The following table lists the REST API attacks detected using an IP address as the client identifier. The attacks can be on a single API or across APIs

Attack Type Description id Single or Across APIs
Data Exfiltration Attack Data is being extracted via a REST API service. 1 Single API

Single Client Login Attack Type 1

Login service attacked by a bot or rogue client.

2 Single API
Multi-Client Login Attack

Login service is under DDoS attack by bots.

3 Single API
API Memory Attack Type 1 Flooding of an API service with data or code. 5 Single API
API Memory Attack Type 2 6 Single API
API Probing Replay Attack Probing or breach attempts on an API service – also called fuzzing. 8 Single API
API DDoS Attack Type 1 A DDoS or distributed attack is disrupting an API service. 9 Single API
Extreme Client Activity Attack Extreme client request activity on an API service. 10 Single API
Extreme App Activity Extreme App Activity may indicate an injection or other CPU intensive attack. 11 Single API

API DoS Attack

Client (IP) sending high volumes of requests to overload application services 12 Single API

API DDoS Attack Type 2

Multiple clients (IP botnet) sending high volume traffic to overload the API service 13 Single API
Data Deletion Excessive data deletion activity on an API service. 14 Single API
Data Poisoning Extreme create or update activity received on an API service. 15 Single API
API Probing Replay Type 2 Probing an API service over an extended time period - IP 20 Across APIs
Data Exfiltration Attack Type 2 Data is being extracted via a REST API service over an extended time period. 21 Single API
Excessive Client Connections
Note: The Excessive Client Connections attack type is disabled by default. For more information, see REST API attack types.
Client is establishing an excessive number of TCP connections. 24 Across APIs
Content Scraping Type 1 Client abnormally accessing API content. 27 Across APIs
Content Scraping Type 2 Client abnormally accessing API content over an extended time period 28 Single API
Unauthorized client attack Client without a token or cookie is probing an API service. 29 Single API
Single Client Login Attack Type 2 Login service attacked by a bot or rogue client over an extended time period 30 Across APIs
Header Manipulation Probing an API using malicious headers 37 Single API
Query Manipulation Attack Modifying query string to inject malicious content or impact API service 41 Single API