Flow Anomaly detection.

POST

/api/data/namespaces/system/flows/top_flow_anomalies

const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/system/flows/top_flow_anomalies';
const options = {
  method: 'POST',
  headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'},
  body: '{"end_time":"example","field_selector":["BYTES"],"filter":"example","group_by":["SITE"],"limit":1,"sort_by":[{"sort_direction":"SORT_DIRECTION_DESC","sort_label":"SORT_LABEL_NONE"}],"start_time":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/system/flows/top_flow_anomalies \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "end_time": "example", "field_selector": [ "BYTES" ], "filter": "example", "group_by": [ "SITE" ], "limit": 1, "sort_by": [ { "sort_direction": "SORT_DIRECTION_DESC", "sort_label": "SORT_LABEL_NONE" } ], "start_time": "example" }'

Request to GET flow anomaly records.

Examples of this operation.

Authorizations

ApiToken

Request Body^required

application/json

Top flow anomalies request

object

end_time

End time

End time of flow collection Format: unix_timestamp|RFC 3339

Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to

string

<= 1024 characters

field_selector

Field Selector

Select fields to be returned in the response.

Required: YES.

Array<string>

>= 1 items <= 8 items

Allowed values: BYTES PACKETS DROPPED_PACKETS TX_BYTES TX_PACKETS TX_DROPPED_PACKETS FLOW_COUNT

filter

Label Filter

\site-1”,“site-2”)}” filter is used to specify the list of matchers syntax for filter := {[]} := "" := string One or more labels defined in Label can be specified in the filter. := string := [”=”|”!=”] = : equal to != : not equal to

Optional: If not specified, counter will be aggregated based on the group_by labels.

string

<= 1024 characters

group_by

Group by

Aggregate data by labels specified in the group_by field.

Array<string>

<= 20 items

Allowed values: SITE SRC_IP SRC_PORT DST_IP DST_PORT PROTOCOL APP_NAME NFV_SERVICE NFV_SERVICE_INSTANCE NFV_SERVICE_INSTANCE_HOSTNAME SRC_SITE DST_SITE SRC_PROVIDER_TYPE DST_PROVIDER_TYPE SRC_SUBNET DST_SUBNET SRC_NETWORK DST_NETWORK CLOUD_CONNECT ANOMALY_LEVEL

limit

Limit

Limits the number of results.

integer format: int64

sort_by

Sort by

Sort the data by specified fields, in the given direction.

Array<object>

SortBy

Sorting for data by given fields.

object

sort_direction

string

default: SORT_DIRECTION_DESC

Allowed values: SORT_DIRECTION_DESC SORT_DIRECTION_ASC

sort_label

string

default: SORT_LABEL_NONE

Allowed values: SORT_LABEL_NONE SORT_LABEL_BYTES SORT_LABEL_FLOW_COUNT SORT_LABEL_ANOMALY_LEVEL SORT_LABEL_ANOMALY_DURATION

start_time

Start time

Start time of flow collection Format: unix_timestamp|RFC 3339

Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to -10m.

string

<= 1024 characters

Responses

200

A successful response.

application/json

Top flow anomalies response

object

flowAnomalyData

FlowAnomalyData

FlowAnomalyData wraps the response for flows with anomalies.

Array<object>

FlowAnomalyData wraps the response data for top flow anomalies. x-displayName: "FlowAnomalyData"

object

anomaly_data

x-displayName: "AnomalyData" Anomaly Data

Data or content configuration

Array<object>

Anomaly Data contains key/value pairs that uniquely identifies the group_by labels specified in the request.

object

anomalous_data_transferred

Anomalous data transferred in bytes x-displayName: "Anomalous Data Transferred"

Data or content configuration

string format: int64

<= 1024 characters

anomaly_duration_seconds

Time between anomaly start and last seen time. x-displayName: "Anomaly duration" x-example: "300"

Security-related configuration

string format: int64

<= 1024 characters

anomaly_level

string

default: LOW_ANOMALY_LEVEL

Allowed values: LOW_ANOMALY_LEVEL MEDIUM_ANOMALY_LEVEL HIGH_ANOMALY_LEVEL

anomaly_score

Anomaly Score Higher value indicates more a anomalous datapoint. x-displayName: "Anomaly score"

Configuration parameter for anomaly score

number format: float

anomaly_start_time

Time when the anomaly began. x-displayName: "Anomaly start time" x-example: "2021-01-22 15:46:23.767649"

Configuration parameter for anomaly start time

string format: date-time

<= 1024 characters

flow_count

Count of anomalous flows x-displayName: "Flow Count" x-example: "100000"

Number of items or occurrences

string format: int64

<= 1024 characters

labels

Labels with metadata about the anomaly Key is the label name defined in the Labels enum. x-displayName: "Labels"

Key-value labels for organization and selection

object

scan_time

Time when the anomaly detection scan was last run. x-displayName: "Scan time" x-example: "2021-01-22 15:46:23.767649"

Configuration parameter for scan time

string format: date-time

<= 1024 characters

total_data_transferred

Total data transferred in bytes x-displayName: "Total Data Transferred"

Data or content configuration

string format: int64

<= 1024 characters

type

string

default: BYTES

Allowed values: BYTES PACKETS DROPPED_PACKETS TX_BYTES TX_PACKETS TX_DROPPED_PACKETS FLOW_COUNT

Example

{
  "flowAnomalyData": [
    {
      "anomaly_data": [
        {
          "anomaly_level": "LOW_ANOMALY_LEVEL"
        }
      ],
      "type": "BYTES"
    }
  ]
}

401

Returned when operation is not authorized.

application/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

application/json

string format: string

Example^generated

example

404

Returned when resource is not found.

application/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

application/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

application/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

application/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

application/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

application/json

string format: string

Example^generated

example

Flow Anomaly detection.

Authorizations

Request Bodyrequired

Responses

200

Example

401

Examplegenerated

403

Examplegenerated

404

Examplegenerated

409

Examplegenerated

429

Examplegenerated

500

Examplegenerated

503

Examplegenerated

504

Examplegenerated

Request Body^required

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated