The following shows how to generate the security-analytics-aap-attacks report using either the Reporting API's Generate a report POST operation or the Get a cacheable report GET operation. Details about each report's supported products, metrics, filters, and available data intervals are also available dynamically by running the API's Get a report type operation, also shown below. See also other available reports.
Report definition
This report shows spikes in denial-of-service (DoS) attack traffic and traffic that attacks web applications.
Business object: accountId
Data available for: 90 days
Available metrics
| Metric | Description |
|---|---|
| Data metrics | |
averageRequestsPerSec | Average number of requests per second. |
duration | Total duration of attack expressed as a human-readable string. |
endTime | Date and time the attack ended in ISO-8601 timestamp format with a UTC offset. |
startTime | Date and time of attack started in ISO-8601 timestamp format with a UTC offset. |
type | The type of attack which is either DOS or WAF. |
Available filters
| Filter | Type | Description |
|---|---|---|
| Optional filters | ||
hostname | String | Hostname associated with your security configuration. |
POST request
POST /reporting-api/v1/reports/security-analytics-aap-attacks/versions/1/report-data{?start,end}
Sample: /reporting-api/v1/reports/security-analytics-aap-attacks/versions/1/report-data?start=2026-02-01T00%3A00%3A00Z&end=2026-03-01T00%3A00%3A00Z
Query parameters
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Required | |||
start | String | 2026-02-01T00:00:00Z | Specifies the start of the reported period as an ISO-8601 timestamp with optional time zone. The report includes data that matches the start value’s timestamp. |
end | String | 2026-03-01T00:00:00Z | Specifies the end of the reported period as an ISO-8601 timestamp with optional time zone. The report excludes any data that matches the end value’s timestamp. |
JSON request members
| Member | Type | Description |
|---|---|---|
objectIds | Array | Specifies the set of accountId values you want to report on. |
objectIds | Enumeration | As an alternative to an array of ID values, specify all as a string for unfiltered data. Either way, objectIds is required. |
metrics | Array | The set of desired metrics. If omitted, the report includes all available metrics. |
filters | Map of Arrays | Specifies a set of custom filters, with each filter's name keying an array with each filter's set of values. |
Request body:
{
"objectIds": [
"1111",
"1122",
"2222",
"2233"
],
"metrics": [
"averageRequestsPerSec",
"duration",
"endTime",
"startTime",
"type"
],
"filters": {
"hostname": [
"www.example.com",
"img.example.com"
]
}
}GET request
GET /reporting-api/v1/reports/security-analytics-aap-attacks/versions/1/report-data{?start,end,objectIds,allObjectIds,metrics,filters}
Sample: /reporting-api/v1/reports/security-analytics-aap-attacks/versions/1/report-data?start=2026-02-01T00%3A00%3A00Z&end=2026-03-01T00%3A00%3A00Z&objectIds=1111,1122,2222,2233&metrics=averageRequestsPerSec%2Cduration&filters=hostname%3Dblog.example.com%2Chostname%3Dwww.example.com
Query parameters
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Required | |||
start | String | 2026-02-01T00:00:00Z | Specifies the start of the reported period as an ISO-8601 timestamp with optional time zone. The report includes data that matches the start value’s timestamp. |
end | String | 2026-03-01T00:00:00Z | Specifies the end of the reported period as an ISO-8601 timestamp with optional time zone. The report excludes any data that matches the end value’s timestamp. |
| Optional | |||
allObjectIds | Boolean | true | As an alternative to objectIds, enabling this generates a report that includes all IDs available for the accountId objectType. This parameter is ignored if the request also specifies a set of objectIds. |
objectIds | String | 1111,1122,2222,2233 | As an alternative to allObjectIds, specifies the set of unique IDs for the accountId objectType you want to report on, formatted as a comma-delimited list. |
metrics | String | averageRequestsPerSec,duration | Specifies a comma-separated list of metrics to include in the report, otherwise all metrics if omitted. The set of available metrics depends on the type of report. URL-encode the entire value in the GET request. |
filters | String | hostname=blog.example.com,hostname=www.example.com | Specifies criteria to filter the report’s data. The set of available filters depends on the type of report. Separate each filter name and value with an equals (=) character, and separate various name/value pairs with commas (,). To specify more than one filter value, repeat the filter name. See the accompanying example for guidance. URL-encode the entire value in the GET request. |
JSON response
Status 200 application/json
Response body:
{
"metadata": {
"name": "security-analytics-aap-attacks",
"version": "1",
"outputType": "FLAT",
"start": "2026-02-01T00:00:00Z",
"end": "2026-03-01T00:00:00Z",
"availableDataEnds": null,
"suggestedRetryTime": null,
"rowCount": 4,
"filters": [
{
"name": "hostname",
"values": [
"blog.example.com",
"img.example.com"
]
}
],
"columns": [
{
"name": "averageRequestsPerSec",
"label": "Average Requests Per Second"
},
{
"name": "duration",
"label": "Duration"
},
{
"name": "endTime",
"label": "End Time"
},
{
"name": "startTime",
"label": "Start Time"
},
{
"name": "type",
"label": "Attack type"
}
],
"objectType": "accountId",
"objectIds": [
"1111",
"1122",
"2222",
"2233"
]
},
"data": [
{
"averageRequestsPerSec": 2602,
"duration": "5 minutes",
"endTime": "2026-01-22 18:40:00 +00:00",
"startTime": "2026-01-22 18:35:00 +00:00",
"type": "DOS"
},
{
"averageRequestsPerSec": 2367,
"duration": "15 minutes",
"endTime": "2026-01-22 18:55:00 +00:00",
"startTime": "2026-01-22 18:40:00 +00:00",
"type": "WAF"
},
{
"averageRequestsPerSec": 2602,
"duration": "25 minutes",
"endTime": "2026-01-22 19:25:00 +00:00",
"startTime": "2026-01-22 19:00:00 +00:00",
"type": "DOS"
},
{
"averageRequestsPerSec": 2367,
"duration": "35 minutes",
"endTime": "2026-01-22 20:35:00 +00:00",
"startTime": "2026-01-22 20:00:00 +00:00",
"type": "WAF"
}
],
"summaryStatistics": {}
}Get report details
This sample Get a report type operation gets the same information you need to run the security-analytics-aap-attacks report as provided in this reference documentation, but available dynamically to your API client application.
GET /reporting-api/v1/reports/security-analytics-aap-attacks/versions/1
Status 200 application/json
Response body:
{
"name": "security-analytics-aap-attacks",
"description": "This report shows spikes in denial-of-service (DoS) attack traffic and traffic that attacks web applications.",
"businessObjectName": "accountId",
"version": 1,
"status": "PUBLISHED",
"deprecated": false,
"timeBased": false,
"supportsPagination": false,
"outputType": "FLAT",
"available": true,
"metrics": [
{
"name": "startTime",
"description": "Date and time of attack started in ISO-8601 timestamp format with a UTC offset.",
"label": "Start Time",
"unit": "STRING",
"summaryStatistic": false
},
{
"name": "endTime",
"description": "Date and time the attack ended in ISO-8601 timestamp format with a UTC offset.",
"label": "End Time",
"unit": "STRING",
"summaryStatistic": false
},
{
"name": "duration",
"description": "Total duration of attack expressed as a human-readable string.",
"label": "Duration",
"unit": "STRING",
"summaryStatistic": false
},
{
"name": "type",
"description": "The type of attack which is either DOS or WAF.",
"label": "Attack type",
"unit": "STRING",
"summaryStatistic": false
},
{
"name": "averageRequestsPerSec",
"description": "Average number of requests per second.",
"label": "Average Requests Per Second",
"unit": "COUNT",
"summaryStatistic": false
}
],
"groupOutlyingValues": {
"enabled": false
},
"filters": [
{
"name": "hostname",
"type": "string",
"description": "Hostname associated with your security configuration.",
"required": false
}
],
"intervals": [
"FIVE_MINUTES"
],
"dataRetentionDays": 90,
"links": [
{
"rel": "self",
"href": "/reporting-api/v1/reports/security-analytics-aap-attacks/versions/1"
},
{
"rel": "versions",
"href": "/reporting-api/v1/reports/security-analytics-aap-attacks/versions"
},
{
"rel": "all-reports",
"href": "/reporting-api/v1/reports"
},
{
"rel": "execute-report",
"href": "/reporting-api/v1/reports/security-analytics-aap-attacks/versions/1/report-data"
}
]
}