Types of data captured

Splunk for PingIntelligence captures attack data. The attack event captures the components listed in the following table:

Field	Description
timestamp	epoch timestamp
protocol	HTTP(s) /Websocket (ws)
attack_id	PingIntelligence Attack ID
description	Description of the attack
attack_bucket	Attack on an API or a DDoS attack
attack_scope	Single or multiple APIs
attacked_api	Name of the API. In case of multiple API, MULTI_API is reported
attack_identifier_type	Username, API Key, OAuth token, Cookie, or IP address
attack_key	Details of APIKEY or Cookie
attack_value	Value of the client identifier.

Field

Description

timestamp

epoch timestamp

protocol

HTTP(s) /Websocket (ws)

attack_id

PingIntelligence Attack ID

description

Description of the attack

attack_bucket

Attack on an API or a DDoS attack

attack_scope

Single or multiple APIs

attacked_api

Name of the API. In case of multiple API, MULTI_API is reported

attack_identifier_type

Username, API Key, OAuth token, Cookie, or IP address

attack_key

Details of APIKEY or Cookie

attack_value

Value of the client identifier.