getWafDetailResults — Retrieving detailed statistics on the site traffic

The getWafDetailResults method retrieves the detailed site traffic statistics.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request Format

  • SiteLockOnlineRequest: This element is used to delineate the full API request.

    • authentication: The partner’s username, password, and branding

      • username: The partner’s API username

      • password: The partner’s API password

      • partner: (Optional) The brand name to use in messaging

    • getWafDetailResults: The method name

      • site_id: The ID of the site for which to retrieve the traffic statistics

      • time_range: The time range for which to fetch data. This value can be one of the following:

        • today: From midnight today until the current time

        • last_7_days: From midnight 7 days ago until midnight today

        • last_30_days: From midnight 30 days ago until midnight today

        • last_90_days: From midnight 90 days ago until midnight today

        • month_to_date: From midnight of the first day of the month until midnight today

      • page_num: The page to return, starting from 0. The default value is 0.

      • page_size: The number of objects to return in the response. The default value is 10, the maximum is 100.

All the timestamps will be specified as the number of milliseconds since midnight, 1 January 1970 (UNIX time * 1000) GMT.

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <getWafResults>
        <site_id>10900</site_id>
        <time_range>last_7_days</time_range>
        <page_num>0</page_num>
        <page_size>10</page_size>
    </getWafResults>
</SiteLockOnlineRequest>

Response format

  • SiteLockOnlineResponse: This element is used to delineate the full API response.

    • getWafDetailResults: The method name

      • status: Either ok or error

      • message: The detailed success or error message

      • visits: A list of sessions

        • visit: (Repeatable) A session

          • actions: The actions that took place for the current session. Each session may include specific threats, with its related details.

            • action: (Repeatable) An action that took place for the current session

              • queryString: The query string that was added to the base URL

              • responseTime: The number of milliseconds it took the server to return the response

              • thinkTime: The number of milliseconds it took the server to generate the response

              • threats: A list of threats associated with the action

                • threat: The threat associated with the action

                  • securityRule: The security rule associated with the threats

                  • threatPattern: The threat payload

              • url: The page URL

          • clientApplication: The client software application

          • clientApplicationId: The client software ID

          • clientIPs: A list of addresses used by the client

            • clientIp: The address used by the client

          • clientType: The client software application category

          • countries: A list of countries from which the site was visited

            • country: The country from which the site was visited

          • countryCodes: A list of country codes from which the site was visited

            • countryCode: Country code from which the site was visited

          • endTime: The timestamp at which this visit ended

          • entryPage: The URL of the first request in this visit

          • entryReferrer: The referrer header value of the first request to this visit

          • hits: The total number of HTTP requests in this visit, including requests for images, static resources, and other assets

          • os: The operating system type

          • osVersion: The operating system version

          • pageViews: The total number of pages viewed in this visit

          • securitySummary: A mapping between the security rules that took place during this session and their frequencies

            • types: A list of security rule types

              • type: The type of the security rule

          • serverVias: A list of SiteLock data centers

            • serverVia: The SiteLock data center from which this request was served

          • supportsCookies: Specifies whether the client application software supports cookies.

          • supportsJavaScript: Specifies whether the client application software supports JavaScript.

          • userAgent: The UserAgent header value

All the timestamps will be specified as number of milliseconds since midnight, 1 January 1970 (UNIX time * 1000) GMT.

Example response

<SiteLockOnlineResponse>
    <getWafDetailResults>
        <message>ok</message>
        <status>ok</status>
        <visits>
            <visit>
                <actions>
                    <action>
                        <queryString>?utm_campaign=10621&amp;utm_medium=CPA&amp;utm_campaign=126533&amp;utm_medium=CPA&amp;utm_source=IR&amp;clickid=</queryString>
                        <responseTime>0</responseTime>
                        <thinkTime>0</thinkTime>
                        <threats>
                            <threat>
                                <securityRule>Illegal Resource Access</securityRule>
                                <threatPattern>https://www.example.com/ddos/ddos-mitigation-services%3c/threatPattern[www.example.com/ddos/ddos-mitigation-services</threatPattern]>
                            </threat>
                        </threats>
                        <url>https://www.example.com/ddos/ddos-mitigation-services%3c/url[www.example.com/ddos/ddos-mitigation-services</url]>
                    </action>
                    ...
                </actions>
                <clientApplication>Bot</clientApplication>
                <clientApplicationId>7</clientApplicationId>
                <clientIPs>
                    <clientIP>12.13.14.15</clientIP>
                </clientIPs>
                <clientType>Unclassified</clientType>
                <countries>
                    <country>UnitedStates</country>
                </countries>
                <countryCodes>
                    <countryCode>US</countryCode>
                </countryCodes>
                <endTime>1550677064000</endTime>
                <entryPage>https://www.example.com/ddos/ddos-mitigation-services%3c/entryPage[www.example.com/ddos/ddos-mitigation-services</entryPage]>
                <entryReferrer></entryReferrer>
                <hits>4</hits>
                <os>Windows</os>
                <osVersion>Windows</osVersion>
                <pageViews>4</pageViews>
                <securitySummary>
                    <types>
                        <type>BotAccessControl</type>
                    </types>
                </securitySummary>
                <servedVias>
                    <servedVia>Seattle,WA</servedVia>
                </servedVias>
                <startTime>1550676207295</startTime>
                <supportsCookies>0</supportsCookies>
                <supportsJavaScript>0</supportsJavaScript>
                <userAgent>Mozilla/4.0 (compatible; MSIE 5.0; Windows 95; DigExt)</userAgent>
            </visit>
            ...
        </visits>
    </getWafDetailResults>
</SiteLockOnlineResponse>