PingIntelligence

Types of data captured

Splunk for PingIntelligence captures attack data.

The attack event captures the components listed in the following table:

Field Description

timestamp

epoch timestamp

protocol

HTTP(s) /Websocket (ws)

attack_id

PingIntelligence attack ID

description

Description of the attack.

attack_bucket

Attack on an API or a DDoS attack.

attack_scope

Single or multiple APIs.

attacked_api

Name of the API. In case of multiple APIs, MULTI_API is reported.

attack_identifier_type

Username, API Key, OAuth token, Cookie, or IP address.

attack_key

Details of APIKEY or Cookie.

attack_value

Value of the client identifier.