Splunk for PingIntelligence captures attack data.
The attack event captures the components listed in the following table:
| Field | Description |
|---|---|
| timestamp |
epoch timestamp |
| protocol |
HTTP(s) /Websocket (ws) |
| attack_id |
PingIntelligence attack ID |
| description |
Description of the attack. |
| attack_bucket |
Attack on an API or a DDoS attack. |
| attack_scope |
Single or multiple APIs. |
| attacked_api |
Name of the API. In case of multiple APIs, MULTI_API is reported. |
| attack_identifier_type |
Username, API Key, OAuth token, Cookie, or IP address. |
| attack_key |
Details of APIKEY or Cookie. |
| attack_value |
Value of the client identifier. |