WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.
Identifies up to the top 10 events for a particular event log field. It returns a list of these events stored in descending order of frequency.
This endpoint only supports JSON.
A request to retrieve a list of the most frequent events for the specified field is described below.
HTTP Method | Request URI |
---|---|
GET |
https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/eventlogs/top?field=Field&start_time=StartDateTime&end_time=EndDateTime&page_size=ItemsPerPage |
Define the following terms when submitting the above request:
VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). | Description |
---|---|
Required |
|
Required |
Replace this variable with the name of the desired field. Use the Get Available Event Log Fields (WAF) endpoint to retrieve a list of the available fields. Fields & 500 Internal Server Error
Invalid syntax may generate a 500 Internal Server Error. Avoid the following syntax issues:
|
Required |
Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report. Format:YYYY-MM-DDThh:mm:ss Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used. |
Required |
Replace this variable with the end date/time for the report. Activity that took place after the specified date/time will not be included in the report. Format:YYYY-MM-DDThh:mm:ss Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used. |
Replace this variable with the number of log events that may be included on each page. Key information:
|
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Request body parameters are not required by this endpoint.
The response to the above request includes an HTTP status code, response headers, and a response body.
This endpoint only supports JSON.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following response parameters:
Name | Data Type | Description |
---|---|---|
total |
Integer |
Indicates the total number of events that occurred during the specified time period. |
signature Deprecated |
Array |
This response parameter contains a list of the most frequent events for the field specified in the request. Key information:
|
count Deprecated |
Integer |
signature array Indicates the total number of events that were:
|
term Deprecated |
String |
signature array Indicates a unique value for the field defined in the request (i.e., ?field=Field) |
time_to |
Number floating-point |
Indicates the report's end date/time, in seconds, using Unix time. Sample value: 1414022400.0
|
time_from |
Number floating-point |
Indicates the report's start date/time, in seconds, using Unix time. Sample value: 1414022400.0
|
anomaly |
Array Objects |
This response parameter contains a list of the most frequent events for the field specified in the request. Key information:
|
count |
Integer |
anomaly object Indicates the total number of events that were:
|
term |
String |
anomaly object Indicates a unique value for the field defined in the request (i.e., ?field=Field) |
results |
Array Objects |
This response parameter contains a list of the most frequent events for the field specified in the request. Key information:
|
count |
Integer |
results array Indicates the total number of events that were:
|
term |
String |
results array Indicates a unique value for the field defined in the request (i.e., ?field=Field) |
The response body for an unsuccessful request will contain an error response that provides additional information.
A sample JSON request is shown below.
GET https://api.transactcdn.com/v2/mcc/customers/0001/waf/eventlogs/top?field=Host&start_time=2022-01-20&end_time=2022-01-21 HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Host:api.transactcdn.com
A sample JSON response is shown below.
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 382
{ "total" : 15112, "signature" : [{ "count" : 15111, "term" : "www.example.com" }, { "count" : 1, "term" : "www.example.com:443" } ], "time_to" : 1414022400.0, "time_from" : 1413936000.0, "anomaly" : [], "results" : [{ "count" : 15111, "term" : "www.example.com" }, { "count" : 1, "term" : "www.example.com:443" } ] }