Report security connector event details

post https://{hostname}/etp-report/v3/configs/{configId}/sinkhole-events/details

Lists Security Connector events for a given time period.

Responses

Response body

array of objects

object

configId

integer

required

≥ 0

The contract ID for the request.

correlated

boolean

Whether a related sinkhole event exists.

correlatedDnsEvent

object

Nested instances of the same site object.

Has additional fields

decryptedMachineName

string

length ≥ 1

Decrypted name of the machine assigned to the request.

decryptedSourceIP

string

IP of the source machine in decrypted form for the event.

decryptedSourceIp

string

Source IP address in decrypted format of the machine assigned with the request.

description

string

Describes the connector event.

destinationIp

string

IP of the destination machine.

destinationPort

integer

≥ 0

Destination TCP/UDP Port.

dropFlag

boolean

Indicates if traffic was dropped by HTTP Forwarder. Either true or false. Set to false if the transaction is successful.

encryptedMachineName

string

length ≥ 1

Encrypted name of the machine assigned to the request.

encryptedSourceIP

string

IP of the source machine in encrypted form for the event.

encryptedSourceIp

string

Source IP address in encrypted format of the machine assigned with the request.

eventId

string

length ≥ 1

Unique ID of the event captured by the security connector.

eventTime

date-time

ISO 8601 timestamp marking the event detection time.

hfRedirectType

string

The redirect type for the event.

hitCount

integer

≥ 0

Number of repeated traffic requests made to security connector from a host, within a time frame.

hostname

string

required

Hostname header/SNI host of the destination host.

internalIP

string

Affected or compromised machine IP.

l4Protocol

string

required

length ≥ 1

The L4 protocol.

l7Protocol

string

Application layer protocol used to communicate with the security connector. Either DNS, HTTP, or HTTPS.

DNS HTTP HTTPS

machineNames

array of strings

length ≥ 0

Hostname of the infected machine.

machineNames

proxyMode

string

The proxy type for HTTP forwarder. Possible values include HTTP-Explicit and HTTP-Transparent.

HTTP-Explicit HTTP-Transparent

redirectType

string

length ≥ 1

Indicates how a request was sent to the security connector. For example: HTTP-Explicit.

requestId

string

Unique identifier of the request for the event.

sinkholeIP

string

IP of the security connector.

sinkholeId

string

required

length ≥ 1

Unique ID of the security connector.

sinkholeName

string

required

length ≥ 1

The unique security connector name.

sourceIp

string

IP address of the machine where the event originated.

sourcePort

integer

≥ 0

Source TCP/UDP Port.

status

string

Indicates why traffic was dropped by HTTP Forwarder and any error that occurred.

statusCode

string

Response code for requests. Only applies to requests directed to HTTP Forwarder.

url

string

length ≥ 1

URL when applicable.

userAgent

string

length ≥ 1

User-agent string for HTTP-based traffic with details about the end user's browser and system.

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://hostname/etp-report/v3/configs/configId/sinkhole-events/details \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

application/problem+json

200Successful response.

400Bad Request.

403Access forbidden.

404Configuration not Found.