Malicious Clients
List all malicious clients
Request
Definition
GET /api/v1/alerts/{alert_id}/clients
Headers
-
AuthorizationrequiredAuthentication token with privileges to view the resource.
Bearer {token}
Query string parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
paginate | boolean | Yes | If the result must be paginated. |
page | integer | Yes if paginate is true | Page index. |
page_size | integer | Yes if paginate is true | Number of items displayed per page. |
client_address | string | No | Filters malicious clients whose IP address matches the one entered. |
client_address_list | array<string> | No | Filters results whose IP address matches at least one list item. |
continent | string | No | Filters malicious clients whose continent of origin matches the one entered. |
country | string | No | Filters malicious clients whose country of origin matches the one entered. |
city | string | No | Filters malicious clients whose city of origin matches the one entered. |
latitude | string | No | Filters malicious clients whose latitude matches the one entered. |
longitude | string | No | Filters malicious clients whose longitude matches the one entered. |
clouds | object | No | Filters malicious clients that are nodes in the known researched cloud network. |
tor | Boolean | No | Filters malicious clients whose tor field matches the one entered. |
crawlers | object | No | Filters malicious clients whose crawlers field matches the value being searched for. |
risk | string | No | Filters malicious clients whose risk level matches the one entered. |
as_number | integer | No | Filters a malicious client whose as_number field matches the one entered. |
as_organization | string | No | Filters a malicious client whose as_organization field matches the one entered. |
Response
Status codes
| Status code | Message |
|---|---|
| 200 | "List of malicious clients" |
| 400 | "Error with pagination fields" |
| 400 | "Generic error" |
| 403 | "Forbidden" |
Body
- Attributes
- Example
-
data.malicious_clients.client_addressstringMalicious client IP address.
-
data.malicious_clients.blacklistsobjectBlacklists which client is part of.
-
data.malicious_clients.citystringCity where client is located.
-
data.malicious_clients.continentstringContinent where client is located.
-
data.malicious_clients.countrystringCountry where client is located.
-
data.malicious_clients.latitudestringLatitude where client is located.
-
data.malicious_clients.longitudestringLongitude where client is located.
-
data.malicious_clients.torbooleanIndicates whether the client is a node in the TOR network.
-
data.malicious_clients.crawlersstring,Indicates whether the client is identified as crawler.
-
data.malicious_clients.cloudsobjectIndicates whether the client is a node in a known cloud network.
-
data.malicious_clients.riskstringString that describes a client's risk level.
-
data.malicious_clients.as_numberintegerNumber of the Autonomous System to which the client belongs.
-
data.malicious_clients.as_organizationstringName of Autonomous System to which the client belongs.
-
data.malicious_clients.additional_infoobjectSome client's additional informations.
{
"data": {
"malicious_clients": [
{
"additional_info": {
"info": "additional info"
},
"as_number": 1234,
"as_organization": "pluribus_one",
"blacklists": {
"blacklist": "list"
},
"city": "Rome",
"clouds": {},
"continent": "Europe",
"country": "IT",
"crawlers": "crawler",
"client_address": "10.9.3.1",
"latitude": "1.23467",
"longitude": "1.2334",
"risk": "High",
"tor": false
}
]
},
"message": "List of malicious clients",
"pagination": {
"first": 1,
"last": 1,
"page": 0,
"total_count": 1,
"total_pages": 1
},
"status": "ok"
}