SoftLayer Container Network IntrusionProtection Event

From SoftLayer Development Network Wiki

Contents 1 Overview 2 Local Properties 2.1 CVEId 2.2 actionTaken 2.3 attackCount 2.4 attackLongDescription 2.5 attackName 2.6 beginTime 2.7 bugtraqId 2.8 classification 2.9 destinationIpAddress 2.10 destinationPort 2.11 endTime 2.12 platform 2.13 protocol 2.14 severity 2.15 signatureId 2.16 sourceIpAddress 2.17 sourcePort

Overview

The IntrusionProtection_Event object stores information about individual intrusion protection events.

It is a data container that cannot be edited, deleted, or saved.

It is returned by many methods in the TippingPointReporting object, but never directly, always as a child of another container object.

Warning! Even though our API is object based, XML-RPC can only return data as array values. The SOAP implementation treats data as object properties.

Local Properties

CVEId

The CVE ID(s), if any, associated with this attack signature.

• Type: string

---

actionTaken

The action that was taken when this attack was discovered. Can be either "Block" or "Permit"

• Type: string

---

attackCount

The number of attacks in this block. Attacks are grouped differently based on the query performed on the tippingPointReporting object.

• Type: integer

---

attackLongDescription

Long description of the attack. May contain links to more information

• Type: string

---

attackName

Name of the attack

• Type: string

---

beginTime

The starting timestamp of the attack recorded, in Y-m-d H:i:s format. May not be set, depending on the type of query performed.

• Type: string

---

bugtraqId

The BugTraq ID(s), if any, associated with this attack signature.

• Type: string

---

classification

The human-readable classification of the attack

• Type: string

---

destinationIpAddress

The IP Address (as a dotted decimal string) of the machine that was the target of the attack

• Type: string

---

destinationPort

The port the attack was directed at

• Type: integer

---

endTime

The ending timestamp of the attack recorded, in Y-m-d H:i:s format. May not be set, depending on the type of query performed.

• Type: string

---

platform

The platform affected by the attack

• Type: string

---

protocol

The protocol used in the attack

• Type: string

---

severity

The human-readable severity of this attack, from "Low" to "Critical"

• Type: string

---

signatureId

Unique ID of the "Signature" in question. The signature determines the type of attack recorded. SignatureId is used in the drillDown function on the TippingPointReporting service

• Type: string

---

sourceIpAddress

The IP Address (as a dotted decimal string) of the machine originating the attack

• Type: string

---

sourcePort

The port the attack originated from

• Type: integer