Qodex.ai

Report threat event details

POST https://{{host}}/etp-report/v3/configs/:configId/threat-events/details

Provides all threat events records with detailed information.

Request Params

KeyDatatypeRequiredDescription
accountSwitchKeystring(Optional) For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Request Body

{"endTimeSec"=>1589965237, "orderBy"=>"DESC", "pageNumber"=>1, "pageSize"=>5, "startTimeSec"=>1587459637}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{"dataRows":[{"configId":"1041","event":{"actionId":"6","actionName":"Classify","categoryId":"24","categoryName":"24","clientRequestId":"00019749","confidenceId":"-1","confidenceName":"Unknown","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2023-05-22T02:16:34Z","hitCount":1,"hostname":"lax4.company.com","internalIP":"192.0.2.57","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.114","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2023-05-26T06:34:53Z","detectionType":"inline","internalClientIP":"N/A","listId":"24","listName":"24","onRamp":"Yes","onrampType":"etp-client","policyEvaluationSource":"dns","policyId":"38307","policyName":"E2E-CML-stage","reason":"Akamai Intelligence (DNS)","severityId":0,"severityLevel":"Unclassified","siteId":"51284","siteName":"LAX-LAB2","threatId":2000,"threatName":"AUP","trigger":"domain"},"id":"0","l7Protocol":"DNS","query":{"clientIp":"192.0.2.61","deviceId":"c37a4c4e-a7cd-400f-820d-b82762c52975","deviceName":"LAX-USER4","dnsIp":"192.0.2.51","domain":"la4.company.com.","queryType":"A","resolved":[{"asn":"14340","asname":"N/A","response":"192.0.2.207","type":"A"},{"asn":"14340","asname":"N/A","response":"192.0.2.106","type":"A"},{"asn":"14340","asname":"N/A","response":"192.0.2.214","type":"A"}],"time":"2023-05-26T06:34:53Z","uuid":"1a2b3c4d-1590474893-46281-35384"}},{"configId":"1041","event":{"actionId":"6","actionName":"Classify","categoryId":"24","categoryName":"24","clientRequestId":"00019748","confidenceId":"-1","confidenceName":"Unknown","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2023-05-22T02:16:34Z","hitCount":1,"hostname":"labs.company.com","internalIP":"192.0.2.25","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.13","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2023-05-26T06:34:52Z","detectionType":"inline","internalClientIP":"N/A","listId":"24","listName":"24","onRamp":"Yes","onrampType":"SIA-client","policyEvaluationSource":"dns","policyId":"38307","policyName":"labs","reason":"Akamai Intelligence (DNS)","severityId":0,"severityLevel":"Unclassified","siteId":"51284","siteName":"LAX LAB site","threatId":2000,"threatName":"AUP","trigger":"domain"},"id":"1","l7Protocol":"DNS","query":{"clientIp":"192.0.2.193","deviceId":"c37a4c4e-a7cd-400f-820d-b82762c52975","deviceName":"LAX-LAB5","dnsIp":"192.0.2.175","domain":"teams.microsoft.com.","queryType":"A","resolved":[{"asn":"8068","asname":"N/A","response":"192.0.2.141","type":"A"}],"time":"2023-05-26T06:34:52Z","uuid":"3h9g0235-1590474892-14345-62675"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"1","categoryName":"Malware","clientRequestId":"","confidenceId":"2","confidenceName":"Known","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976-ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2023-05-22T02:16:34Z","hitCount":1,"hostname":"lab2.company.com","internalIP":"192.0.2.59","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.141","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2023-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"1","listName":"Malware","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":2,"severityLevel":"High","siteId":"-1","siteName":"Unidentified IPs","threatId":5070,"threatName":"Known Malware","trigger":"domain"},"id":"2","l7Protocol":"DNS","query":{"clientIp":"192.0.2.88","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.3","domain":"1590449691.akamaisiamalwarestage.com.","queryType":"AAAA","resolved":[{"asn":"N/A","asname":"N/A","response":"N/A","type":"N/A"}],"time":"2023-05-26T06:34:51Z","uuid":"kefng73-1590474891-6340-2976"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"1","categoryName":"Malware","clientRequestId":"","confidenceId":"2","confidenceName":"Known","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2023-05-22T02:16:34Z","hitCount":1,"hostname":"akamaisiacncstage.com","internalIP":"192.0.2.93","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.168","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS_SINKHOLE","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2023-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"1","listName":"Malware","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":2,"severityLevel":"High","siteId":"-1","siteName":"Unidentified IPs","threatId":5070,"threatName":"Known Malware","trigger":"domain"},"id":"3","l7Protocol":"DNS","query":{"clientIp":"192.0.2.28","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.108","domain":"1590449691.akamaisiamalwarestage.com.","queryType":"A","resolved":[{"asn":"14618","asname":"aws","response":"192.0.2.163","type":"A"}],"time":"2023-05-26T06:34:51Z","uuid":"198.18.193.241-198.18.179.134-1590474891-42367-7406"}},{"configId":"1041","event":{"actionId":"1","actionName":"Monitor","categoryId":"5","categoryName":"DNS Exfiltration","clientRequestId":"","confidenceId":"1","confidenceName":"Suspected","correlatedSinkholeEvents":[{"configId":1041,"destinationPort":80,"eventId":"1590113794976#ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11#28301","eventTime":"2023-05-22T02:16:34Z","hitCount":1,"hostname":"lax-lab3.company.com","internalIP":"192.0.2.138","l4Protocol":"TCP","l7Protocol":"HTTP","machineNames":["N/A"],"sinkholeIP":"192.0.2.253","sinkholeId":"ac4bde1e-7d3d-4ff5-9cf8-772df0b1ce11","sinkholeName":"SIA_DNS","sourcePort":48022,"url":"/","userAgent":"curl/7.47.0"}],"description":"None","detectionTime":"2023-05-26T06:34:51Z","detectionType":"inline","internalClientIP":"N/A","listId":"4","listName":"DNS Exfiltration","onRamp":"No","onrampType":"","policyEvaluationSource":"dns","policyId":"2240","policyName":"Default","reason":"Akamai Intelligence (DNS)","severityId":4,"severityLevel":"Low","siteId":"-1","siteName":"Unidentified IPs","threatId":5135,"threatName":"Suspected DNS tunneling","trigger":"domain"},"id":"4","l7Protocol":"DNS","query":{"clientIp":"192.0.2.170","deviceId":"N/A","deviceName":"Not Available","dnsIp":"192.0.2.117","domain":"1590449691.akamaisiamalwarestage.com.e2e-sia.org.","queryType":"AAAA","resolved":[{"asn":"N/A","asname":"N/A","response":"N/A","type":"N/A"}],"time":"2023-05-26T06:34:51Z","uuid":"198.18.193.241-198.18.179.134-1590474891-5081-49572"}}],"pageInfo":{"pageNumber":1,"pageSize":5,"totalRecords":97913}}