GET /api/aggressive_ips?:filter=:value
Parameters
Filter Name | Description |
---|---|
service |
comma separated array of services |
seen_count | number of times the IP has been seen (defaults to 10) |
last_seen_ts |
date the IP was last seen on the network (defaults to 1 week ago) |
Request
Headers
Authorization: Token token=1
Route
GET /api/aggressive_ips?service=ssh,mysql
Query Parameters
service: ssh,mysql
cURL Example
curl "https://api.security.berkeley.edu/api/aggressive_ips?service=ssh,mysql" \ -X GET -H "Authorization: Token token=1"
Response
Headers
Content-Type: application/json; charset=utf-8 ETag: W/"4058615e9c38f17b682eb891be3a9f02" Cache-Control: max-age=0, private, must-revalidate Content-Length: 383
Status
200 OK
Body
{ "aggressive_ips": [ { "ip": "107.160.23.40", "dst_port": 3306, "service": "mysql", "tags": [ "foo", "bar" ], "seen_count": 20, "first_seen_ts": "2016-02-15T11:15:59.000-08:00", "last_seen_ts": "2016-02-21T11:15:59.000-08:00" }, { "ip": "58.218.199.57", "dst_port": 22, "service": "ssh", "tags": [ ], "seen_count": 11, "first_seen_ts": "2016-02-15T11:15:59.000-08:00", "last_seen_ts": "2016-02-19T11:15:59.000-08:00" } ] }