Page created: 6 Nov 2020
|
Page updated: 12 May 2021
Splunk for PingIntelligence captures attack data. The attack event captures the components
listed in the following table:
Field | Description |
timestamp | epoch timestamp |
protocol | HTTP(s) /Websocket (ws) |
attack_id | PingIntelligence Attack ID |
description | Description of the attack |
attack_bucket | Attack on an API or a DDoS attack |
attack_scope | Single or multiple APIs |
attacked_api | Name of the API. In case of multiple API, MULTI_API is reported |
attack_identifier_type | Username, API Key, OAuth token, Cookie, or IP address |
attack_key | Details of APIKEY or Cookie |
attack_value | Value of the client identifier. |