Available in Classic and VPC
Get the list of security events that occurred while using the WAF (Web Application Firewall) service.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /getWAFList |
Request headers
For headers common to Security Monitoring APIs, see Security Monitoring request headers.
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
startDateTime |
Long | Required | Security event query start time (Unix timestamp)
|
endDateTime |
Long | Required | Security event query end time (Unix timestamp)
|
page |
Integer | Required | Page number |
countPerPage |
Integer | Required | Displayed number per page |
order |
String | Optional | Event detection time sort order
|
regionCode |
String | Optional | Region code
|
zoneName |
String | Optional | Zone type
|
attackType |
String | Optional | Type of attack detected |
eventNm |
String | Optional | Name of the event detected |
attackIp |
String | Optional | Attacker IP address |
targetIp |
String | Optional | IP address targeted for the attack |
Request example
The following is a sample request.
curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getWAFList'
--header 'x-ncp-apigw-timestamp: {Timestamp}'
--header 'x-ncp-iam-access-key: {Access Key}'
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
--data '{
"startDateTime": 1719849227000,
"endDateTime": 1720108427000,
"page": 1,
"countPerPage": 20
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
returnCode |
Integer | - | Processing result code for the request |
wafDataList[] |
Array | - | WAF security event list |
wafDataList[].ticketId |
String | - | Unique number assigned to the security event |
wafDataList[].date |
String | - | Detection time of the security event (Unix timestamp) |
wafDataList[].product |
String | - | Service type
|
wafDataList[].eventNm |
String | - | Name of the security event detected |
wafDataList[].attackType |
String | - | Type of attack detected |
wafDataList[].attackerIp |
String | - | Attacker IP address |
wafDataList[].attackerPort |
String | - | Attacker port number |
wafDataList[].targetIp |
String | - | IP address targeted for the attack |
wafDataList[].targetPort |
String | - | Attack target port number |
wafDataList[].region |
String | - | Region |
wafDataList[].zoneName |
String | - | Zone type
|
wafDataList[].platForm |
String | - | Platform type
|
wafDataList[].vpcName |
String | - | VPC name |
returnMessage |
String | - | Processing result message for the request |
totalRows |
Integer | - | Total number of lists searched |
page |
Integer | - | No. of page requested |
Response status codes
For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.
Response example
The following is a sample example.
{
"returnCode": 0,
"wafDataList": [
{
"ticketId": "526105713",
"date": "1720073905000",
"product": "WAF_V2",
"eventNm": "SQL Injection",
"attackType": "SQL injection",
"attackerIp": "***.***.***.***",
"attackerPort": "43586",
"targetIp": "***.***.***.***",
"targetPort": "80",
"region": "Korea",
"zoneName": "KR-2",
"platForm": "VPC",
"vpcName": "kr-sm-vpc"
}
],
"returnMessage": "SUCCESS",
"totalRows": 1,
"page": 1
}