Get Detection Statistics of Preventive Protection for a Group

Request Parameters

Parameter

Description

Mandatory

id

Group ID.

This parameter can be repeated any number of times per request to request information about multiple groups at a time.

yes

from

Start date of a period for which statistical data were requested.

Specified in the format: YYYYMMDD or YYYYMMDDhhmmss.
If not set, then the current month statistics is returned.

no

till

End date of a period for which statistical data were requested.

Specified in the format: YYYYMMDD or YYYYMMDDhhmmss.
If not set, then the current month statistics is returned.

no

 

Request Example

https://192.168.1.1:9081/api/groups/hips_events.ds?id=2

XML and JSON response structure examples are described below.

 

XML Response Structure

<drweb-es-api api_version="4.3.0" timestamp="1587673642" server="192.168.1.1" srv_version="13.00.0.202005090" status="true">
  <groups-hips-events total="1" period_from="1587673642" period_till="1587675599">
     <group id="2" name="Group02">
        <event stype="1" denied="0" allowed="1"/>

        <event stype="3" denied="2" allowed="0"/>

        <event stype="4" denied="1" allowed="0"/>

        <event stype="8" denied="1" allowed="0"/>
     </group>
  </groups-hips-events>
</drweb-es-api>

 

Description of XML Response Parameters

The <groups-hips-events /> element contains detection statistics of Preventive protection for all groups in the request.

The <groups-hips-events /> element attributes:

Attribute

Description

total

Total number of groups in a response

period_from

Start date of a period for which statistical data were requested

period_till

End date of a period for which statistical data were requested

The <group /> element contains detection statistics of Preventive protection for a specific group.

The <group /> element attributes:

Attribute

Description

id

Group ID

name

Group name

The <event /> elements nested in the <group /> element contain information about a specific event type.

The <event /> element attributes:

Attribute

Description

stype

Event type:

0—attempt to execute a suspicious code,

1—attempt to access a protected module,

2—attempt to load a library from a network path,

3—attempt to change the stack protection attributes,

4—attempt to call a restricted function,

5—detected an invalid exception handler,

6—attempt to access a system module,

7—attempt to perform a heap spraying,

8—attempt to run a code from non-executable memory.

allowed

Number of allowed actions

denied

Number of denied actions

 

JSON Response Structure

{ "head": {
    "status": true,

    "timestamp": 1587673607,

    "api": {
      "version": 40300,
      "versionString": 4.3.0},

    "server": {
      "name": "192.168.1.1",

      "version": "13.00.0.202005090",
      "uuid": "a38710d0-4cde-11ea-7e2a-088d10f2f970"}},

"data": {
    "period_from": 1585688400,

    "period_till": 1587675599,

    "groups": {
      "total": 1,

      "list": [
          {"id": "2",

          "name": "Group02",

          "events": [
             {"stype": 1,

              "allowed": 1,

              "denied": 0},

             {"stype": 3,

              "allowed": 0,

              "denied": 2},

             {"stype": 4,

              "allowed": 0,

              "denied": 1},

             {"stype": 8,

              "allowed": 0,

              "denied": 1}]}]}}}

 

Description of JSON Response Parameters

The data block contains detection statistics of Preventive protection for all groups in the request.

The data block elements:

Field name

Description

period_from

Start date of a period for which statistical data were requested

period_till

End date of a period for which statistical data were requested

groups

Block containing detection statistics of Preventive protection for specified groups

The groups block elements:

Field name

Description

total

Total number of groups in a response

list

Array containing detection statistics of Preventive protection for each group

Every object in the list array contains detection statistics of Preventive protection for a specific group.

The list block elements:

Field name

Description

stype

Event type:

0—attempt to execute a suspicious code,

1—attempt to access a protected module,

2—attempt to load a library from a network path,

3—attempt to change the stack protection attributes,

4—attempt to call a restricted function,

5—detected an invalid exception handler,

6—attempt to access a system module,

7—attempt to perform a heap spraying,

8—attempt to run a code from non-executable memory.

allowed

Number of allowed actions

denied

Number of denied actions