getIPSList
- Print
- PDF
getIPSList
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
- The getIPSList API is a feature provided by the "IPS" of "Security Monitoring" that allows you to check the list of security events detected by the IPS.
- The API request must be IAM-authenticated via API Gateway.
Request
Platform | Method | Request URI |
---|---|---|
Classic | POST | https://securitymonitoring.apigw.ntruss.com/securitymonitoring/v1/getIPSList |
VPC | POST | https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIPSList |
Request Header
Header | Description |
---|---|
x-ncp-apigw-timestamp | It is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC. If the time difference with the API Gateway server is more than 5 minutes, the request is considered invalid. |
x-ncp-iam-access-key | API key issued by NAVER Cloud Platform or access key issued by IAM |
x-ncp-apigw-signature-v2 | Signature used to encrypt the body with the “secret key” that maps with the “access key.” The HMAC encryption algorithm is HMAC SHA256. Reference Call APIs that require IAM authentication |
Request parameters
Parameter | Required | Type | Description |
---|---|---|---|
startDateTime | Yes | long | Event search start time |
endDateTime | Yes | long | Event search end time |
page | Yes | int | Page Number |
countPerPage | Yes | int | Number of displayed items per page |
order | No | string | Sort by Event detection time(asc, desc) default value : desc |
regionCode | No | string | Region code (Korea: KR , Germany:DEN , Japan:JPN , Singapore:SGN , USW:USWN ) |
zoneName | No | string | Zone(KR-1, KR-2) |
eventNm | No | string | Event name |
attackIp | No | string | Attacker IP |
targetIp | No | string | Target IP |
attackType | No | string | Attack TypeUse only in Classic |
protocol | No | string | ProtocolUse only in VPC |
Response
Response body
Field | Type | Description |
---|---|---|
returnCode | string | Response code |
returnMessage | string | Response message |
totalRows | int | This is the total number of getIPSList. |
page | int | This is the requested page number. |
ipsDataList[] | array | IPS Event List |
ipsDataList[].ticketId | string | IPS Event Number |
ipsDataList[].date | string | Event detection time |
ipsDataList[].product | string | Product sortation (classic : IPS, vpc : IPS_V2) |
ipsDataList[].eventNm | string | Event name |
ipsDataList[].attackerIp | string | Attacker IP |
ipsDataList[].attackerPort | string | Attacker Port |
ipsDataList[].targetIp | string | Target IP |
ipsDataList[].targetPort | string | Target Port |
ipsDataList[].detect | string | Number of detections |
ipsDataList[].attackType | string | Attack TypeUse only in Classic |
ipsDataList[].protocol | string | ProtocolUse only in VPC |
ipsDataList[].region | string | Region |
ipsDataList[].zoneName | string | Zone(KR-1, KR-2) |
ipsDataList[].platForm | string | Platform(CLASSIC, VPC) |
ipsDataList[].vpcName | string | VPC nameUse only in VPC |
Examples
Request example(Classic)
curl -X POST "https://securitymonitoring.apigw.ntruss.com/securitymonitoring/v1/getIPSList"
-H "accept: application/json"
-H "x-ncp-apigw-api-key: {x-ncp-apigw-api-key}"
-H "x-ncp-iam-access-key: {x-ncp-iam-access-key}"
-H "x-ncp-apigw-timestamp: {x-ncp-apigw-timestamp}"
-H "x-ncp-apigw-signature-v2: {x-ncp-apigw-signature-v2}"
-d {"startDateTime": {startDateTime},
"endDateTime": {endDateTime},
"page": {page},
"countPerPage": {countPerPage}
}
Request example(VPC)
curl -X POST "https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIPSList"
-H "accept: application/json"
-H "x-ncp-apigw-api-key: {x-ncp-apigw-api-key}"
-H "x-ncp-iam-access-key: {x-ncp-iam-access-key}"
-H "x-ncp-apigw-timestamp: {x-ncp-apigw-timestamp}"
-H "x-ncp-apigw-signature-v2: {x-ncp-apigw-signature-v2}"
-d {"startDateTime": {startDateTime},
"endDateTime": {endDateTime},
"page": {page},
"countPerPage": {countPerPage}
}
Response example
{
"returnCode": "0",
"returnMessage": "SUCCESS",
"totalRows": 1,
"page": 1,
"ipsDataList": [
{
"ticketId": "66381",
"date": "1600325545000",
"product": "IPS_V2",
"eventNm": "Test_Event",
"attackType": null,
"attackerIp": "10.0.4.10",
"attackerPort": "2952",
"targetIp": "10.0.1.7",
"targetPort": "80",
"protocol": "TCP",
"detect": "9",
"region": "Korea",
"zoneName": "KR-1",
"platForm": "VPC",
"vpcName": "beta-vpc-test"
}
]
}
Was this article helpful?