Appearance
AlertConnect
AngkasaIO AlertConnect is a service that automatically forward alert generated by AngkasaIO WAF services to a chosen destination for storage, analysis, and more advance integration. This allows you to monitor and analyze security events mode deeply in a centralized location.
What Detail of Event can be forwarded?
AlertConnect contains high detailed information of security event, including:
- Event Description
- Attack signature and strategy
- Attacker's IP address (with ASN information if available)
- Attacker's Geo Location
- Attack mitigation guide
- Event details references
Availability and Limitations
- AlertConnect is only available to Enterprise customers.
- AlertConnect is only support HTTP request to forward and WAF security events
- During an heavyload event, AlertConnect's may send and alert with delay for seconds to maximizing a performace of protections
- For better performace, AlertConnect will only retry 3 times to send an http request to your API
AlertConnect Request Body
json
{
"channel": {
"group": "alert-connect",
},
"metadata": {
"id": "0000000-0000-0000-0000-000000000000",
"space_id": "1111111-1111-1111-1111-111111111111",
"key": "demo-test.example.com",
"type": "aiowaf",
},
"data": {
"console_link": "https://console.angkasa.io/alerts/waf/1111111-1111-1111-1111-111111111111/0000000-0000-0000-0000-000000000000",
"mapImage": "https://openspace.angkasa.io/api/staticmap?lat=1.3078&long=103.6818",
"attack_datetime": "2024-10-07 16-51-03 GMT+07:00",
"attack_path": [
"/robot.txt"
],
"attack_country_iso_code": "SG",
"attack_ip": "159.223.67.21",
"attack_count": 8,
"attack_duration": "25 seconds",
"attack_as": "GOOGLE",
"event_action": "Yes",
"event_category": "http_bruteforce",
"event_name": "HTTP Bruteforce",
"event_desc": "Detect generic 403 Forbidden (Authorization) error brute force",
"reference": {
"mitre": ["TA0006:T1110"]
},
"event_severity": "Alert",
"event_severity_num": 1,
"event_id": "2222222-2222-2222-2222-222222222222"
}
}