Report security connector event details

Lists Security Connector events for a given time period.

Path Params
integer
required

A unique identifier for each configuration.

Query Params
string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params
integer
required
≥ 0

The end time for report data, in epoch seconds.

object

Options to filter sinkhole events report data. Refer to Filters for complete details.

string

The order of event data, either ASC or DESC.

integer
≥ 0

The requested number of pages.

integer
≥ 0

The number of records in a given page.

integer
required
≥ 1

The start time for report data, in epoch seconds.

Responses

Response body
array of objects
object
integer
required
≥ 0

The contract ID for the request.

boolean

Whether a related sinkhole event exists.

object

Nested instances of the same site object.

Has additional fields
string
length ≥ 1

Decrypted name of the machine assigned to the request.

string

IP of the source machine in decrypted form for the event.

string

Source IP address in decrypted format of the machine assigned with the request.

string

Describes the connector event.

string

IP of the destination machine.

integer
≥ 0

Destination TCP/UDP Port.

boolean

Indicates if traffic was dropped by HTTP Forwarder. Either true or false. Set to false if the transaction is successful.

string
length ≥ 1

Encrypted name of the machine assigned to the request.

string

IP of the source machine in encrypted form for the event.

string

Source IP address in encrypted format of the machine assigned with the request.

string
length ≥ 1

Unique ID of the event captured by the security connector.

date-time

ISO 8601 timestamp marking the event detection time.

string

The redirect type for the event.

integer
≥ 0

Number of repeated traffic requests made to security connector from a host, within a time frame.

string
required

Hostname header/SNI host of the destination host.

string

Affected or compromised machine IP.

string
required
length ≥ 1

The L4 protocol.

string

Application layer protocol used to communicate with the security connector. Either DNS, HTTP, or HTTPS.

DNS HTTP HTTPS

array of strings

Hostname of the infected machine.

machineNames
string

The proxy type for HTTP forwarder. Possible values include HTTP-Explicit and HTTP-Transparent.

HTTP-Explicit HTTP-Transparent

string
length ≥ 1

Indicates how a request was sent to the security connector. For example: HTTP-Explicit.

string

Unique identifier of the request for the event.

string

IP of the security connector.

string
required
length ≥ 1

Unique ID of the security connector.

string
required
length ≥ 1

The unique security connector name.

string

IP address of the machine where the event originated.

integer
≥ 0

Source TCP/UDP Port.

string

Indicates why traffic was dropped by HTTP Forwarder and any error that occurred.

string

Response code for requests. Only applies to requests directed to HTTP Forwarder.

string
length ≥ 1

URL when applicable.

string
length ≥ 1

User-agent string for HTTP-based traffic with details about the end user's browser and system.

Language
Authentication
URL