Qodex.ai

Report AUP event details

POST https://{{host}}/etp-report/v3/configs/:configId/aup-events/details

Provides all threat events record details for a given time period.

Request Params

KeyDatatypeRequiredDescription
accountSwitchKeystring(Optional) For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Request Body

{"endTimeSec"=>1589965237, "orderBy"=>"DESC", "pageNumber"=>1, "pageSize"=>5, "startTimeSec"=>1587459637}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{"dataRows":[{"configId":"1041","event":{"actionId":"6","actionName":"Classify","categoryId":"24","categoryName":"24","clientRequestId":"00019749","confidenceId":"-1","confidenceName":"Unknown","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2020-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacnc.com","internalIP":"192.0.2.0","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.222","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2020-05-26T06:34:53Z","detectionType":"inline","internalClientIP":"N/A","listId":"24","listName":"24","onRamp":"Yes","onrampType":"etp-client","policyEvaluationSource":"dns","policyId":"38307","policyName":"E2E-CML","reason":"Akamai Intelligence (DNS)","severityId":0,"severityLevel":"Unclassified","siteId":"51284","siteName":"E2E WIN 174.232 site","threatId":2000,"threatName":"AUP","trigger":"domain"},"id":"0","l7Protocol":"DNS","query":{"clientIp":"192.0.2.109","deviceId":"c37a4c4e-a7cd-400f-820d-b82762c52975","deviceName":"BOS-WPX5E","dnsIp":"192.0.2.151","domain":"d.la1-c2-ia4.salesforceliveagent.com.","queryType":"A","resolved":[{"asn":"14340","asname":"N/A","response":"192.0.2.62","type":"A"},{"asn":"14340","asname":"N/A","response":"192.0.2.178","type":"A"},{"asn":"14340","asname":"N/A","response":"192.0.2.183","type":"A"}],"time":"2020-05-26T06:34:53Z","uuid":"198.18.193.241-198.18.193.228-1590474893-46281-35384"}},{"configId":"1041","event":{"actionId":"6","actionName":"Classify","categoryId":"24","categoryName":"24","clientRequestId":"00019748","confidenceId":"-1","confidenceName":"Unknown","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2020-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacnc.com","internalIP":"192.0.2.165","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.251","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2020-05-26T06:34:52Z","detectionType":"inline","internalClientIP":"N/A","listId":"24","listName":"24","onRamp":"Yes","onrampType":"etp-client","policyEvaluationSource":"dns","policyId":"38307","policyName":"E2E-CML","reason":"Akamai Intelligence (DNS)","severityId":0,"severityLevel":"Unclassified","siteId":"51284","siteName":"E2E WIN 174.232 site","threatId":2000,"threatName":"AUP","trigger":"domain"},"id":"1","l7Protocol":"DNS","query":{"clientIp":"192.0.2.171","deviceId":"c37a4c4e-a7cd-400f-820d-b82762c52975","deviceName":"BOS-WPX5E","dnsIp":"192.0.2.1","domain":"teams.microsoft.com.","queryType":"A","resolved":[{"asn":"8068","asname":"N/A","response":"192.0.2.102","type":"A"}],"time":"2020-05-26T06:34:52Z","uuid":"198.18.193.241-198.18.193.228-1590474892-14345-62675"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"1","categoryName":"Malware","clientRequestId":"","confidenceId":"2","confidenceName":"Known","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2020-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacnc.com","internalIP":"192.0.2.124","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.132","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2020-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"1","listName":"Malware","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":2,"severityLevel":"High","siteId":"-1","siteName":"Unidentified IPs","threatId":5070,"threatName":"Known Malware","trigger":"domain"},"id":"2","l7Protocol":"DNS","query":{"clientIp":"192.0.2.104","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.231","domain":"1590449691.akamaisiamalware.com.","queryType":"AAAA","resolved":[{"asn":"N/A","asname":"N/A","response":"N/A","type":"N/A"}],"time":"2020-05-26T06:34:51Z","uuid":"198.18.193.241-198.18.179.134-1590474891-6340-2976"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"1","categoryName":"Malware","clientRequestId":"","confidenceId":"2","confidenceName":"Known","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2020-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacnc.com","internalIP":"192.0.2.136","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.176","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2020-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"1","listName":"Malware","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":2,"severityLevel":"High","siteId":"-1","siteName":"Unidentified IPs","threatId":5070,"threatName":"Known Malware","trigger":"domain"},"id":"3","l7Protocol":"DNS","query":{"clientIp":"192.0.2.149","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.94","domain":"1590449691.akamaisiamalware.com.","queryType":"A","resolved":[{"asn":"14618","asname":"aws","response":"192.0.2.33","type":"A"}],"time":"2020-05-26T06:34:51Z","uuid":"198.18.193.241-198.18.179.134-1590474891-42367-7406"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"5","categoryName":"DNS Exfiltration","clientRequestId":"","confidenceId":"1","confidenceName":"Suspected","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2020-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacnc.com","internalIP":"192.0.2.165","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.207","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2020-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"4","listName":"DNS Exfiltration","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":4,"severityLevel":"Low","siteId":"-1","siteName":"Unidentified IPs","threatId":5135,"threatName":"Suspected DNS tunneling","trigger":"domain"},"id":"4","l7Protocol":"DNS","query":{"clientIp":"192.0.2.132","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.240","domain":"1590449691.akamaisiamalware.com.e2e-sia.org.","queryType":"AAAA","resolved":[{"asn":"N/A","asname":"N/A","response":"N/A","type":"N/A"}],"time":"2020-05-26T06:34:51Z","uuid":"198.18.193.241-198.18.179.134-1590474891-5081-49572"}}],"pageInfo":{"pageNumber":1,"pageSize":5,"totalRecords":97913}}