GET Status of Suspicious users.

GET

/api/ml/data/namespaces/{namespace}/app_settings/{name}/suspicious_users

curl --request GET \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/ml/data/namespaces/example/app_settings/example/suspicious_users \
  --header 'Authorization: <Authorization>'

• F5 Distributed Cloud Console

GET status of suspicious users.

Authorizations

• ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace

fetch suspicious users for a given namespace.

name

required

string

Name fetch suspicious users based on a given app setting.

Query Parameters

query

string

Blogging_app”}” query is used to specify the list of matchers syntax for query := {[]} := <field_name>"" <field_name> := string One or more of these fields in the security event may be specified in the query. App_type - application type vh_name - name of the virtual host := string := [”=”|”!=”] = : equal to != : not equal to When more than one matcher is specified in the query, then security events matching ALL the matchers will be returned in the response. Example: query={country=“United States”, city=“California”} will return all security events originating from California, United States.

Optional: If not specified, all the security events matching the given tenant and namespace will be returned in the response.

start_time

string

Fetch suspicious users during timestamp >= start_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to -10m.

end_time

string

Fetch suspicious users during timestamp <= end_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to

topn

integer format: int64

X-example: 10 fetch top 10 suspicious users

Number of top field values to be returned in the response. Optional: If not specified, top 5 values will be returned in the response.

Responses

200

A successful response.

Media typeapplication/json

Suspicious User Status Response

Response message for SuspiciousUserStatusReq.

object

suspicious_users

suspicious users

List of suspicious users.

Array<object>

Suspicious User Data

Message containing suspicious user data.

object

logs

logs

List of security events that matched the query. Contains no more than 100 messages.

Array<string>

suspicion_score

suspicion score

Total number of security events that matched the query.

number format: double

user_id

user ID

String representing the user (ex: Source IP)

string

<= 1024 characters

Example^generated

{
  "suspicious_users": [
    {
      "logs": [
        "example"
      ],
      "suspicion_score": 1,
      "user_id": "example"
    }
  ]
}

401

Returned when operation is not authorized.

Media typeapplication/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

Media typeapplication/json

string format: string

Example^generated

example

404

Returned when resource is not found.

Media typeapplication/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

Media typeapplication/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

Media typeapplication/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

Media typeapplication/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

Media typeapplication/json

string format: string

Example^generated

example