ves-io-schema-app_security-AppSecurityMonitoringAPI-SuspiciousUserLogsQuery

Examples of performing app_security AppSecurityMonitoringAPI SuspiciousUserLogsQuery

Usecase:

Suspicious user logs for virtual host vhost1 in namespace ns1

Request:

Request using vesctl:

vesctl request rpc app_security.AppSecurityMonitoringAPI.SuspiciousUserLogsQuery -i request.yaml --uri /public/namespaces/ns1/app_security/suspicious_user_logs --http-method POST

where file request.yaml has following contents:

aggs:
  date_histogram:
    dateAggregation:
      step: 1h
endTime: "1591131600"
query: '{vh_name="vhost1"}'
startTime: "1591120800"

vesctl yaml response:

aggs: {}
logs: []

Request using curl:

curl -X 'POST' -d '{"query":"{vh_name="vhost1"}","startTime":"1591120800","endTime":"1591131600","aggs":{"date_histogram":{"dateAggregation":{"step":"1h"}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build381173587_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/data/namespaces/ns1/app_security/suspicious_user_logs'

curl response:

HTTP/1.1 200 OK
Content-Length: 76
Content-Type: application/json
Date: Wed, 14 Jul 2021 08:06:37 GMT
Vary: Accept-Encoding

{
  "logs": [
  ],
  "total_hits": "0",
  "aggs": {
  },
  "scroll_id": ""
}