Types of data captured

Splunk for PingIntelligence captures attack data.

The attack event captures the components listed in the following table:

Field	Description
timestamp	epoch timestamp
protocol	HTTP(s) /Websocket (ws)
attack_id	PingIntelligence attack ID
description	Description of the attack.
attack_bucket	Attack on an API or a DDoS attack.
attack_scope	Single or multiple APIs.
attacked_api	Name of the API. In case of multiple APIs, MULTI_API is reported.
attack_identifier_type	Username, API Key, OAuth token, Cookie, or IP address.
attack_key	Details of APIKEY or Cookie.
attack_value	Value of the client identifier.

Field

Description

timestamp

epoch timestamp

protocol

HTTP(s) /Websocket (ws)

attack_id

PingIntelligence attack ID

description

Description of the attack.

attack_bucket

Attack on an API or a DDoS attack.

attack_scope

Single or multiple APIs.

attacked_api

Name of the API. In case of multiple APIs, MULTI_API is reported.

attack_identifier_type

Username, API Key, OAuth token, Cookie, or IP address.

attack_key

Details of APIKEY or Cookie.

attack_value

Value of the client identifier.