{ "id":"/axapi/v3/ddos/detection/settings", "type":"object", "node-type":"scalar", "title":"settings", "partition-visibility":"shared", "description":"Configure ddos detection settings", "properties":{ "detector-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'standalone': Standalone detector; 'on-box': Mitigator and Detector on the same box; 'auto-svc-discovery': Auto Service discovery using Visibility module (Deprecatd); ", "enum":[ "standalone", "on-box", "auto-svc-discovery" ], "optional":true }, "dedicated-cpus":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Configure the number of dedicated cores for detection", "optional":true }, "ctrl-cpu-usage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Control cpu usage threshold for DDoS detection", "optional":true }, "full-core-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable full core", "optional":true }, "top-k-reset-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure top-k reset interval", "optional":true }, "pkt-sampling":{ "type":"object", "properties":{ "override-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Sample 1 in X packets (default: X=1)" }, "assign-index":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "partition-visibility":"shared", "description":"Lower index is more aggressive sampling" }, "assign-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Assign rate to given index" } } }, "histogram-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram escalate sensitivity for DDoS detection", "optional":true }, "histogram-de-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram de-escalate sensitivity for DDoS detection", "optional":true }, "detection-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "default":1, "partition-visibility":"shared", "description":"Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))", "optional":true }, "initial-learning-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":168, "partition-visibility":"shared", "description":"Initial learning interval (in hours) before processing", "optional":true }, "export-interval":{ "type":"number", "format":"number", "minimum":20, "maximum":3000, "default":20, "partition-visibility":"shared", "description":"Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))", "optional":true }, "notification-debug-log":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable': Enable detection notification debug log (default: disabled); ", "enum":[ "enable" ], "optional":true }, "network-object-window-size":{ "type":"string", "format":"enum", "default":"30", "partition-visibility":"shared", "description":"'5': 5 seconds; '10': 10 seconds; '15': 15 seconds; '30': 30 seconds; (DDoS detection window size in seconds(default: 30))", "enum":[ "5", "10", "15", "30" ], "optional":true }, "network-object-flooding-multiple":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "default":2, "partition-visibility":"shared", "description":"multiplier for flooding detection threshold in network objects (default 2x threshold)", "optional":true }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "entry-saving":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/entry-saving", "properties":{ "interval":{ "type":"number", "format":"number", "minimum":0, "maximum":1440, "default":0, "partition-visibility":"shared", "description":"Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable." }, "manual-save":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually save network-object-based detection entries and learned indicators" }, "manual-restore":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually restore network-object-based detection entries and learned indicators" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "standalone-settings":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings", "properties":{ "action":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable standalone detector; 'disable': Disable standalone detector (default); ", "enum":[ "enable", "disable" ] }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(legacy)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/sflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":6343, "partition-visibility":"shared", "description":"sFlow port to receive packets (sFlow port number(default 6343))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "netflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/netflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":9996, "partition-visibility":"shared", "description":"Netflow port to receive packets (Netflow port number(default 9996))" }, "template-active-timeout":{ "type":"number", "format":"number", "minimum":2, "maximum":300, "default":30, "partition-visibility":"shared", "description":"Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } } } }