Queries DDoS attack events.

Usage notes

You can call the DescribeDDosAllEventList operation to query DDoS attack events within a specific time range by page. The information about a DDoS attack event includes the start time and end time of the attack, attack event type, attacked object, peak bandwidth of attack traffic, and peak packet forwarding rate.

Limits

You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeDDosAllEventList

The operation that you want to perform. Set the value to DescribeDDosAllEventList.

EventType String No defense

The type of the DDoS attack events you want to query. Valid values:

  • web-cc: resource exhaustion attacks
  • cc: connection flood attacks
  • defense: DDoS attacks that trigger traffic scrubbing
  • blackhole: DDoS attacks that trigger blackhole filtering

If you want to query multiple types of DDoS attack events, separate them with commas (,).

If you do not configure this parameter, DDoS attack events of all types are queried.

StartTime Long Yes 1609430400

The beginning of the time range to query. The DDoS attack events occur after StartTime are queried. This value is a UNIX timestamp. Unit: seconds.

EndTime Long Yes 1640966399

The end of the time range to query. The DDoS attack events occur before EndTime are queried. This value is a UNIX timestamp. Unit: seconds.

PageNumber Integer Yes 1

The number of the page to return.

PageSize Integer Yes 10

The number of entries to return on each page.

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter Type Example Description
Total Long 1

The total number of DDoS attack events.

RequestId String 25D83ED5-28CB-5683-9CF7-AECE521F3005

The ID of the request.

AttackEvents Array of AttackEvent

The DDoS attack events.

EndTime Long 1634546030

The time when the DDoS attack stopped. This value is a UNIX timestamp. Unit: seconds.

StartTime Long 1634543764

The time when the DDoS attack started. This value is a UNIX timestamp. Unit: seconds.

EventType String cc

The type of the DDoS attack event. Valid values:

  • web-cc: resource exhaustion attacks
  • cc: connection flood attacks
  • defense: DDoS attacks that trigger traffic scrubbing
  • blackhole: DDoS attacks that trigger blackhole filtering
Mbps Long 101899

The peak bandwidth of the attack traffic. Unit: Mbit/s.

Ip String 203.107.XX.XX

The attacked object. The attacked object varies based on the attack event type. The following list describes different attacked objects of different attack event types:

  • If EventType is set to web-cc, the value of this parameter indicates the domain name of the attacked website.
  • If EventType is set to cc, the value of this parameter indicates the IP address of the attacked Anti-DDoS Pro or Anti-DDoS Premium instance.
  • If EventType is set to defense or blackhole, the value of this parameter indicates the IP address of the attacked Anti-DDoS Pro or Anti-DDoS Premium instance.
Area String cn

The source location or region from which the attack was initiated. Valid values:

  • cn: Chinese mainland
  • alb-cn-hongkong-gf-2: China (Hongkong)
  • alb-us-west-1-gf-2: US (Silicon Valley)
  • alb-ap-northeast-1-gf-1: Japan (Tokyo)
  • alb-ap-southeast-gf-1: Singapore (Singapore)
  • alb-eu-central-1-gf-1: Germany (Frankfurt)
  • alb-eu-central-1-gf-1 or selb-eu-west-1-gf-1a: UK (London)
  • alb-us-east-gf-1: US (Virginia)
  • CT-yundi: China (Hongkong) This value is returned only for Anti-DDoS Premium instances of the Secure Mainland China Acceleration (Sec-MCA) mitigation plan.
Port String 80

The attacked port.

Note If EventType is set to web-cc, this parameter is not returned.
Pps Long 9664270

The peak packet forwarding rate of attack traffic. Unit: pps.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeDDosAllEventList
&StartTime=1609430400
&EndTime=1640966399
&PageNumber=1
&PageSize=10
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeDDosAllEventListResponse>
    <Total>1</Total>
    <RequestId>25D83ED5-28CB-5683-9CF7-AECE521F3005</RequestId>
    <AttackEvents>
        <EndTime>1634546030</EndTime>
        <StartTime>1634543764</StartTime>
        <EventType>cc</EventType>
        <Mbps>101899</Mbps>
        <Ip>203.107.XX.XX</Ip>
        <Area>cn</Area>
        <Port>80</Port>
        <Pps>9664270</Pps>
    </AttackEvents>
</DescribeDDosAllEventListResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Total" : 1,
  "RequestId" : "25D83ED5-28CB-5683-9CF7-AECE521F3005",
  "AttackEvents" : [ {
    "EndTime" : 1634546030,
    "StartTime" : 1634543764,
    "EventType" : "cc",
    "Mbps" : 101899,
    "Ip" : "203.107.XX.XX",
    "Area" : "cn",
    "Port" : "80",
    "Pps" : 9664270
  } ]
}

Error codes

For a list of error codes, visit the Error Center.