getWAFList

Available in Classic and VPC

Get the list of security events that occurred while using the WAF (Web Application Firewall) service.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
POST	/securitymonitoring/v1/getWAFList (Classic)
POST	/vsecuritymonitoring/v1/getWAFList (VPC)

Request headers

For information about the headers common to all Security Monitoring APIs, see Security Monitoring request headers.

Request body

The following describes the request body.

Field	Type	Required	Description
`startDateTime`	Long	Required	Security event query start time Unix timestamp format <E.g.> 1720540427000
`endDateTime`	Long	Required	Security event query end time Unix timestamp format <E.g.> 1720540427000
`page`	Integer	Required	Page number
`countPerPage`	Integer	Required	Displayed number per page
`order`	String	Optional	Event detection time sort order `asc` \| `desc` (default) `asc`: ascending `desc`: descending
`regionCode`	String	Optional	Region code `KR` \| `DEN` \| `JPN` \| `SGN` \| `USWN` `KR`: Korea `DEN`: Germany `JPN`: Japan `SGN`: Singapore `USWN`: U.S.
`zoneName`	String	Optional	Zone type `KR-1` \| `KR-2`
`attackType`	String	Optional	Type of attack detected
`eventNm`	String	Optional	Name of the event detected
`attackIp`	String	Optional	Attacker IP address
`targetIp`	String	Optional	IP address targeted for the attack

Request example

The following is a sample request.

curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getWAFList' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
  "startDateTime": 1719849227000,
  "endDateTime": 1720108427000,
  "page": 1,
  "countPerPage": 20
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`returnCode`	Integer	-	Processing result code for the request
`wafDataList`	Array	-	WAF security event list: wafDataList
`returnMessage`	String	-	Processing result message for the request
`totalRows`	Integer	-	Total number of lists searched
`page`	Integer	-	No. of page requested

`wafDataList`

The following describes wafDataList.

Field	Type	Required	Description
`ticketId`	String	-	Unique number assigned to the security event
`date`	String	-	Detection time of the security event Unix timestamp format
`product`	String	-	Service type `WAF` \| `WAF_V2` `WAF`: Classic environment `WAF_V2`: VPC environment
`eventNm`	String	-	Name of the security event detected
`attackType`	String	-	Type of attack detected
`attackerIp`	String	-	Attacker IP address
`attackerPort`	String	-	Attacker port number
`targetIp`	String	-	IP address targeted for the attack
`targetPort`	String	-	Attack target port number
`region`	String	-	Region
`zoneName`	String	-	Zone type `KR-1` \| `KR-2`
`platForm`	String	-	Platform type `CLASSIC` \| `VPC`
`vpcName`	String	-	VPC name

Response status codes

For information about the HTTP status codes common to all Security Monitoring APIs, see Security Monitoring response status codes.

Response example

The following is a sample example.

{
    "returnCode": 0,
    "wafDataList": [
        {
            "ticketId": "526105713",
            "date": "1720073905000",
            "product": "WAF_V2",
            "eventNm": "SQL Injection",
            "attackType": "SQL injection",
            "attackerIp": "***.***.***.***",
            "attackerPort": "43586",
            "targetIp": "***.***.***.***",
            "targetPort": "80",
            "region": "Korea",
            "zoneName": "KR-2",
            "platForm": "VPC",
            "vpcName": "kr-sm-vpc"
        }
    ],
    "returnMessage": "SUCCESS",
    "totalRows": 1,
    "page": 1
}