Book IndexHideShow
Back to topic

Cloud Application Security

Traffic Statistics and Details API

Traffic Statistics and Details API

The following operations enable you to retrieve traffic statistics and logs for sites or accounts. Data can be fetched for one or more sites or for an account.

In this topic:

Fetch data for sites or accounts

To fetch data for a managed account, specify its ID in the account_id parameter.

To fetch data for specific sites, specify their IDs in a comma separated list in the site_id parameter.

To fetch data for all sites of the current account, do not specify the account_id or site_id parameters.

Get statistics

Use this operation to get site statistics for one or more sites. This operation may return multiple statistics, as specified in the stats parameter.

/api/stats/v1
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id

Numeric identifier of the account to fetch data for.

Note: You must specify either account_id or site_id.

Yes
time_range Time range to fetch data for. For a detailed description and the list of possible values, see Cloud Application Security API Reference.  
start Start date in milliseconds since 1970. Used together with the time_range parameter to specify a custom time range. For a detailed description, see Cloud Application Security API Reference. Yes
end End date in milliseconds since 1970. Used together with the time_range parameter to specify a custom time range. For a detailed description, see Cloud Application Security API Reference. Yes
site_id

Numeric identifier of the site to fetch data for. Multiple sites can be specified in a comma separated list. For example: 123,124,125.

Note: You must specify either account_id or site_id.

Yes
stats Statistics to fetch, as specified in the table below. Multiple statistics can be specified in a comma separated list. For possible values see below.  
granularity

Time interval in milliseconds between data points for time series statistics. (See the timeseries values in the table below.)

The default granularity depends on the specified time range, as follows:

  • Time range of less than 24 hours: Default granularity is 7200000 (2 hours).
  • Time range of between 24 hours and 30 days: Default granularity is 86400000 (1 day).
  • Time range of more than 30 days: Default granularity is 259200000 (3 days).

The response includes one result for each interval. For example, if you specify a time range value of last_7_days, the default granularity is 1 day, and the response will return 7 results.

Yes
Values for the stats parameters:
Name Description
visits_timeseries Number of visits by type (Humans/Bots) over time.
hits_timeseries Number of hits by type (Humans/Bots/Blocked) over time and per second.
bandwidth_timeseries Amount of bytes (bandwidth) and bits per second (throughput) transferred via the Imperva network from clients to proxy servers and vice-versa over time.
requests_geo_dist_summary Total number of requests routed via the Imperva network by data center location.
visits_dist_summary Total number of visits per client application and country.
caching Total number of requests and bytes that were cached by the Imperva network.
caching_timeseries Number of requests and bytes that were cached by the Imperva network, with one day resolution, with info regarding the caching mode (standard or advanced).
threats Total number of threats by type with additional information regarding the security rules configuration.
incap_rules List of security rules with total number of reported incidents for each rule.
incap_rules_timeseries List of security rules with a series of reported incidents for each rule with the specified granularity.
The data parameter

For all of the time series parameters, the data parameter gives results as follows:

[<Unix epoch timestamp>,<number of occurrences during the time interval>]

The time interval is defined by the value of the granularity parameter.

This example shows results for two buckets, with the time stamp and number of human visits for each, with granularity set to 10 minutes.

 "visits_timeseries" : [
        {
            "id":"api.stats.visits_timeseries.human",
            "name":"Human visits",
            "data":[
                [1344247200000,50],
                [1344247800000,40],
                ...
            ]
        },
Structure of the threats statistics:

The threats statistics provide the number of security incidents per threat type and additional information regarding the configuration of the site with respect to each threat type. When fetching data for multiple sites or for an account only, the name and incidents parameters will be returned.

Name Description
name Name of threat.
incidents Total number of security incidents of this threat type. A negative value represents N/A, indicating that data is not available.
status

Status of this security rule for the site.

Possible values: ok, warning, error

status_text_id ID of the status_text field.
status_text Name of this security rule status. For example, one of the following: Block | Not Supported | 3 ips in blacklist | ...
followup Followup action. For example: api.threats.followup.view or api.threats.followup.upgrade
followup_text

Name of followup action.

Possible values: View Incidents, Upgrade

followup_url URL for followup action.
Response structure:
{
    "res": 0,
    "res_message": "OK",
    "visits_timeseries" : [
        {
            "id":"api.stats.visits_timeseries.human",
            "name":"Human visits",
            "data":[
                [1344247200000,50],
                [1344247500000,40],
                ...
            ]
        },
        {
            "id":"api.stats.visits_timeseries.bot",
            "name":"Bot visits",
            "data":[
                [1344247200000,10],
                [1344247500000,20],
                ...
            ]
        } 
    ],
    "requests_geo_dist_summary" : {
        "id":"api.stats.requests_geo_dist_summary.datacenter",
        "name":"Requests by data-center location",
        "data":[
            ['Tokyo, JA',24365435],
            ['Los Angeles, CA',98762738],
            ...
        ]
    },
    "caching" : {
        "saved_requests":23984923,
        "total_requests":48723648,
        "saved_bytes":762394786,
        "total_bytes":1098349834
    },
    "caching_timeseries":[
    	{
    	    "id":"api.stats.caching_timeseries.hits.standard",	
            "name":"Standard Requests Caching",
            "data":[
                [
                    1349647200000,
                    5
                ],
                ...
            ]
        },
        {
            "id":"api.stats.caching_timeseries.bytes.standard",	
            "name":"Standard Bandwidth Caching",
            "data":[
                [
                    1349647200000,
                    3440
                ],
				...
            ]
        },
        {
            "id":"api.stats.caching_timeseries.hits.advanced",
            "name":"Advanced Requests Caching",
            "data":[
                [
                    1349647200000,
                    0
                ],
                ...
            ]
        },
        {
            "id":"api.stats.caching_timeseries.bytes.advanced",
            "name":"Advanced Bandwidth Caching",
            "data":[
                [
                    1349647200000,
                    0
                ],
                ...
            ]
        },
        {
            "id":"api.stats.caching_timeseries.hits.total",
            "name":"Total Requests",
            "data":[
                [
                    1349647200000,
                    5000
                ],
                ...
            ]
        },
        {
            "id":"api.stats.caching_timeseries.bytes.total",
            "name":"Total Bandwidth",
            "data":[
                [
                    1349647200000,
                    10000
                ],
                ...
            ]
        },
    ],
    "hits_timeseries":[
        {
            "id":"api.stats.hits_timeseries.human",
            "name":"Human requests",
            "data":[
                [
                    1360108800000,
                    131837
                ],
                ...                
            ]
        },
        {
            "id":"api.stats.hits_timeseries.bot",
            "name":"Bot requests",
            "data":[
                [
                    1360108800000,
                    81804
                ],
                ...
            ]
        },
        {
            "id":"api.stats.hits_timeseries.blocked",
            "name":"Blocked requests",
            "data":[
                [
                    1360108800000,
                    629
                ],
                ...
            ]
        },
        {
            "id":"api.stats.hits_timeseries.human_ps",
            "name":"Human requests per second",
            "data":[
                [
                    1360108800000,
                    427
                ],
                ...
            ]
        },
        {
            "id":"api.stats.hits_timeseries.bot_ps",
            "name":"Bot requests per second",
            "data":[
                [
                    1360108800000,
                    261
                ],
                ...
            ]
        },
        {
            "id":"api.stats.hits_timeseries.blocked_ps",
            "name":"Blocked requests per second",
            "data":[
                [
                    1360108800000,
                    0
                ],
                ...
            ]
        }
    ],  
    "threats" : [
        {
            "id":"api.threats.bot_access_control"
            "name: "Badbot Visits",
            "incidents": 12,
            "status": "ok",
            "status_text_id": "api.threats.action.block_request",
            "status_text": "Block Request",
            "followup":"api.threats.followup.view",
            "followup_text": "View Incidents",
            "followup_url": "https://my.incapsula.com/sites/siteVisits?token=1123_103_13234435091_5d55197912387b94&timeFrame=last_7_days&extSiteId=123&threatFilters=badBot"
        },
        {
            "id":"api.threats.sql_injection"
            "name": "SQL Injection",
            "incidents": 3,
            "status": "error",
            "status_text_id": "api.threats.rule_support.not_supported",
            "status_text": "Not Supported",
            "followup":"api.threats.followup.upgrade",
            "followup_text": "Upgrade",
            "followup_url": "https://my.incapsula.com/billing/selectplan?token=1123_103_13234435091_5d55197912387b94"
        },
        ...
    ],
        
    "visits_dist_summary":[
        {
            "data":[
                [
                    "np",
                    11
                ],
                [
                    "no",
                    778
                ],
                ...
            ],
            "id":"api.stats.visits_dist_summary.country",
            "name":"Visits by country"
        },
        {
            "data":[
                [
                    "lwp-request",
                    122
                ],
                [
                    "elkMonitor",
                    11550
                ],
                ...
            ],
            "id":"api.stats.visits_dist_summary.client_app",
            "name":"Visits by client application"
        }
    ],
    {
    "bandwidth_timeseries":[
        {
            "data":[
                [
                    1361318400000,
                    13078801085
                ],
                ...
            ],
            "id":"api.stats.bandwidth_timeseries.bandwidth",
            "name":"Bandwidth"
        },
        {
            "data":[
                [
                    1361318400000,
                    2520535
                ],
                ...
            ],
            "id":"api.stats.bandwidth_timeseries.bps",
            "name":"Bits per second"
        }
    ],
    "res":0,
    "res_message":"OK"
}
    "res":0,
    "res_message":"OK"
}
    "debug_info": {
        "timerange": "last_7_days",
        "site_id": 123
    }
}
Specific error codes:
Code Description Comment
13001 Timerange invalid Timerange malformed, missing, or the account is not on a supporting plan.
13002 Granularity Invalid Granularity malformed or not a number.

Get visits

Use this operation to get a log of recent visits to a website.

/api/visits/v1

Note: Requests are limited to 10 per site per 10-minute period.

The visits are fetched in reverse chronological order, starting with the most recent visit.

Not all visits are recorded - only visits with abnormal activity are recorded, such as a violation of security rules, visits from black-listed IPs/Countries, etc.

A visit may still be updated even after it was retrieved. Visits are aggregated into a session, and Imperva may use a suppression mechanism to trim repetitive events. This session is set by the Imperva reverse proxy and does not correlate with the application session set between the end user browser and the origin server. To retrieve only visits that will no longer be updated, use the list_live_visits parameter.

Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
site_id Numeric identifier of the site to operate on.  
time_range Time range to fetch data for. Default is last_7_days. Yes
start Start date in milliseconds since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
end End date in milliseconds since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
page_size The number of objects to return in the response. Defaults to 10. Maximum is 100. Yes
page_num The page to return starting from 0. Default to 0. Yes
security Filter the sessions that were handled according to the security-related specifications. Multiple values are supported, e.g.: "api.threats.action.block_ip, api.threats.sql_injection". Yes
country Filter the sessions coming from the specified country. Yes
ip Filter the sessions coming from the specified IP. Yes
visit_id Comma separated list of visit IDs to load. Yes
list_live_visits

Whether or not to list visits that did not end and that may still be updated.

Possible values: true, false

Default: true

Yes
Visit fields:
Name Description Optional
id The ID of this visit.  
startTime The timestamp in which this visit started. For example: 1317952740000  
endTime The timestamp in which this visit ended. For example: 1317952740000 Yes
clientIPs The IP addresses used by the client.  
countryCode The code of the country the site was visited from.  
country The country the site was visited from.  
clientType The client software application category. For example, Browser  
clientApplication The client software application. For example: Firefox  
clientApplicationVersion The version of the client software application. Yes
httpVersion The HTTP version number. One of: 1.0, 1.1 or 2.0  
userAgent The UserAgent header value.  
os The operating system type. Yes
osVersion The operating system version. Yes
supportsCookies Whether or not the client application software supports cookies. Yes
supportsJavaScript Whether or not the client application software supports JavaScript. Yes
hits The total number of HTTP requests in this visit, including requests to images, static resources, etc.  
pageViews The total number of pages viewed in this visit.  
entryReferer The referrer header value of the first request to this visit, i.e. the last URL viewed by the client application before navigating to the site. Yes
entryPage The URL of the first request in this visit. Yes
servedVia The Imperva data center from which this request was served.  
actions The actions that took place for the current session. Each such session may include specific threats, with its related details. Yes
securitySummary A mapping between the security rules (and acls) that took place per this session, and their frequency.  
Action fields:
Name Description Optional
threats The threats associated with the action. Yes
postData For post requests, the request body. The value is Base64-encoded. Yes
requestResult The decision made by the Imperva proxy server on how to process the request.  
responseTime The number of milliseconds it took the server to return the response. Yes
thinkTime The number of milliseconds it took the server to generate the response. Yes
httpStatus The HTTP response status code that was received from the origin server. Yes
Threat fields:
Name Description Optional
securityRule The security rule associated with the threat, e.g. api.threats.illegal_resource_access.  
attackCodes Imperva internal threat categorization. Yes
alertLocation The location of the alert, "api.alert_location." + one of: path, param_name, param_value, response_data. Yes
threatPattern The payload of the threat. Yes
securityRuleAction The action taken to mitigate the threat.  
Response structure:
{
"visits":[
        {
            "id":"133077760038625792",
            "siteId":7,
            "startTime":1361468485000,
            "clientIPs":[
                "12.13.14.15"
            ],
            "country":[
                "Sweden"
            ],
            "countryCode":[
                "SE"
            ],
            "clientType":"Unclassified",
            "clientApplication":"Bot",
            "clientApplicationVersion":"0",
            "httpVersion":"2.0",
            "userAgent":"Mozilla/4.0 (compatible; MSIE 5.0; Windows 95; DigExt)",
            "os":"Windows",
            "osVersion":"Windows",
            "supportsCookies":true,
            "supportsJavaScript":false,
            "hits":1,
            "pageViews":1,
            "entryReferer":"http://lp.usafis.org/_Incapsula_Resource?CWUDNSAI=9_E1521557&incident_id=133077760038102423-139906691365201416&edet=12&cinfo=2ef678e2c753856785000000",
            "entryPage":"www.incapsula.com/ddos/ddos-mitigation-services",
            "servedVia":[
                "Los Angeles,
                 CA"
            ],
            "securitySummary":{	// The following lists detected threats
                "api.threats.sql_injection" : 2,
				"api.threats.cross_site_scripting" : 1,
				"api.threats.illegal_resource_access" : 3,
				"api.threats.remote_file_inclusion"	: 2,
				"api.threats.customRule" : 3,
				"api.threats.ddos=DDoS" : 4,
				"api.threats.backdoor" : 2,
				// Bot Access Control may only take 1 as value, indicating the session was identified as a bot 
				"api.threats.bot_access_control" : 1,
				// Blacklists may only take 1 as value, indicating some requests were blocked due the the blacklists
				"api.acl.blacklisted_countries" : 1,
				"api.acl.blacklisted_urls" : 1,
				"api.acl.blacklisted_ips" : 1
            },
            "actions":[
                {
                    "requestResult":"api.request_result.req_challenge_javascript",
                    "isSecured":false,
                    "url":"www.google.com/ddos/ddos-mitigation-services",
                    "threats":[
                        {
                            "securityRule":"api.threats.illegal_resource_access",
                            "alertLocation":"api.alert_location.alert_location_path",
                            "attackCodes":[
                                "9070.0"
                            ],
                            "securityRuleAction":"api.rule_action_type.rule_action_block"
                        },
                        {
                            "securityRule":"api.threats.bot_access_control",
                            "alertLocation":"api.alert_location.alert_location_path",
                            "attackCodes":[
                                "915.0"
                            ],
                            "securityRuleAction":"api.rule_action_type.rule_action_block"
                        }
                    ]
                }
            ]
        },
        ...
    ],
    "res": 0,
    "res_message": "OK",
    "debug_info": {
        "site_id": 123
    }
}

Upload public key

Available only for customers that purchased the Security Logs Integration SKU.

Overview

Organizations that purchased the Security Logs Integration SKU can download security events created for their account and archive or push those events into their SIEM solution.

In both cases, it is highly recommended to encrypt the events using a private-public key pair generated by the customer.

Imperva uses two layers for encrypting the security events:

  • Imperva encrypts the security events using a symmetric key.
  • The symmetric key itself is asymmetrically encrypted using a public key supplied by the customer.

In order to decrypt the security events, the customer needs to:

  • Use the private key to decrypt the symmetric key.
  • Use the symmetric key to decrypt the security events in the log file sent by Imperva.

Using the API

The Upload Public Key API is used to upload the public key created by the customer.

Once the API is successfully invoked, the new public key is used to encrypt the symmetric key (used for encrypting the log files). Since the process of replacing/updating the public key may take several seconds, the customer decrypting the log files should prepare to use the correct private key.

To let the customer know what public key was used for the encryption (and accordingly what private key to use for the decryption), the Upload Public Key API returns an ID uniquely identifying the key pair. This ID is also added to the log file’s metadata.

Customers should maintain the mapping between the ID and the key pair.

/api/logscollector/upload/publickey
Parameters:
Name Description
api_id API authentication identifier.
api_key API authentication identifier.
config_id The Logs Collector configuration identifier.
public_key The public key file (2048bit) in base64 format (without password protection).
Response structure:

The response contains the public key ID generated by Imperva.

	{
	    "publicKeyId":1,
	    "res":0,
	    "res_message":"OK"
	}
Specific error codes:
Code Description Comment
2 Invalid input Input missing or incorrect.
13007 Invalid public key The input is not a valid RSA public key.
13008 Invalid configuration ID The configuration ID doesn’t exist or is not authorized with the provided API key and ID.
13009 Insufficient key length The uploaded key length is insufficient, please uplaod 2048bit length key.

Change Logs Collector Configuration Status

Available only for customers that purchased the Security Logs Integration SKU.

Use this operation to change the status of the Logs Collector configuration.

/api/logscollector/change/status
Parameters:
Name Description
api_id API authentication identifier.
api_key API authentication identifier.
config_id The Logs Collector configuration identifier.
logs_config_new_status

The new configuration status of the Logs Collector.

Possible values: ACTIVE, SUSPENDED

Response structure:
	{
	    "res":0,
	    "res_message":"OK"
	}
Specific error codes:
Code Description Comment
2 Invalid input Input missing or incorrect.
13008 Invalid configuration ID The configuration ID doesn’t exist or is not authorized with the provided API key and ID.

Get Infrastructure Protection Statistics

Use this operation to get Infrastructure Protection statistics for an account or IP range.

/api/v1/infra/stats
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id Numeric identifier of the account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters. Yes
ip_prefix Specific Protected IP or IP range. For example, 1.1.1.0/24. Yes
traffic Specific traffic. One of: Total, Passed, Blocked. Yes
traffic_type A comma separated list of specific traffic types. Any of: UDP, TCP, DNS, DNS_RESPONSE, ICMP, SYN, FRAG, LARGE_SYN, NTP, NETFLOW, SSDP, GENERAL. Cannot be used together with the pop parameter. Yes
pop A comma separated list of specific PoP names. For example: iad, tko. Cannot be used together with the traffic_type parameter. For the list of PoP codes and locations, see Imperva Data Centers (PoPs). Yes
start The start date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
end The end date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
Response structure:
{
    "stats":[
        {
            "objectId":607074,
            "payload":[
                {
                    "interval":15000,
                    "startTime":1509936300000,
                    "data":[
                        0,
                        15,
                        ...
                    ],
                    "metric":"pps",
                    "pop":"tko",
                    "ipPrefix":"192.168.205.0/24",
                    "ipPrefixType":"bgp",
                    "traffic":"passed"
                },
                {
                    "interval":15000,
                    "startTime":1509936300000,
                    "data":[
                        7968575,
                        8484564,
                        ...
                    ],
                    "metric":"bw",
                    "pop":"tko",
                    "ipPrefix":"192.168.205.0/24",
                    "ipPrefixType":"bgp",
                    "traffic":"passed"
                },
                ...
            ]
        },
        ...
    ],
    "res": 0,
    "res_message": "OK",
    "debug_info": {
    }
}

Get Infrastructure Protection Events

Use this operation to get Infrastructure Protection event information for an account.

/api/v1/infra/events
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id Numeric identifier of the account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters. Yes
event_type A comma separated list of specific event types. Any of: GRE_TUNNEL_UP, GRE_TUNNEL_DOWN, ORIGIN_CONNECTION_GRE_UP, ORIGIN_CONNECTION_GRE_DOWN, ORIGIN_CONNECTION_ECX_UP, ORIGIN_CONNECTION_ECX_DOWN, ORIGIN_CONNECTION_CROSS_CONNECT_UP, ORIGIN_CONNECTION_CROSS_CONNECT_DOWN, DDOS_START_IP_RANGE, DDOS_STOP_IP_RANGE, DDOS_QUIET_TIME_IP_RANGE, EXPORTER_NO_DATA, EXPORTER_BAD_DATA, EXPORTER_GOOD_DATA, MONITORING_CRITICAL_ATTACK, PROTECTED_IP_STATUS_UP, PROTECTED_IP_STATUS_DOWN, PER_IP_DDOS_START_IP_RANGE. Yes
ip_prefix Specific Protected IP or IP range. For example, 1.1.1.0/24. Yes
page_size

The number of objects to return in the response.

Default: 50

Maximum: 100

Yes
page_num The page to return starting from 0. Default: 0 Yes
start The start date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
end The end date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference. Yes
Response structure:
{
    "events":[
        {
            "eventTime":"2017-12-08 10:54:59 UTC",
            "eventType":"DDOS_STOP_IP_RANGE",
            "bwTotal":9000,
            "ppsTotal":90,
            "bwPassed":200,
            "ppsPassed":87,
            "bwBlocked":8800,
            "ppsBlocked":3,
            "eventTarget":"103.28.250.93/32",
            "itemType":"IP_RANGE",
            "reportedByPop":"zrh",
        },
        ...
    ],
    "res": 0,
    "res_message": "OK",
    "debug_info": {
    }
}

Get Infrastructure Protection Top Items (Table View)

Use this operation to view the highest peak values and highest average values for a protected IP range during a selected time period.

/api/v1/infra/top-table
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id Numeric identifier of the account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters. Yes
ip_range The customer's IP range.  
range_type One of the following: BGP, PROTECTED_IP  
start The start date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
end The end date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
data_type One of the following: SRC_IP, DST_IP, SRC_PORT_PROTOCOL, DST_PORT_PROTOCOL  
metric_type One of the following: BW, PPS  
mitigation_type One of the following: BLOCK, PASS  
aggregation_type One of the following: PEAK, AVERAGE  
data_storage_region The data region to use. If not specified, account's default data region will be used. Yes
Possible values for data storage region
Name Description
EU Europe
US United States of America
APAC Asia Pacific
Response structure
{
    "stats":[
        {
            "object":"100.13.0.1",
            "value":334229.33,
            "total":1111616
       	},
       	{
            "object":"100.13.0.3",
            "value":334160,
            "total":1109938
       	},
       	...
    ],
    "res":0,
    "res_message":"OK",
    "debug_info":{
    }
}

Get Infrastructure Protection Top Items (Graph View)

Use this operation to view the highest peak values and highest average values for a protected IP range during a selected time period.

/api/v1/infra/top-graph
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id Numeric identifier of the account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters. Yes
ip_range The customer's IP range.  
range_type One of the following: BGP, PROTECTED_IP  
start The start date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
end The end date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
data_type One of the following: SRC_IP, DST_IP, SRC_PORT_PROTOCOL, DST_PORT_PROTOCOL  
metric_type One of the following: BW, PPS  
mitigation_type One of the following: BLOCK, PASS  
objects A comma separated list of items to fetch data for. e.g., 10.10.10.10, 2.2.2.2. If not specified, top items are automatically fetched. Yes
data_storage_region The data region to use. If not specified, account's default data region will be used. Yes
Possible values for data storage region
Name Description
EU Europe
US United States of America
APAC Asia Pacific
Response structure
{
    "stats":[
        {
            "objectId":200,
            "time":1522761000000,
            "payload":[
                {
                    "interval":15000,
                    "startTime":1522761000000,
                    "data":[
                        4627,
                        4067,
                        4245,
                        ...
                    ],
                    "metric":"pps",
                    "dataType":"ip",
                    "item":"100.13.0.1",
                    "traffic":"blocked"
                },
                {
                    "interval":15000,
                    "startTime":1522761000000,
                    "data":[
                        331656,
                        333291,
                        333387,
                        ...
                    ],
                    "metric":"pps",
                    "dataType":"ip",
                    "item":"100.13.0.3",
                    "traffic":"blocked"
                },
                ...
            ]
        }
    ],
    "res":0,
    "res_message":"OK",
    "debug_info":{
    }
}

Get Infrastructure Protection Histogram

Use this operation to view the highest packet size values for a protected IP range during a selected time period.

/api/v1/infra/histogram
Parameters:
Name Description Optional
api_id API authentication identifier.  
api_key API authentication identifier.  
account_id Numeric identifier of the account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters. Yes
ip_range The customer's IP range.  
range_type One of the following: BGP, PROTECTED_IP  
start The start date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
end The end date in milliseconds, since 1970. For a detailed description, see Cloud Application Security API Reference.  
mitigation_type One of the following: BLOCK, PASS  
data_storage_region The data region to use. If not specified, account's default data region will be used. Yes
Possible values for data storage region
Name Description
EU Europe
US United States of America
APAC Asia Pacific
Response structure
{
    "stats":{
        "PL_100":366450640,
        "PL_200":305475960,
        "PL_300":0,
        "PL_400":0,
        "PL_500":0,
        "PL_600":0,
        "PL_700":0,
        "PL_800":6053680,
        "PL_900":0,
        "PL_1000":0,
        "PL_1100":0,
        "PL_1200":0,
        "PL_1300":0,
        "PL_1400":0,
        "PL_1500":0
    },
    "res":0,
    "res_message":"OK",
    "debug_info":{
    }
}

Join the Discussion