Get False Alarm Record List - DescribeWafAttackFalseAlarmListInfo
Overview
Get False Alarm Record List
Definition
Public Parameters
| Parameter Name | Type | Description Information | Required |
|---|---|---|---|
| Action | string | Corresponding API command name, the current API is DescribeWafAttackFalseAlarmListInfo. | Yes |
| PublicKey | string | The user’s public key can be obtained from Console  | Yes |
| Signature | string | User signature generated based on public key and API command, see Signature Algorithm | Yes |
Request Parameters
| Parameter Name | Type | Description Information | Required |
|---|---|---|---|
| ProjectId | string | Project ID. If not filled in, the default project is used, sub-accounts must be filled in. Please refer to the GetProjectList interface. | No |
| Offset | int | Record Offset, equivalent to PageNum | Yes |
| Limit | int | Record limit number, equivalent to PageSize | Yes |
| FullDomain | string | The domain name to be queried, which has a higher priority than Domain. | No |
Response Field
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| RetCode | int | Return status code. If it is 0, it means successful return. If it is not 0, it means failure. | Yes |
| Action | string | Operation command name. | Yes |
| Message | string | Returns an error message, providing detailed description when RetCode is non-zero. | No |
| TotalCount | int | False Alarm Record Total | Yes |
| DetailList | array[WafAttack] | False Alarm Record List, see WafAttack | Yes |
Data Model
WafAttack
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| Region | string | Region | No |
| RequestHeaders | string | Request Header | Yes |
| RequestBody | string | Request body | Yes |
| ClientPort | string | Client Port | Yes |
| RequestID | string | Request uid | Yes |
| ClientIPInfo | CityInfo | Source IP Information | Yes |
| Protocol | string | Protocol | No |
| ServerName | string | Server Name | No |
| DestIp | string | Target IP Address | No |
| Port | string | Port | No |
| Alerts | array[WafAlert] | Alarm matching information, refer to WafAlert | No |
| Attack | string | Attack Type | No |
| Method | string | Request Method | No |
| FalsePositive | boolean | False Alarm | No |
| RiskRank | string | Risk Level | No |
| TimeStamp | int | Attack Timestamp | No |
| Host | string | Hostname | No |
| Referer | string | Reference Address | No |
| Count | int | Attack Times | No |
| Uri | string | URI | No |
| Client | string | Client | No |
| Mode | string | Working Mode | No |
| Action | string | Matching Action | No |
| UA | string | User Agent | No |
| Args | string | Parameters | No |
| Id | string | No |
CityInfo
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| CountryName | string | Country | No |
| RegionName | string | Region | No |
| CityName | string | City | No |
| OwnerDomain | string | Belonging Domain | No |
| Latitude | string | Latitude | No |
| Longitude | string | Longitude | No |
| Timezone | string | Time Zone | No |
WafAlert
| Field Name | Type | Description Information | Required |
|---|---|---|---|
| Match | string | The translation is as follows: """Hit Content | Yes |
| Description | string | Rule Description | No |
| Id | int | Matching Rule ID | No |
Example
Request Example
https://api.surfercloud.com/?Action=DescribeWafAttackFalseAlarmListInfo
&ProjectId=org-xxx
&Domain=www.test.com
&Offset=0
&Limit=10
&FullDomain=izRcaHFoResponse Example
{
"Action": "DescribeWafAttackFalseAlarmListInfoResponse",
"DetailList": [
{
"AccessId": "183.238.16.138-a9736253",
"Action": "DENY",
"Alerts": [
{
"Description": "XSS",
"Id": 32003,
"Match": {
"0": "\u003cscript",
"1": "\u003cscript",
"2": "\u003c",
"5": "script"
}
}
],
"Args": "",
"Attack": "xss",
"Client": "183.238.16.138",
"ClientIPInfo": {
"city_name": "深圳",
"country_name": "ä¸å›½",
"latitude": "22.547",
"longitude": "114.085947",
"owner_domain": "",
"region_name": "广东",
"timezone": "Asia/Shanghai"
},
"Count": 1,
"DestIp": "106.75.79.224",
"FalsePositive": true,
"Host": "www.test.com",
"Id": "5e8c1dbb243527db1df82677",
"Method": "GET",
"Mode": "SIMULATE",
"Port": "80",
"Protocol": "http",
"Referer": "NULL",
"Region": "cn-bj",
"RequestBody": null,
"RequestHeaders": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"AcceptEncoding": "",
"AcceptLanguage": "en-US",
"CacheControl": "",
"Connection": "",
"Cookie": "",
"Host": "www.test.com",
"UpgradeInsecureRequests": "",
"UserAgent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"XForwardFor": ""
},
"RiskRank": "high",
"ServerName": "www.test.com",
"TimeStamp": 1586240955,
"TopId": 50146955,
"UA": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)",
"Uri": "/home.html?user=\u0026password=\u0026action!login:cantLogin%3Cscript%3Ealert(1344)%3C/script%3E=AppScan"
}
],
"RetCode": 0,
"TotalCount": 1
}