Available in Classic and VPC
Get the list of security events that occurred while using the IPS (Intrusion Prevention System) service.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /securitymonitoring/v1/getIPSList (Classic) |
| POST | /vsecuritymonitoring/v1/getIPSList (VPC) |
Request headers
For information about the headers common to all Security Monitoring APIs, see Security Monitoring request headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
startDateTime |
Long | Required | Security event query start time
|
endDateTime |
Long | Required | Security event query end time
|
page |
Integer | Required | Page number |
countPerPage |
Integer | Required | Displayed number per page |
order |
String | Optional | Event detection time sort order
|
regionCode |
String | Optional | Region code
|
zoneName |
String | Optional | Zone type
|
eventNm |
String | Optional | Name of the event detected |
attackIp |
String | Optional | Attacker IP address |
targetIp |
String | Optional | IP address targeted for the attack |
attackType |
String | Optional | Detected attack type
|
protocol |
String | Optional | Attack protocol
|
Request example
The following is a sample request.
curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIPSList' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
"startDateTime": 1719849227000,
"endDateTime": 1720108427000,
"page": 1,
"countPerPage": 20
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
returnCode |
Integer | - | Processing result code for the request |
ipsDataList |
Array | - | IPS security event list: ipsDataList |
returnMessage |
String | - | Processing result message for the request |
totalRows |
Integer | - | Total number of lists searched |
page |
Integer | - | No. of page requested |
idsDataList
The following describes idsDataList.
| Field | Type | Required | Description |
|---|---|---|---|
ticketId |
String | - | Unique number assigned to the security event |
date |
String | - | Detection time of the security event
|
product |
String | - | Service type
|
eventNm |
String | - | Name of the security event detected |
attackType |
String | - | Type of attack detected |
attackerIp |
String | - | Attacker IP address |
attackerPort |
String | - | Attacker port number |
targetIp |
String | - | IP address targeted for the attack |
targetPort |
String | - | Attack target port number |
protocol |
String | - | Attack protocol |
detect |
String | - | Number of detected security events |
region |
String | - | Region |
zoneName |
String | - | Zone type
|
platForm |
String | - | Platform type
|
vpcName |
String | - | VPC name |
Response status codes
For information about the HTTP status codes common to all Security Monitoring APIs, see Security Monitoring response status codes.
Response example
The following is a sample example.
{
"returnCode": 0,
"ipsDataList": [
{
"ticketId": "526068436",
"date": "1720044443000",
"product": "IPS_V2",
"eventNm": "Deep Security Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)",
"attackType": null,
"attackerIp": "***.***.***.***",
"attackerPort": "51185",
"targetIp": "***.***.***.***",
"targetPort": "80",
"protocol": "TCP",
"detect": "1",
"region": "Korea",
"zoneName": "KR-2",
"platForm": "VPC",
"vpcName": "kr-sm-vpc"
}
],
"returnMessage": "SUCCESS",
"totalRows": 1,
"page": 1
}