MENU
      getIPSList

        getIPSList


        Article summary

        Available in Classic and VPC

        Get the list of security events that occurred while using the IPS (Intrusion Prevention System) service.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/getIPSList

        Request headers

        For headers common to Security Monitoring APIs, see Security Monitoring request headers.

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        startDateTimeLongRequiredSecurity event query start time (Unix timestamp)
        • <E.g.> 1720540427000
        endDateTimeLongRequiredSecurity event query end time (Unix timestamp)
        • <E.g.> 1720540427000
        pageIntegerRequiredPage number
        countPerPageIntegerRequiredDisplayed number per page
        orderStringOptionalEvent detection time sort order
        • asc | desc (default)
          • asc: ascending
          • desc: descending
        regionCodeStringOptionalRegion code
        • KR | DEN | JPN | SGN | USWN
          • KR: Korea
          • DEN: Germany
          • JPN: Japan
          • SGN: Singapore
          • USWN: U.S.
        zoneNameStringOptionalZone type
        • KR-1 | KR-2
        eventNmStringOptionalName of the event detected
        attackIpStringOptionalAttacker IP address
        targetIpStringOptionalIP address targeted for the attack
        attackTypeStringOptionalDetected attack type
        • Only available in the Classic environment
        protocolStringOptionalAttack protocol
        • Only available in the VPC environment

        Request example

        The following is a sample request.

        curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getIPSList'
        --header 'x-ncp-apigw-timestamp: {Timestamp}'
        --header 'x-ncp-iam-access-key: {Access Key}'
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
        --data '{
          "startDateTime": 1719849227000,
          "endDateTime": 1720108427000,
          "page": 1,
          "countPerPage": 20
        }'
        Curl

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        returnCodeInteger-Processing result code for the request
        ipsDataList[]Array-IPS security event list
        ipsDataList[].ticketIdString-Unique number assigned to the security event
        ipsDataList[].dateString-Detection time of the security event (Unix timestamp)
        ipsDataList[].productString-Service type
        • IPS | IPS_V2
          • IPS: Classic environment
          • IPS_V2: VPC environment
        ipsDataList[].eventNmString-Name of the security event detected
        ipsDataList[].attackTypeString-Type of attack detected
        ipsDataList[].attackerIpString-Attacker IP address
        ipsDataList[].attackerPortString-Attacker port number
        ipsDataList[].targetIpString-IP address targeted for the attack
        ipsDataList[].targetPortString-Attack target port number
        ipsDataList[].protocolString-Attack protocol
        ipsDataList[].detectString-Number of detected security events
        ipsDataList[].regionString-Region
        ipsDataList[].zoneNameString-Zone type
        • KR-1 | KR-2
        ipsDataList[].platFormString-Platform type
        • CLASSIC | VPC
        ipsDataList[].vpcNameString-VPC name
        returnMessageString-Processing result message for the request
        totalRowsInteger-Total number of lists searched
        pageInteger-No. of page requested

        Response status codes

        For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.

        Response example

        The following is a sample example.

        {
            "returnCode": 0,
            "ipsDataList": [
                {
                    "ticketId": "526068436",
                    "date": "1720044443000",
                    "product": "IPS_V2",
                    "eventNm": "Deep Security Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)",
                    "attackType": null,
                    "attackerIp": "***.***.***.***",
                    "attackerPort": "51185",
                    "targetIp": "***.***.***.***",
                    "targetPort": "80",
                    "protocol": "TCP",
                    "detect": "1",
                    "region": "Korea",
                    "zoneName": "KR-2",
                    "platForm": "VPC",
                    "vpcName": "kr-sm-vpc"
                }
            ],
            "returnMessage": "SUCCESS",
            "totalRows": 1,
            "page": 1
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.