No | string | Region code (Korea: KR , Germany:DEN , Japan:JPN , Singapore:SGN , USW:USWN ) |
zoneName | No | string | Zone(KR-1, KR-2) |
attackType | No | string | Attack Type |
attackIp | No | string | Attacker IP |
targetIp | No | string | Target IP |
Response
Response body
Field | Type | Description |
---|---|---|
returnCode | string | Response code |
returnMessage | string | Response message |
totalRows | int | This is the total number of getIDSList. |
page | int | This is the requested page number. |
idsDataList[] | array | IDS Event List |
idsDataList[].ticketId | string | IDS Event Number |
idsDataList[].date | string | Event detection time |
idsDataList[].product | string | Product sortation (classic : IDS, vpc : IDS_V2) |
idsDataList[].reportType | string | Report Type |
idsDataList[].attackerIp | string | Attacker IP |
idsDataList[].targetIp | string | Target IP |
idsDataList[].attackType | string | Attack Type |
idsDataList[].region | string | Region |
idsDataList[].zoneName | string | Zone(KR-1, KR-2) |
idsDataList[].platForm | string | Platform(CLASSIC, VPC) |
idsDataList[].vpcName | string | VPC nameUse only in VPC |
Examples
Request example(Classic)
curl -X POST "https://securitymonitoring.apigw.ntruss.com/securitymonitoring/v1/getIDSList"
-H "accept: application/json"
-H "x-ncp-apigw-api-key: {x-ncp-apigw-api-key}"
-H "x-ncp-iam-access-key: {x-ncp-iam-access-key}"
-H "x-ncp-apigw-timestamp: {x-ncp-apigw-timestamp}"
-H "x-ncp-apigw-signature-v2: {x-ncp-apigw-signature-v2}"
-d {"startDateTime": {startDateTime},
"endDateTime": {endDateTime},
"page": {page},
"countPerPage": {countPerPage}
}
Request example(VPC)
curl -X POST "https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIDSList"
-H "accept: application/json"
-H "x-ncp-apigw-api-key: {x-ncp-apigw-api-key}"
-H "x-ncp-iam-access-key: {x-ncp-iam-access-key}"
-H "x-ncp-apigw-timestamp: {x-ncp-apigw-timestamp}"
-H "x-ncp-apigw-signature-v2: {x-ncp-apigw-signature-v2}"
-d {"startDateTime": {startDateTime},
"endDateTime": {endDateTime},
"page": {page},
"countPerPage": {countPerPage}
}
Response example
{
"returnCode": "0",
"returnMessage": "SUCCESS",
"totalRows": 1,
"page": 1,
"idsDataList": [
{
"ticketId": "66406",
"date": "1604302136000",
"product": "IDS_V2",
"reportType": "분석보고",
"attackerIp": "2.2.1.1",
"targetIp": "10.10.10.10",
"attackType": "Bruteforce Outbound",
"region": "Korea",
"zoneName": "KR-2",
"platForm": "VPC",
"vpcName": "beta-vpc-test"
}
]
}
Was this article helpful?