Skip to content
API Enriched

Event alerts.

GET
/api/infraprotect/namespaces/{namespace}/infraprotect/event/{event_id}/alerts
curl --request GET \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/infraprotect/namespaces/example/infraprotect/event/example/alerts \
  --header 'Authorization: <Authorization>'

Returns a list of alerts triggers while an event is active.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
namespace
required
string

Namespace This request is supported only in system namespace.

event_id
required
string

Event ID ID of the event we want to GET alerts for.

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
Event alerts response

Response, list of alerts associated with an event.

object
alerts
Alerts

List of alerts related to the event.

Array<object>
Alert detail

Detail of an alert.

object
arbor_id
L3/L4 ID

L3/L4 provider alert identifier.

string
<= 1024 characters
bandwidth
Bandwidth

Bandwidth that triggered the alert in BPS.

string format: int64
<= 1024 characters
creator
Creator

Creator of the alert (or SOC if created manually)

string
<= 1024 characters
end_time
End time

End time of the alert. This is when the threshold was restored.

string format: date-time
<= 1024 characters
events
Events

List of associated alerts. These alerts are normally manually associated.

Array<object>
Single instance of an event

Event (an attack record) that holds info an attack and its mitigation(s)

object
attachments
Attachments

Attachments on an event.

Array<object>
Event attachment

Event attachment record (pcap, or any arbitrary file)

object
attachment_id
Attachment ID

ID of the attachment.

string
<= 1024 characters
attachment_type
string
default: ATTACHMENT_TYPE_UNKNOWN
Allowed values: ATTACHMENT_TYPE_UNKNOWN ATTACHMENT_TYPE_PCAP ATTACHMENT_TYPE_BINARY ATTACHMENT_TYPE_INVALID_PCAP ATTACHMENT_TYPE_OTHER
end_time
End time

End time as an RFC3339 string.

string format: date-time
<= 1024 characters
gos_name
GOS name

Generic object storage name of the attachment.

string
<= 1024 characters
gos_version
GOS version

Generic object storage version of the attachment.

string
<= 1024 characters
name
Name

Name of the attachment.

string
>= 6 characters <= 1024 characters
size_bytes
Size

Size of the attachment.

string format: int64
<= 1024 characters
start_time
Start time

Start time as an RFC3339 string.

string format: date-time
<= 1024 characters
creator
Creator

Creator of the event.

string
<= 1024 characters
description
Description

More detailed description of the event. Most of the time list of actions taken.

string
>= 21 characters <= 1024 characters
end_time
End time

End time as an RFC3339 string.

string format: date-time
<= 1024 characters
has_attachment
Has attachment

True if event has any attachment other than PCAP files.

boolean format: boolean
has_details
Has details

True if the event already has details assigned, otherwise false.

boolean format: boolean
id
Id

ID of the event used to uniquely identify it.

string
>= 1 <= 4094 <= 1024 characters
ip
IP

Target IP

string
<= 1024 characters
mitigation_id
Mitigation ID

Mitigation the event is related to.

string
<= 1024 characters
name
Name

Name of an event.

string
>= 6 characters <= 1024 characters
network_id
Network ID

Network the event is related to.

string
<= 1024 characters
start_time
Start time

Start time as an RFC3339 string.

string format: date-time
<= 1024 characters
id
Id

ID of the alert used to uniquely identify it.

string
>= 1 <= 4094 <= 1024 characters
ip
IP address

IP the alert is triggered for. This is the “protected” IP.

string
<= 1024 characters
network_id
Network ID

Network the alert is related to.

string
<= 1024 characters
source_type
string
default: ALERT_SOURCE_TYPE_UNKNOWN
Allowed values: ALERT_SOURCE_TYPE_UNKNOWN ALERT_SOURCE_TYPE_MITIGATED ALERT_SOURCE_TYPE_AUTOMITIGATED
start_time
Start time

Start time of the alert. This is when a threshold was exceeded.

string format: date-time
<= 1024 characters
type
Alert type

Type of the alert, e.g. DoS host alert.

string
<= 1024 characters
Example
{
  "alerts": [
    {
      "events": [
        {
          "attachments": [
            {
              "attachment_type": "ATTACHMENT_TYPE_UNKNOWN"
            }
          ]
        }
      ],
      "source_type": "ALERT_SOURCE_TYPE_UNKNOWN"
    }
  ]
}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example