MENU
      getWAFList

        getWAFList


        Article summary

        Available in Classic and VPC

        Get the list of security events that occurred while using the WAF (Web Application Firewall) service.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/getWAFList

        Request headers

        For headers common to Security Monitoring APIs, see Security Monitoring request headers.

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        startDateTimeLongRequiredSecurity event query start time (Unix timestamp)
        • <E.g.> 1720540427000
        endDateTimeLongRequiredSecurity event query end time (Unix timestamp)
        • <E.g.> 1720540427000
        pageIntegerRequiredPage number
        countPerPageIntegerRequiredDisplayed number per page
        orderStringOptionalEvent detection time sort order
        • asc | desc (default)
          • asc: ascending
          • desc: descending
        regionCodeStringOptionalRegion code
        • KR | DEN | JPN | SGN | USWN
          • KR: Korea
          • DEN: Germany
          • JPN: Japan
          • SGN: Singapore
          • USWN: U.S.
        zoneNameStringOptionalZone type
        • KR-1 | KR-2
        attackTypeStringOptionalType of attack detected
        eventNmStringOptionalName of the event detected
        attackIpStringOptionalAttacker IP address
        targetIpStringOptionalIP address targeted for the attack

        Request example

        The following is a sample request.

        curl --location --request POST 'https://securitymonitoring.apigw.ntruss.com/vsecuritymonitoring/v1/getWAFList'
        --header 'x-ncp-apigw-timestamp: {Timestamp}'
        --header 'x-ncp-iam-access-key: {Access Key}'
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'
        --data '{
          "startDateTime": 1719849227000,
          "endDateTime": 1720108427000,
          "page": 1,
          "countPerPage": 20
        }'
        Curl

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        returnCodeInteger-Processing result code for the request
        wafDataList[]Array-WAF security event list
        wafDataList[].ticketIdString-Unique number assigned to the security event
        wafDataList[].dateString-Detection time of the security event (Unix timestamp)
        wafDataList[].productString-Service type
        • WAF | WAF_V2
          • WAF: Classic environment
          • WAF_V2: VPC environment
        wafDataList[].eventNmString-Name of the security event detected
        wafDataList[].attackTypeString-Type of attack detected
        wafDataList[].attackerIpString-Attacker IP address
        wafDataList[].attackerPortString-Attacker port number
        wafDataList[].targetIpString-IP address targeted for the attack
        wafDataList[].targetPortString-Attack target port number
        wafDataList[].regionString-Region
        wafDataList[].zoneNameString-Zone type
        • KR-1 | KR-2
        wafDataList[].platFormString-Platform type
        • CLASSIC | VPC
        wafDataList[].vpcNameString-VPC name
        returnMessageString-Processing result message for the request
        totalRowsInteger-Total number of lists searched
        pageInteger-No. of page requested

        Response status codes

        For error codes common to Security Monitoring APIs, see Common Security Monitoring error codes.

        Response example

        The following is a sample example.

        {
            "returnCode": 0,
            "wafDataList": [
                {
                    "ticketId": "526105713",
                    "date": "1720073905000",
                    "product": "WAF_V2",
                    "eventNm": "SQL Injection",
                    "attackType": "SQL injection",
                    "attackerIp": "***.***.***.***",
                    "attackerPort": "43586",
                    "targetIp": "***.***.***.***",
                    "targetPort": "80",
                    "region": "Korea",
                    "zoneName": "KR-2",
                    "platForm": "VPC",
                    "vpcName": "kr-sm-vpc"
                }
            ],
            "returnMessage": "SUCCESS",
            "totalRows": 1,
            "page": 1
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.