4.3.1 API防护(apiguard日志)
此类事件的主类型(mainType)为api_guard,子类型(subType)列举如下:
| 事件子类型 | 事件说明 | 是否为安全日志 |
|---|---|---|
| security.api_guard.ngswaf.header_check | 接口头部检测 | √ |
| security.api_guard.ngswaf.query_name_check | 接口参数名检测 | √ |
| security.api_guard.ngswaf.snort | 接口攻击行为检测 | √ |
| security.api_guard.request_validation.api_not_found | 接口扫描 | √ |
| security.api_guard.request_validation.invalid_data | 接口参数爆破 | √ |
| security.api_guard.request_validation.need_online | 接口越权调用 | √ |
| security.api_guard.request_validation.tia_api_brute_scan | 接口暴力扫描 | √ |
| security.api_guard.request_validation.tia_api_param_brute_scan | 接口参数暴力爆破 | √ |
| security.api_guard.shellcheck.failed | 接口webshell攻击 | √ |