Splunk for PingIntelligence captures attack data. The attack event captures the components listed in the following table:

Field Description
timestamp epoch timestamp
protocol HTTP(s) /Websocket (ws)
attack_id PingIntelligence Attack ID
description Description of the attack
attack_bucket Attack on an API or a DDoS attack
attack_scope Single or multiple APIs
attacked_api Name of the API. In case of multiple API, MULTI_API is reported
attack_identifier_type Username, API Key, OAuth token, Cookie, or IP address
attack_key Details of APIKEY or Cookie
attack_value Value of the client identifier.