DescribeThreatEventTopMetric - Web Application Firewall - Alibaba Cloud Documentation Center

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
Metric	string	Yes	The metric that you want to use for statistics. Each metric corresponds to a different statistical object. Valid values: time: Aggregates statistics by attack time and returns the top 5 entries in descending order. src: Aggregates statistics by the source IP address of attack requests and returns the top 5 entries in descending order. target: Aggregates statistics by the URL of attack requests, excluding the query string, and returns the top 5 entries in descending order. type: Aggregates statistics by attack type and returns the top 5 entries in descending order. tools: Aggregates statistics by attack tool and returns the top 5 entries in descending order. Valid values: src : src time : time type : type tools : tools target : target	time
EventId	string	Yes	The ID of the security event.	0b7ab137a065aab7656986***11db
InstanceId	string	Yes	The ID of the Web Application Firewall (WAF) instance. Note Call the DescribeInstance operation to query the ID of the WAF instance.	waf_elasticity-cn-0xldbqt****
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfm***q

Response elements

Element	Type	Description	Example
	object
TopMetrics	array<object>	The list of statistics.
	object	The statistics.
Cnt	integer	The number of attacks.	20
Value	string	The attack value. The meaning of this parameter varies based on the value of Metric. If Metric is set to time, this parameter indicates the attack time. If Metric is set to src, this parameter indicates the source IP address of the attack. If Metric is set to target, this parameter indicates the URL of the attack request. If Metric is set to type, this parameter indicates the attack type. For example, dirscan indicates directory scan and webscan indicates web scan. For more information about other attack types, see the description of the detectType parameter for custom regular expression rules (regular_custom) in the CreateDefenseRule operation. If Metric is set to tools, this parameter indicates the attack tool.	115.28.209.212
Country	string	The country where the source IP address of the attack is located. Note This parameter is returned only when Metric is set to src.	CN
Region	string	The region where the source IP address of the attack is located. Note This parameter is returned only when Metric is set to src.	cn-hangzhou
RequestId	string	The ID of the request.	12EF3845-CCEB-4B84-AE60-2B49B*****EE5

Examples

Success response

JSON format

{
  "TopMetrics": [
    {
      "Cnt": 20,
      "Value": "115.28.209.212",
      "Country": "CN",
      "Region": "cn-hangzhou"
    }
  ],
  "RequestId": "12EF3845-CCEB-4B84-AE60-2B49B*****EE5"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.