{ "id":"/axapi/v3/ddos/detection", "type":"object", "node-type":"scalar", "title":"detection", "partition-visibility":"shared", "auto-created-object":1, "description":"DDoS Detection Commands", "properties":{ "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable DDoS detection (default: enabled)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "resource-usage":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/resource-usage", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ddos-script":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/ddos-script", "properties":{ "file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"startup-config local file name" }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'delete': delete; ", "enum":[ "delete" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "settings":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings", "properties":{ "detector-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'standalone': Standalone detector; 'on-box': Mitigator and Detector on the same box; 'auto-svc-discovery': Auto Service discovery using Visibility module (Deprecatd); ", "enum":[ "standalone", "on-box", "auto-svc-discovery" ] }, "dedicated-cpus":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Configure the number of dedicated cores for detection" }, "ctrl-cpu-usage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Control cpu usage threshold for DDoS detection" }, "full-core-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable full core" }, "top-k-reset-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure top-k reset interval" }, "pkt-sampling":{ "type":"object", "properties":{ "override-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Sample 1 in X packets (default: X=1)" }, "assign-index":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "partition-visibility":"shared", "description":"Lower index is more aggressive sampling" }, "assign-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Assign rate to given index" } } }, "histogram-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram escalate sensitivity for DDoS detection" }, "histogram-de-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram de-escalate sensitivity for DDoS detection" }, "detection-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "default":1, "partition-visibility":"shared", "description":"Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))" }, "initial-learning-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":168, "partition-visibility":"shared", "description":"Initial learning interval (in hours) before processing" }, "export-interval":{ "type":"number", "format":"number", "minimum":20, "maximum":3000, "default":20, "partition-visibility":"shared", "description":"Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))" }, "notification-debug-log":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable': Enable detection notification debug log (default: disabled); ", "enum":[ "enable" ] }, "network-object-window-size":{ "type":"string", "format":"enum", "default":"30", "partition-visibility":"shared", "description":"'5': 5 seconds; '10': 10 seconds; '15': 15 seconds; '30': 30 seconds; (DDoS detection window size in seconds(default: 30))", "enum":[ "5", "10", "15", "30" ] }, "network-object-flooding-multiple":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "default":2, "partition-visibility":"shared", "description":"multiplier for flooding detection threshold in network objects (default 2x threshold)" }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "entry-saving":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/entry-saving", "properties":{ "interval":{ "type":"number", "format":"number", "minimum":0, "maximum":1440, "default":0, "partition-visibility":"shared", "description":"Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable." }, "manual-save":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually save network-object-based detection entries and learned indicators" }, "manual-restore":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually restore network-object-based detection entries and learned indicators" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "standalone-settings":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings", "properties":{ "action":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable standalone detector; 'disable': Disable standalone detector (default); ", "enum":[ "enable", "disable" ] }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(legacy)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/sflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":6343, "partition-visibility":"shared", "description":"sFlow port to receive packets (sFlow port number(default 6343))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "netflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/netflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":9996, "partition-visibility":"shared", "description":"Netflow port to receive packets (Netflow port number(default 9996))" }, "template-active-timeout":{ "type":"number", "format":"number", "minimum":2, "maximum":300, "default":30, "partition-visibility":"shared", "description":"Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } } } }, "agent-list":{ "type":"array", "minItems":1, "items":{ "type":"agent" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}", "array":[ { "properties":{ "agent-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name for the agent", "optional":false }, "agent-v4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Configure agent's IPv4 address", "optional":true }, "agent-v6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Configure agent's IPv6 address", "optional":true }, "agent-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'Cisco': Cisco; 'Juniper': Juniper; ", "enum":[ "Cisco", "Juniper" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'sflow-packets-received': sFlow Packets Received; 'sflow-samples-received': sFlow Samples Received; 'sflow-samples-bad-len': sFlow Samples Bad Length; 'sflow-samples-non-std': sFlow Samples Non-standard; 'sflow-samples-skipped': sFlow Samples Skipped; 'sflow-sample-record-bad-len': sFlow Sample Records Bad Length; 'sflow-samples-sent-for-detection': sFlow Samples Processed For Detection; 'sflow-sample-record-invalid-layer2': sFlow Sample Records Unknown Layer-2; 'sflow-sample-ipv6-hdr-parse-fail': sFlow Sample IPv6 Record Header Parse Failures; 'sflow-disabled': sFlow Packet Samples Processing Disabled; 'netflow-disabled': Netflow Flow Samples Processing Disabled; 'netflow-v5-packets-received': Netflow v5 Packets Received; 'netflow-v5-samples-received': Netflow v5 Samples Received; 'netflow-v5-samples-sent-for-detection': Netflow v5 Samples Processed For Detection; 'netflow-v5-sample-records-bad-len': Netflow v5 Sample Records Bad Length; 'netflow-v5-max-records-exceed': Netflow v5 Sample Max Records Error; 'netflow-v9-packets-received': Netflow v9 Packets Received; 'netflow-v9-samples-received': Netflow v9 Samples Received; 'netflow-v9-samples-sent-for-detection': Netflow v9 Samples Processed For Detection; 'netflow-v9-sample-records-bad-len': Netflow v9 Sample Records Bad Length; 'netflow-v9-sample-flowset-bad-padding': Netflow v9 Sample Flowset Bad Padding; 'netflow-v9-max-records-exceed': Netflow v9 Sample Max Records Error; 'netflow-v9-template-not-found': Netflow v9 Template Not Found; 'netflow-v10-packets-received': Netflow v10 Packets Received; 'netflow-v10-samples-received': Netflow v10 Samples Received; 'netflow-v10-samples-sent-for-detection': Netflow v10 Samples Procssed For Detection; 'netflow-v10-sample-records-bad-len': Netflow v10 Sample Records Bad Length; 'netflow-v10-max-records-exceed': Netflow v10 Sample Max records Error; 'netflow-tcp-sample-received': Netflow TCP Samples Received; 'netflow-udp-sample-received': Netflow UDP Samples received; 'netflow-icmp-sample-received': Netflow ICMP Samples Received; 'netflow-other-sample-received': Netflow OTHER Samples Received; 'netflow-record-copy-oom-error': Netflow Data Record Copy Fail, Local MEM size error; 'netflow-record-rse-invalid': Netflow Data Record Reduced Size Invalid; 'netflow-sample-flow-dur-error': Netflow Sample Flow Duration Error; 'flow-dst-entry-miss': DDoS Destination Entry Lookup Failures; 'flow-ip-proto-or-port-miss': DDoS Destination Service Lookup Failures; 'flow-detection-msgq-full': Detection Message Enqueue Failures; 'flow-network-entry-miss': DDoS Destination Network-object Entry Lookup Failures; ", "enum":[ "all", "sflow-packets-received", "sflow-samples-received", "sflow-samples-bad-len", "sflow-samples-non-std", "sflow-samples-skipped", "sflow-sample-record-bad-len", "sflow-samples-sent-for-detection", "sflow-sample-record-invalid-layer2", "sflow-sample-ipv6-hdr-parse-fail", "sflow-disabled", "netflow-disabled", "netflow-v5-packets-received", "netflow-v5-samples-received", "netflow-v5-samples-sent-for-detection", "netflow-v5-sample-records-bad-len", "netflow-v5-max-records-exceed", "netflow-v9-packets-received", "netflow-v9-samples-received", "netflow-v9-samples-sent-for-detection", "netflow-v9-sample-records-bad-len", "netflow-v9-sample-flowset-bad-padding", "netflow-v9-max-records-exceed", "netflow-v9-template-not-found", "netflow-v10-packets-received", "netflow-v10-samples-received", "netflow-v10-samples-sent-for-detection", "netflow-v10-sample-records-bad-len", "netflow-v10-max-records-exceed", "netflow-tcp-sample-received", "netflow-udp-sample-received", "netflow-icmp-sample-received", "netflow-other-sample-received", "netflow-record-copy-oom-error", "netflow-record-rse-invalid", "netflow-sample-flow-dur-error", "flow-dst-entry-miss", "flow-ip-proto-or-port-miss", "flow-detection-msgq-full", "flow-network-entry-miss" ] } } } ] }, "sflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}/sflow", "properties":{ "sflow-pkt-samples-collection":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable sflow packet samples collection(default); 'disable': Disable sflow packet samples collection; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "netflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}/netflow", "properties":{ "netflow-samples-collection":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Netflow flow samples collection(default); 'disable': Disable Netflow flow samples collection; ", "enum":[ "enable", "disable" ] }, "netflow-sampling-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":1, "partition-visibility":"shared", "description":"Configure agent's netflow sampling rate" }, "active-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":600, "partition-visibility":"shared", "description":"Configure agent's flow active timeout (seconds)" }, "inactive-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":600, "partition-visibility":"shared", "description":"Configure agent's flow inactive timeout (seconds)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "agent-name" ] } ] }, "statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }