wapples-alerts
Get alerts from WAPPLES device.
wapples-alerts profile=PROFILE [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=ORDER]
- profile=PROFILE
- WAPPLES connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- order=ORDER
- asc or desc. desc by default.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| profile | String | Profile | |
| seq | Long | Seq | |
| src_ip | IP address | Src IP | |
| src_port | Integer | Src Port | |
| dst_ip | IP address | Dst IP | |
| dst_port | Integer | Dst Port | |
| host | String | Host | |
| uri | String | Uri | |
| policy | String | Policy | |
| signature | String | Signature | |
| status | Integer | Status | |
| action | String | Action | |
| creator | String | Creator | |
| risk_score | Integer | Risk Score | |
| session_key | String | Session Key |