Get Detection Statistics of Preventive Protection

Request Parameters

Parameter

Description

Mandatory

id

Station ID.

This parameter can be repeated any number of times per request to request information from multiple stations at a time.

yes

from

Start date of a period for which statistical data was requested.

Specified in the format: YYYYMMDD or YYYYMMDDhhmmss.
If not set, then the current month statistics is returned.

no

till

End date of a period for which statistical data was requested.

Specified in the format: YYYYMMDD or YYYYMMDDhhmmss.
If not set, then the current month statistics is returned.

no

 

Request Example

https://192.168.1.1:9081/api/stations/hips_events.ds?id=1002

XML and JSON response structure examples are described below.

 

XML Response Structure

<drweb-es-api api_version="4.3.0" timestamp="1587673642" server="192.168.1.1" srv_version="13.00.0.202005090" status="true">
  <stations-hips-events total="1" period_from="1587673642" period_till="1587675599">
     <station id="1002" name="Station02">
        <event stype="1" denied="0" allowed="3"/>

        <event stype="3" denied="2" allowed="0"/>

        <event stype="4" denied="2" allowed="1"/>

        <event stype="0" denied="0" allowed="1"/>

        <event stype="8" denied="1" allowed="1"/>
     </station>
  </stations-hips-events>
</drweb-es-api>

 

Description of XML Response Parameters

The <stations-hips-events /> element contains detection statistics of Preventive protection for all stations in the request.

The <stations-hips-events /> element attributes:

Attribute

Description

total

Total number of stations in a response

period_from

Start date of a period for which statistical data was requested

period_till

End date of a period for which statistical data was requested

The <station /> element contains detection statistics of Preventive protection for a specific station.

The <station /> element attributes:

Attribute

Description

id

Station ID

name

Station name

The <event /> elements nested in the <station /> element contain information about a specific event type.

The <event /> element attributes:

Attribute

Description

stype

Event type:

0—attempt to execute a suspicious code,

1—attempt to access a protected module,

2—attempt to load a library from a network path,

3—attempt to change the stack protection attributes,

4—attempt to call a restricted function,

5—detected an invalid exception handler,

6—attempt to access a system module,

7—attempt to perform a heap spraying,

8—attempt to run a code from non-executable memory.

allowed

Number of allowed actions

denied

Number of denied actions

 

JSON Response Structure

{ "head": {
    "status": true,

    "timestamp": 1587673607,

    "api": {
      "version": 40300,
      "versionString": 4.3.0},

    "server": {
      "name": "192.168.1.1",

      "version": "13.00.0.202005090",
      "uuid": "a38710d0-4cde-11ea-7e2a-088d10f2f970"}},

"data": {
    "period_from": 1585688400,

    "period_till": 1587675599,

    "stations": {
      "total": 1,

      "list": [
          {"id": "1002",

          "name": "Station02",

          "events": [
             {"stype": 1,

              "allowed": 3,

              "denied": 0},

             {"stype": 3,

              "allowed": 0,

              "denied": 2},

             {"stype": 4,

              "allowed": 1,

              "denied": 2},

             {"stype": 0,

              "allowed": 1,

              "denied": 0},

             {"stype": 8,

              "allowed": 1,

              "denied": 1}]}]}}}

 

Description of JSON Response Parameters

The data block contains detection statistics of Preventive protection.

The data block elements:

Field name

Description

period_from

Start date of a period for which statistical data was requested

period_till

End date of a period for which statistical data was requested

stations

Block containing detection statistics of Preventive protection for all stations specified in the request

The stations block elements:

Field name

Description

total

Total number of stations in a response

list

Array containing detection statistics of Preventive protection for each station

Every object in the list array contains detection statistics of Preventive protection for a specific station.

Elements in the list array::

Field name

Description

stype

Event type:

0—attempt to execute a suspicious code,

1—attempt to access a protected module,

2—attempt to load a library from a network path,

3—attempt to change the stack protection attributes,

4—attempt to call a restricted function,

5—detected an invalid exception handler,

6—attempt to access a system module,

7—attempt to perform a heap spraying,

8—attempt to run a code from non-executable memory.

allowed

Number of allowed actions

denied

Number of denied actions