Skip to main content

Malicious Transactions

List all malicious transactions

Request

Definition

GET /api/v1/alerts/{alert_id}/transactions

Headers

  • Authorization required

    Authentication token with privileges to view the resource.

    Bearer {token}

Query string parameters

ParameterTypeRequiredDescription
paginatebooleanYesIf the result must be paginated.
pageintegerYes if paginate is truePage index.
page_sizeintegerYes if paginate is trueNumber of items displayed per page.
timestamp_startintegerNoFilters malicious transactions performed after the specified date.
timestamp_endintegerNoFilters malicious transactions performed before the specified date.
client_address_listarray<string>NoFilters malicious transactions where the client address matches at least one item specified in the list.
last_hop_listarray<string>NoFilters the results where the last node traversed by the client matches one of the IP addresses in the list.
server_address_listarray<string>NoFilters malicious transactions where the server address matches at least one item specified in the list.
method_listarray<string>NoFilters malicious transactions that contain one of the methods in the list.
path_searchstringNoFilters malicious transactions whose request path matches all or part of the string entered.
protocol_version_liststringNoFilters malicious transactions where the protocol_version matches one of those in the list.
status_code_listobjectNoFilters malicious transactions where the status_code matches one of those in the list.
status_code_startbooleanNoFilters the results that contain a status code greater than or equal to the one entered.
status_code_endobjectNoFilters the results that contain a status code less than or equal to the one entered.
request_size_startstringNoDetermines the beginning of a range of integers to retrieve transactions whose request has a size contained in the range.
request_size_endintegerNoDetermines the end of a range of integers to retrieve transactions whose request has a size contained in the range.
response_size_startstringNoDetermines the beginning of a range of integers to retrieve transactions whose request has a size contained in the range.
response_size_endstringNoDetermines the end of a range of integers to retrieve transactions whose request has a size contained in the range.
rq_host_searchstringNoFilters transactions whose rq_host matches all or part of the string entered.
rq_host_listarray<string>NoFilters malicious transactions where rq_host matches one of the list items.
rq_user_agent_searchStringNoFilters malicious transactions where rq_user_agent matches all or part of the string entered.
rq_referer_searchStringNoFilters results whose Referer header matches all or part of the string entered.
rq_authorization_searchStringNoFilters malicious transactions where rq_authorization matches all or part of the string entered.
country_listarray<string>NoFilters malicious transactions where country_list matches one of the list items.
as_number_listarray<integer>NoFilters malicious transactions where as_number matches one of the list items.
traffic_source_listarray<string>NoFilters malicious transactions where traffic_source matches one of the list items.

Response

Status codes

Status codeMessage
200"List of transactions"
400"Error with pagination fields"
400"Error retrieving transactions."
403"Forbidden"

Body

  • data.transactions.alert_id string

    Alert ID.

  • data.transactions.timestamp integer

    Date and time when the transaction took place in UNIX format (microseconds).

  • data.transactions.protocol_version string

    Protocol version used to perform transaction.

  • data.transactions.id string

    Transaction ID.

  • data.transactions.rq_host string

    Host header specified in the request.

  • data.transactions.request_body string

    Request body.

  • data.transactions.rq_headers object

    Request headers.

  • data.transactions.method string

    Request method.

  • data.transactions.response_body string,

    Response body.

  • data.transactions.network string

    Network of which the client IP address that performed request is part.

  • data.transactions.city string

    City where the client that performed the request is located.

  • data.transactions.latitude string

    Latitude where client that performed the request is located.

  • data.transactions.response_size integer

    Response data dimension.

  • data.transactions.traffic_source string

    Traffic source that processed the request.

  • data.transactions.request_size integer

    Request data dimension.

  • data.transactions.rq_cookie array<array<string>>

    Request cookies.

  • data.transactions.server_address string

    Server that processed the transaction.

  • data.transactions.rq_user_agent string

    Request user agent.

  • data.transactions.path string

    Path to which the request was sent.

  • data.transactions.rq_authorization string

    Request authorizations.

  • data.transactions.alert_set_id string

    Alert set ID.

  • data.transactions.last_hop string

    Identifies the last node traversed by the client that made the request before reaching the server.

  • data.transactions.continent string

    Continent where the client is located.

  • data.transactions.timestamp_human string

    Transaction date in a user-friendly format.

  • data.transactions.server_port integer

    Port of server that processed the request.

  • data.transactions.longitude string

    Longitude where the client is located.

  • data.transactions.parameters array<array<string>>

    Request query string parameters.

  • data.transactions.country string

    Country where the client is located.

  • data.transactions.status_code integer

    Response status code.

  • data.transactions.as_organization string

    Name of the Autonomous System associated with the client that made the request.

  • data.transactions.rp_headers object

    Response headers.

  • data.transactions.rq_referer string

    Referer header in the request.

  • data.transactions.as_number integer

    Number of the Autonomous System associated with the client that made the request.

  • data.transactions.client_address string

    Client IP address.

  • data.transactions.last_hop_port integer

    Identifies the port of the last node traversed by the client that made the request before reaching the server.

  • data.transactions.state string

    State where client is located.