0% found this document useful (0 votes)

231 views

Arbor SP-TMS 8.4.0-API Guide 20180403

This document provides an overview and guide to using the Arbor Networks SP and TMS APIs. It describes the SP REST API, Arbor Web Services API, Current SOAP API and Classic SOAP API. The guide covers topics such as accessing the APIs, API functions for alerts, mitigations, configuration management and reports. It also provides information on API versioning, deprecations, and instructions for using the APIs with languages like Python, PHP and Java.

Uploaded by

mejameson

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

231 views

Arbor SP-TMS 8.4.0-API Guide 20180403

Uploaded by

mejameson

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 224

Arbor Networks SP and TMS

API Guide
Version 8.4
Legal Notice
The information contained within this document is subject to change without notice. Arbor Networks,
Inc. makes no warranty of any kind with regard to this material, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose. Arbor Networks, Inc. shall not be
liable for errors contained herein or for any direct or indirect, incidental, special, or consequential
damages in connection with the furnishings, performance, or use of this material.
Copyright © 1999-2018 Arbor Networks, Inc. All rights reserved. Arbor Networks, NETSCOUT, the Arbor
Networks logo, Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see things others
can’t.™ and Arbor Networks. Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All
other brands may be the trademarks of their respective owners.
Document Number: SP-API-84-2018/04
03 April, 2018
Contents

Preface
How to Use SP and TMS Documentation 8
Conventions Used in this Guide 9
Contacting the Arbor Technical Assistance Center 11
About the Arbor SDK Package 12

Part I: Arbor Networks SP REST API

Chapter 1: Using the Arbor Networks SP REST API 15
About the SP REST API 16
Accessing the SP REST API 18
How to Use the SP REST API Documentation 20
SP REST API Limitations 21
Arbor Networks SP REST API Versioning and Deprecation 22
Feedback and Suggestions 24

Part II: Arbor Web Services API

Chapter 2: Using the Arbor Web Services API 27
Introduction to the Arbor Web Services API 28
Alerts 29
Traffic 31
Mitigations 33
Managed Object 35
Routers 37
Devices 40
Arbor Networks SP CP 5500 Appliance 44
Arbor Networks TMS Appliance 48
Arbor Networks TMS Ports 51
Reports 52

Part III: Current SOAP API

Chapter 3: Introduction to the Current SOAP API 57
Using the Current SOAP API in SP 58
Chapter 4: Alert Functions in the Current SOAP API 61
getDosAlertSummaries 62
getDosAlertSummariesXML 67
getDosAlertDetailsXML 68
Understanding XML for Alerts 69
getDosAlertGraph 79
getDosAlertDetails 80
Chapter 5: Mitigation Functions in the Current SOAP API 93
applyMitigationTemplateById 94
applyMitigationTemplateByName 95
getMitigationSummaries 96

SP API Guide, Version 8.4 3

SP API Guide, Version 8.4

getMitigationSummariesXML 98
getMitigationStatisticsByIdXML 99
getMitigationStatisticsByNameXML 100
addTmsFilterList 101
editTmsFilterList 103
deleteTmsFilterList 104
Chapter 6: Configuration Management Functions in the Current SOAP API 105
About the Configuration Management Functions 106
cliRun 108
accountAdd 109
accountDelete 111
accountChangePassword 112
accountChangeGroup 113
Chapter 7: Report Functions in the Current SOAP API 115
queueReportToRun 116
getReportList 117
getReportListXML 119
getReportResultsList 120
getReportResultsListXML 122
getLastReportResultAsCSV 123
getLastReportResultAsXML 124
getLastReportResultAsPDF 125
getReportResultAsCSV 126
getReportResultAsXML 127
getReportResultAsPDF 128
runXmlQuery 129
getTrafficGraph 131

Part IV: Classic SOAP API

Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package 135
Using the SOAP API in SP 136
Getting Started 138
Installing the SP SOAP Python Client 139
Viewing Classic SOAP API Examples in PHP 140
How Classic SOAP API Calls Map to Current SOAP API Calls 141
Chapter 9: Using Java/Axis with the Classic SOAP API 143
Prerequisites for Using Java/Axis with the SP SOAP Interface 144
Configuring Certificates 146
Generating the Client Proxy Code 148
Using the Client Proxy Code 149
Using the Utility Package 152
Working with the Sample Code for Java/Axis 153
Building and Running the Sample Projects 155
Fault Handling 164
Capturing the XML Request and Response 165
Chapter 10: Alert Functions in the Classic SOAP API 167
getAlertSummaries 168
getAlertInterfaces 173
getAlertInterfaceDetails 176
getAlertInterfacesXML 181
getAlertRouterInterfacesXML 183

4 Proprietary and Confidential Information of Arbor Networks Inc.

getAlertGraph 185
getAlertGraphData 186
getAlertStatisticsRaw and sqlQuery 188
Chapter 11: Configuration Management Functions in the Classic SOAP API 189
About the Configuration Management Functions 190
cliRun 192
accountAdd 193
accountDelete 196
accountChangePassword 198
accountChangeGroup 199
Chapter 12: Traffic Report Functions in the Classic SOAP API 201
getTrafficData 202
getTrafficGraph 205

Glossary 209

Index 219

Software License Agreement 223

Proprietary and Confidential Information of Arbor Networks Inc. 5

SP API Guide, Version 8.4

6 Proprietary and Confidential Information of Arbor Networks Inc.

Preface

Introduction
This guide provides instructions for the API configurations for your SP deployment . It
provides an overview of the SP REST API and covers the APIs in the Arbor API Software
Developers Kit (SDK) in more detail.

The REST API is intended for SP users and administrators with a working knowledge of the
SP web UI and SP command line inteface (CLI). The APIs in the SDK are intended for
network administrators who are responsible for the availability of their organization's
network infrastructure. Users of the APIs in the SDK should have a strong understanding
of networking and the network environment, including topology and traffic.

This guide supports the 8.4 release for all SP and TMS appliances.

SP API Guide, Version 8.4 7

SP API Guide, Version 8.4

How to Use SP and TMS Documentation

Using this guide
This guide provides instructions for the API configurations for your SP deployment.

Additional SP and TMS documentation

See the following documentation for more information about SP and TMS appliances and
this version of the software:

Additional documentation

Available Documentation Contents

SP and TMS Quick Start Cards Instructions and requirements for the initial
installation and configuration of SP and TMS
appliances.

SP and TMS User Guide Instructions and information that explain how to
configure and use SP and TMS appliances and
software using the SP web user interface (UI).

SP and TMS Advanced Instructions and information about configuring

Configuration Guide advanced settings in SP and TMS, including those
that can only be configured using the command line
interface (CLI).

SP and TMS Help Online help topics from the User Guide and
Advanced Configuration Guide. The Help is context-
sensitive to the SP web UI page from which it is
accessed.

SP Managed Services Customer Instructions and information for the managed

Guide services customers who use the SP 8.4 web user
interface.

(information) Information about a report or a particular feature of

the SP web user interface (UI). This information
appears when you hover the mouse pointer over the
icon.

8 Proprietary and Confidential Information of Arbor Networks Inc.

Preface

Conventions Used in this Guide

This guide uses typographic conventions to make the information in procedures,
commands, and expressions easier to recognize.

Conventions for procedures

The following conventions represent the elements that you select, press, and type as you
follow procedures.
Typographic conventions for procedures

Convention Description Examples

Italics A label that identifies an area On the Summary page, view the
on the graphical user Active Alerts section.
interface.

Bold An element on the graphical Type the computer’s address in

user interface that you click or the IP Address box.
interact with. Select the Print check box, and
then click OK.

SMALL CAPS A key on the keyboard. Press ENTER.

To interrupt long outputs, press
CTRL + C.

Monospaced A file name, folder name, or Navigate to the

path name. C:\Users\Default\Favorites
Also represents computer folder.
output. Expand the Addresses folder,
and then open the readme.txt
file.

Monospaced Information that you must Type https:// followed by the IP

bold type exactly as shown. address.

Monospaced A file name, folder name, path Type the server's IP address or
italics name, or other information hostname.
that you must supply.

> A navigation path or sequence Select Settings > Company .

of commands. Navigate to the Account page
(Settings > Account).
Select Mitigation > Threat
Management.
Navigate to the Alerts Ongoing
page (Alerts > Ongoing ).

Proprietary and Confidential Information of Arbor Networks Inc. 9

SP API Guide, Version 8.4

Conventions for commands and expressions

The following conventions show the syntax of commands and expressions. Do not type
the brackets, braces, or vertical bar in commands or expressions.
Typographic conventions for commands and expressions

Convention Description
Monospaced bold Information that you must type exactly as shown.

Monospaced A variable for which you must supply a value.

italics

{ } (braces) A set of choices for options or variables, one of which is required.

For example: {option1 | option2}.

[ ] (square brackets) A set of choices for options or variables, any of which is optional.
For example: [variable1 | variable2].

| (vertical bar) Separates the mutually exclusive options or variables.

10 Proprietary and Confidential Information of Arbor Networks Inc.

Preface

Contacting the Arbor Technical Assistance Center

The Arbor Technical Assistance Center is your primary point of contact with Arbor
Networks® for all service and technical assistance issues.

Contact methods
You can contact the Arbor Technical Assistance Center as follows:
n Phone US toll free — +1 877 272 6721
n Phone worldwide — +1 781 362 4301
n Support portal — https://support.arbornetworks.com

Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor
Technical Assistance Center. Please include the following information:
n Title of the guide

n Document number (listed on the reverse side of the title page)

n Page number

Example
SP-API-84-2018/04

SP API Guide

Page 9

Proprietary and Confidential Information of Arbor Networks Inc. 11

SP API Guide, Version 8.4

About the Arbor SDK Package

Introduction
The Arbor SDK package contains the files for the Arbor Web Services API, the current SOAP
API, and Arbor’s classic SOAP API (released prior to SP version 5.5). All APIs do not provide
the same capabilities. This topic briefly describes the advantages of using each API
included in the SDK.

Note
The SP REST API is included with the SP software and is not part of the SDK.

Downloading the SDK

You can download the complete Arbor SDK package for the SOAP and Web Services APIs
by navigating to Administration > Download Arbor API SDK in the SP web UI.

Advantages of the Arbor Web Services API

The Arbor Web Services API is easier to use and faster to get started with than the SOAP
API. For this reason, it is the recommended API for users who have not used an SP API
before. The Web Services API provides access to almost all of the same functionality as the
SOAP API, but the Web Services API is simpler to use. You can access the Web Services API
using your regular web browser or a command-line tool, such as cURL.

Advantages of the current SOAP API

The current SOAP API is an updated version of the classic SOAP API that was part of
versions of SP prior to 5.5. The current SOAP API includes the same functionality as the
classic SOAP API; however, some of the function names have changed or have new
parameters to support expanded functionality. The current SOAP API also provides
significant new API functionality, such as the following:
n enhanced search capabilities for DoS alerts

n the ability to access mitigation information

n the ability to run wizard reports and obtain report results

Arbor recommends that all classic SOAP users migrate to the current SOAP API to take
advantage of its broader functionality. For more information about migrating to the
current SOAP API, see “How Classic SOAP API Calls Map to Current SOAP API Calls” on
page 141 .

Advantages of the classic SOAP API

The classic SOAP API is still available for existing SOAP users who want to have the
previously available SOAP functionality without updating their SOAP clients to use the
current SOAP API.

Important
The classic SOAP API has been deprecated and support is limited to bugs that break the
service completely. The classic SOAP API is maintained only as a courtesy to customers
until they can migrate to the SP REST API, current SOAP API or to the Arbor Web Services
API. Individual functions in the classic SOAP API may not work in releases after SP 7.0.

12 Proprietary and Confidential Information of Arbor Networks Inc.

Part I:
Arbor Networks SP REST API
SP API Guide, Version 8.4

14 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1:
Using the Arbor Networks SP REST API

Introduction
Arbor Networks provides a REST API for SP. This API allows you to have programmatic
access to the data on both SP and TMS appliances.

In this section
This section contains the following topics:

About the SP REST API 16

Accessing the SP REST API 18
How to Use the SP REST API Documentation 20
SP REST API Limitations 21
Arbor Networks SP REST API Versioning and Deprecation 22
Feedback and Suggestions 24

SP API Guide, Version 8.4 15

SP API Guide, Version 8.4

About the SP REST API

Introduction
The SP REST API is accessible from the SP leader appliance using HTTPS. Most endpoints
use the application/vnd.api+json content type for input; however, the insight endpoints
use application/json. The REST API uses JSON API as the output format.

References
For more information on REST and JSON API, see the following references:
n Richardson Maturity Model:
http://restcookbook.com/Miscellaneous/richardsonmaturitymodel/
n JSON API format: http://jsonapi.org/format/

About REST
REST (Representational State Transfer) is a software architectural style that improves the
performance, scalability, and reliability of the API. The SP REST API communicates over
HTTPS, using standard HTTP methods to move data.

REST API endpoints

The SP REST API endpoints are mostly based on the SP CLI commands, eventually
removing the need for the cliRun function used in previous APIs.

Endpoints represent either collections or individual resources and are named using plural
nouns. You use HTTP methods to determine the action on the resource.

The following snippet shows a REST endpoint that displays alert number 1234. The
address of the SP appliance in this example is sp.example.com.
https://sp.example.com/api/sp/alerts/1234

You can edit the endpoint address to reference your SP leader.

For more information about the specific SP REST API endpoints, select Administration >
REST API Documentation in the SP web UI.

REST API methods

You can use the following HTTP methods in the SP REST API:

GET
Retrieves information about the specified collection or resource. You can obtain specific
results with the GET command by passing additional parameters, but in general it returns
a large set of information.

POST
Adds a new resource to a collection.

PUT
(Not available)

16 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1: Using the Arbor Networks SP REST API

PATCH
Updates only part of a given resource. For example, you can use PATCH to update a user’s
name only, and expect all other properties to remain unmodified.

DELETE
Deletes the identified resource.

OPTIONS
Determines what options are available for a given resource.

Not all endpoints use all methods. Use the OPTIONS method on an endpoint to
determine which methods are valid for it.

REST API output

The SP REST API output is in the JSON API format. The responses use return links to refer
to other resources and support pagination.

Proprietary and Confidential Information of Arbor Networks Inc. 17

SP API Guide, Version 8.4

Accessing the SP REST API

Introduction
The SP REST API is accessible via an HTTP REST interface using JSON as the data
serialization format. You can use .net, C, Java, Perl, Python, or other languages to access
the API.

No installation is necessary. The API is included with the SP software.

SP REST API access prerequisites

There are two methods to access the API: through the browser or programmatically. They
have different prerequisites.
n To access the API through a browser, the sp_restapi capability first must be enabled in a
capability group for users in that group. By default, the admin capability group has the
sp_restapi capability enabled, and for all others it is disabled.
Note
This capability is different from the capability used to access the SOAP API (sp_soap).
n To access the API programmatically, you must first create an SP REST API token in the
SP CLI. See “Accessing the SP REST API” below.

Accessing the SP REST API

To access the SP REST API through the browser:
1. Log in to the SP web UI as a user with the sp_restapi capability, usually an admin
username.
2. Type an endpoint in the browser's address box.
Example: https://sp.example.com/api/sp/alerts/
Note
When you log in to the SP web UI, SP automatically creates an API token cookie.
While you are logged in, the token cookie allows you to submit API request URLs
through your browser’s address bar. When you log out of the SP web UI, the token
cookie expires.

To access the SP REST API programmatically:

1. Log in to the SP CLI as an admin user.
2. Enter the following command to create the REST API token:
/services aaa local apitoken generate user_name "token_description"
The token works only for the user_name you specify. The SP data that the API server
returns depends on the authorization configured in the SP account group for user_
name. The authorization for the account group includes its assigned capabilities and
managed object scoping (if any), and whether or not it is a managed services account
group.
Note
Users in a managed services account group have very limited access to SP data
through the REST API.

18 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1: Using the Arbor Networks SP REST API

3. Use the following cURL command:

$ curl \
-H "X-Arbux-APIToken: api_token" \
-H "Content-Type: application/vnd.api+json" \
-L https://IP_adddress or hostname/api/sp/endpoint/
For example:
$ curl \
-H "X-Arbux-APIToken: a_b_Cdefgh123Ijklmnop456Qrstuv789Wxyz" \
-H "Content-Type: application/vnd.api+json" \
-L https://sp.example.com/api/sp/alerts/
Note
Use application/json for the Content-Type when using insight/ endpoints.

Proprietary and Confidential Information of Arbor Networks Inc. 19

SP API Guide, Version 8.4

How to Use the SP REST API Documentation

See the following sources for more information about the SP API:

Reference documentation

Document Contents
Online SP Commented API calls for the SP REST API are available on the SP API
REST API Documentation page through the SP web UI (Administration
Endpoint > REST API Documentation).
Documentation You can also type the following URL into your browser:
https://IP_address/api/sp/doc/index.html
where IP_address is the IP address or hostname of the SP leader
device.

SP Online Help Online help topics are available from the SP User Guide , which
include instructions and information about using the SP web user
interface (UI). The Help also contains instructions and information
about configuring advanced settings in SP, including those that can
only be configured using the command line interface (CLI).
You can access this Help by clicking the Help button on any page in
the SP web UI, or by entering the following URL in your browser:
https://IP_address/arborhelp/Peakflow_SP_Help.htm
where IP_address is the IP address or hostname of SP.

20 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1: Using the Arbor Networks SP REST API

SP REST API Limitations

The following are limitations in this version of the SP REST API:
n This version of the SP REST API is not backward compatible with version 0.6 released in
SP 8.0.
n The SP REST API is implemented by the SP leader device. You are not restricted from
using the SP REST API to query other devices, but you might get incorrect results.
n You cannot delete the leader using the devices endpoint.
n You cannot determine which appliance is the leader by querying the devices endpoint.
n PUT commands are not available for any endpoint.
n For any modification commands (POST and PATCH), some changes might be made to
the resource even if the endpoint returns a failure code. The URL returned in the links
section can be used to inspect the resource to determine what was modified. You can
also DELETE the incomplete object.

Proprietary and Confidential Information of Arbor Networks Inc. 21

SP API Guide, Version 8.4

Arbor Networks SP REST API Versioning and Deprecation

Introduction
The Arbor Networks SP REST API is updated on a regular basis, which results in version
changes and deprecation of existing API functionality.

Version numbering
The SP REST API uses two versioning indicators in the meta block of a response:
n sp_version is the SP software release version.

n api_version is the SP REST API version. This number is incremented when breaking
changes are made in a new SP release.

For example, in SP 8.4:

"meta": {
"sp_version": "8.4",
"api": "SP",
"api_version": "4",
"sp_build_id": "IBOK"
}

When you make a request to the REST API, you can specify which API version to use. For
example, to use the version 3 alerts endpoint:
https://sp.example.com/api/sp/v3/alerts/

If a request contains no version information, it defaults to the latest version.

REST API version lifetime

Arbor will support older SP REST API versions so their functions work at least partially, if
not completely, on the following schedule:
n Support for two years.

n End-of-life for one year after support ends.

For example, if the current SP REST API version is 4, and you are using API version 2 that is
less than 3 years old, then you can continue to make API calls using version 2.

Functionality in older versions

In most cases, the SP REST API keeps the full functionality of still-supported previous
versions. However, there could be a situation where an older endpoint provides only
partial functionality or is removed entirely.

Full API functionality

In most cases, when you call an SP REST API endpoint from an older API version, it
provides that endpoint's complete functionality for that version.

For example, if the current API version is 4, and you call the following version 3 endpoint:
https://sp.example.com/api/sp/v3/alerts/

It returns all attributes and their values for the version 3 alerts endpoint.

22 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1: Using the Arbor Networks SP REST API

Partial API functionality

If you call an SP REST API function from an older version and it only partially works or
works differently from the current API, SP returns a warning explaining the changes or, if
the explanation is too long, a link to online documentation.

SP never sends invalid data, but may send partial data. For example, the function
previously returned five data elements, but now only returns three.

If only part of the data has changed, you can specify a flag in the query indicating that you
understand the change and still want to use the existing endpoint. You might choose this
if you are using only the portions of the data that have not changed. In that situation, SP
returns a best effort version of the data.

This query flag changes based on the currently released API version. If a new release of the
API further breaks this function, an error is returned and requires a new flag to suppress
it.

Removed API functionality

Arbor sometimes will no longer support older SP REST API versions, such as when
support for a feature, or a subset of a feature, is entirely removed. Arbor will attempt to
deprecate the feature, but if that is not possible, SP will return an error for the function if
there is a chance that all or some of the returned data has been removed or its meaning
changed since the new version of the API was released.

If the older SP REST API function does not work at all, SP returns an error, stating that the
function is removed, and explains the rationale for the removal and migration path, or a
link to online documentation explaining the rationale and migration path.

If a function is deprecated and will be removed in the future, Arbor marks the function
deprecated in documentation and in function warnings.

Proprietary and Confidential Information of Arbor Networks Inc. 23

SP API Guide, Version 8.4

Feedback and Suggestions

Arbor welcomes feedback and suggestions about this version of the SP REST API. Please
comment on the whole API or any part.

Please pass along your comments to your Arbor contact.

24 Proprietary and Confidential Information of Arbor Networks Inc.

Part II:
Arbor Web Services API
SP API Guide, Version 8.4

26 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2:
Using the Arbor Web Services API

Introduction
This chapter includes an overview of the Arbor Web Services API and describes its
functions.

In this section
This section contains the following topics:

Introduction to the Arbor Web Services API 28

Alerts 29
Traffic 31
Mitigations 33
Managed Object 35
Routers 37
Devices 40
Arbor Networks SP CP 5500 Appliance 44
Arbor Networks TMS Appliance 48
Arbor Networks TMS Ports 51
Reports 52

SP API Guide, Version 8.4 27

SP API Guide, Version 8.4

Introduction to the Arbor Web Services API

Introduction
The Arbor Web Services API allows you to easily access the data on an SP leader appliance
or a non-leader appliance that has the user interface role by using your web browser or
cURL. Data is returned in either JSON or XML format.

Advantages of the Arbor Web Services API

Downloading the Arbor SDK

The arborws folder in the Arbor SDK contains useful examples and a README file that you
can use to help you get started with the Arbor Web Services API. You can download the
Arbor SDK in the SP web UI (Administration > Download Arbor API SDK).

References
For more information about how to use the Arbor Web Services API, see the following:

Additional references

Reference Description
https://addons.mozilla.org/en- A JSON plug-in that you can use to assist
US/firefox/addon/10869 you with debugging.

http://www.json.org/ The authoritative source for information

about JSON.

http://en.wikipedia.org/wiki/JSON A broad overview of JSON, including a

section about how it differs from XML.

http://jsonformatter.curiousconcept.com A formatter that makes JSON output more

readable.

http://curl.haxx.se/docs/httpscripting.html A tutorial about using cURL.

Before you begin

Before you can use the Web Services API, you must generate API keys that enable users to
access SP data using the API. You can configure API keys in the SP web UI
(Administration > Arbor API Web Services ).

See “Enabling Customers to View SP Data in the Web Services API” in the SP and TMS User
Guide for more information.

28 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Alerts
URL
/arborws/alerts

About this function

The alerts function allows you to search for and retrieve XML alert information. It accepts
the following parameters:

alerts parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the SP web UI.
See “Enabling Customers to View SP Data in the Web Services API” in the
SP and TMS User Guide for more information.

limit (Optional) The maximum number of alerts to return that match the filter.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on
the Alerts pages in the web UI.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

cURL example
The following is a cURL example of querying for the top three host alerts in SP:
curl -k https://mariner/arborws/alerts -d api_key=1234abc -d
filter=host -d limit=3

HTTPS example
The following is an HTTPS example of querying for all alerts in SP:
https://mariner/arborws/alerts?api_key=1234abc&format=xml

Example output
The following is an example of the output returned by the alerts function:
<?xml version="1.0" encoding="utf-8"?>
<alert-list>
<alert_count>100</alert_count>
<page_size>10</page_size>
<page>1</page>
<alert id="81966" type="9" class="2">
<device gid="133" name="shete"/>

Proprietary and Confidential Information of Arbor Networks Inc. 29

SP API Guide, Version 8.4

<importance level="1"/>
<resource>
<name>Some Community College</name>
<blob gid="596" lid="0"/>
</resource>
<ticket></ticket>
<classification>Possible Attack</classification>
<duration ongoing="f" start="1270574782" stop="1270575291”
length="509"/>
<fcap_filter_base64></fcap_filter_base64>
<protos>0</protos>
<rate_unit>bps</rate_unit>
<direction>Incoming</direction>
<class class="1" subclass="3"/>
<impact bps="1737735" pps="152"/>
<impact_bps>1737735 </impact_bps>
<impact_pps>152 </impact_pps>
<impact_recorded>1270574842 </impact_recorded>
</alert>

30 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Traffic
URL
/arborws/traffic

About this function

The traffic function allows you to search for and retrieve XML traffic data. It accepts the
following parameters:

traffic parameters

query An XML query in standard SP XML query format. This parameter is only
the XML query, not an entire XML report. Data is returned in the XML
result format, as specified in the SP and TMS User Guide .
For current XML report specifications, see “Using Customized Reports” in
the SP and TMS User Guide .

graph (Optional) When specified, this parameter indicates that you want SP to
return a binary PNG graph file of the queried traffic data. If you do not
specify a graph argument, then SP returns XML.

cURL example
The following are cURL examples of querying for traffic data, excluding and then including
the graph parameter:
curl -k https://mariner/arborws/traffic -d api_key=1234abc --data-
urlencode [email protected]

curl -k https://mariner/arborws/traffic -d api_key=1234abc --data-

urlencode [email protected] --data-urlencode [email protected]

Query example input

The following is an example of the query parameter input:
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="2.0">
<query type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<class type="in"/>
<class type="out"/>
<filter type="customer">

Proprietary and Confidential Information of Arbor Networks Inc. 31

SP API Guide, Version 8.4

Graph example input

The following is an example of the graph parameter input:
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<peakflow version=\"2.0\">
<graph id=\"graph1\">
<title>Google Daily Traffic</title>
<ylabel>bps</ylabel>
<width>800</width>
<height>300</height>
<legend>1</legend>
</graph>
</peakflow>

32 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Mitigations
URL
/arborws/mitigations/status

About this function

The mitigations function allows you to search for and retrieve XML mitigation information.
It accepts the following parameters:

mitigations parameters

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on
the Mitigations pages in the web UI.

limit (Optional) The maximum number of mitigations to return that match

the filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

cURL example
The following is a cURL example of querying for the top three mitigations in SP:
curl -k https://mariner/arborws/mitigations/status -d api_key=1234abc -d
limit=3

HTTPS example
The following is an HTTPS example of querying for mitigation data in SP:
https://mariner/arborws/mitigations/status?api_key=1234abc&filter=auto-
mitigation

Example output
The following is an example of the output returned by the mitigations function:
<?xml version="1.0" encoding="utf-8"?>
<mitigation-list>
<mitigation type="2" type_name="tms_mitigation" config_id="28"
prefix=""
blob_gid="134" alert_id="96516" user="auto-mitigation" is_
automitigation="t">

Proprietary and Confidential Information of Arbor Networks Inc. 33

SP API Guide, Version 8.4

<name>Alert 96516 Auto-Mitigation</name>

<description>Auto-Mitigation</description>
<annotation-list>
<annotation>
<added>1272896275</added>
<author>auto-annotation</author>
<section-list>
<section>Bandwidth attack #96516 Incoming to State of
Michigan</section>
</section-list>
</annotation>
<annotation>
<added>1272893400</added>
<author>auto-annotation</author>
<section-list>
<section>Bandwidth attack #96516 Incoming to Michigan is now
"High"</section>
</section-list>
</annotation>
</annotation-list>
<duration ongoing="f" start="1272893400" stop="1272896275"
length="2875"/>
</mitigation>
</mitigation-list>

34 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Managed Object
URL
/arborws/admin/managed_object

About this function

The managed object function allows you to view managed object configuration data in
JSON format. It accepts the following parameters:

managed_object parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this
API data. You must configure the API key in the SP web UI. When you
configure the API key, you must associate it with an account group.
See “Enabling Customers to View SP Data in the Web Services API” in the
SP and TMS User Guide for more information.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on
the Managed Objects page in the web UI.

limit (Optional) The maximum number of managed objects per page to

display. The default is 100.

page (Optional) The page number to display, used with the limit parameter.
For example. if you have limit=50, then page=1 will retrieve results 1
through 50, page=2 will retrieve results 51 through 100, and so on.

sort (Optional) Sorts the results in the specified order. The value is the form
of field:direction. The field portion of the value is one of the
sortable fields of the function:
n name
n tags
n match
n host_detection_shared_set_type
n host_detection_shared_set_name

The direction portion of the value can be either ascending or

descending.
The default is name:ascending.

cURL example
The following is a cURL example of querying for managed objects in SP that contain the
word “dorms” in their configurations:
curl -ks https://mariner/arborws/admin/managed_object -d api_
key=1234abc -d filter=”dorms” -d sort=name:ascending

Proprietary and Confidential Information of Arbor Networks Inc. 35

SP API Guide, Version 8.4

HTTPS example
The following is an HTTPS example of querying for the data of no more than 225 managed
objects in SP:
https://mariner/arborws/admin/managed_object?api_
key=1234abc&limit=225&sort=name:ascending

Example output
The following is an example of the output returned by the managed object function:
{
"current_page":"1",
"total_pages":"3",
"data":[
{
"gid":"680",
"id":"680",
"name":"MyCustomer",
"description":"My+Description",
"tags":"profile,application,fingerprint",
"family":"profile",
"match_type":"cidr_block",
"match":"192.168.0.0/16"
},
{
"gid":"711",
"name":"An Important College",
"description":"Do not change the detection threshold for this.",
"tags":"customer",
"family":"customer",
"match_type":"cidr_blocks",
"match":"198.108.80.0\/21"
}
],
"continued_blob_current":[

],
"continued_blob_next":[

]
}

36 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Routers
URL
/arborws/admin/routers

About this function

The routers function allows you to view router configuration information in JSON format. It
accepts the following parameters:

routers parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this
API data. You must configure the API key in the SP web UI.
See “Enabling Customers to View SP Data in the Web Services API” in the
SP and TMS User Guide for more information.

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see
“About the show_schema action” on the next page.
n update
Use the show_schema action to view which JSON parameters you
must use to update a router. You must specify the router GID when
you update a router.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on
the Configure Routers page in the web UI.

limit (Optional) The maximum number of routers per page to display. The
default is 100.

sort (Optional) Sorts the results in the specified order. The value is the form
of field:direction. The field portion of the value is one of the
sortable fields of the function:
n name
n collector
n snmp_ip
n bgp_ip
n flow_export_ip
n flow_sample_rate

The direction portion of the value can be either ascending or

descending.
The default is name:ascending.

Proprietary and Confidential Information of Arbor Networks Inc. 37

SP API Guide, Version 8.4

About the show_schema action

The show_schema action returns the JSON formatted router configuration options that
you can use to update a router configuration.

The following is an HTTPS example of using the show_schema action:

https://mariner/arborws/admin/routers?api_key=1234abc&action=show_
schema&sort=name:ascending

Update example input

The follow is an example of JSON-formatted input for updating a router:
{"gid":"1333",
"flow_sample_rate":"1000",
"flow_export_ip":"192.168.27.5",
"bgp_ip":"192.168.15.2",
"bgp_as":"1234",
"local_as":"5678
}

cURL example
The following is a cURL example of updating a router in SP:
curl -k -v https://mariner/arborws/admin/routers -d api_key=1234abc -d
action=update --data-urlencode json@router_update.json -d
sort=name:ascending

In this example, including “-v” returns an HTTP code. An HTTP code of 200 indicates that
the update was successful. An HTTP code of 400 indicates that there was an error parsing
the JSON.

HTTPS example
The following is an HTTPS example of querying for router data in SP:
https://mariner/arborws/admin/routers?api_
key=1234abc&action=list&sort=name:ascending

Example output
The following is an example of the output returned by the routers list action:
{"gid":"999",
"name":"xyz123",
"bgp_ip":"",
"bgp_local_ip":"",
"bgp_as":"",
"snmp_ip":"198.108.90.21",
"snmp_community":"public",
"snmp_version":"2",
"snmp_security_level":"noAuthNoPriv",
"snmp_authprotocol":"md5",
"snmp_authusername":"",

38 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

"snmp_authpassword":"",
"snmp_privkey":"",
"snmp_contextname":"",
"snmp_nov1hccounters":"",
"snmp_nogetbulk":"",
"flow_ignored":"off",
"flow_ignored_ipv6":"off",
"flow_export_ip":"198.108.90.21",
"flow_sample_rate":"1000",
"flow_use_embedded_sampling_rate":"",
"flow_tcp_flags_missing":"",
"local_as":"",
"default_bgp_router":"
...
}

Proprietary and Confidential Information of Arbor Networks Inc. 39

SP API Guide, Version 8.4

Devices
URL
/arborws/admin/devices

About this function

The devices function allows you to view and update device configurations in JSON format.

This function accepts the following parameters:

devices parameters

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see
“About the show_schema action” on page 38.
n update
Use the show_schema action to view which JSON parameters you
must use to update a device. Updates are performed on the device
specified in the gid field.

filter (Optional) Keywords by which you want to filter search results. You can
search devices by the following:
n name
n description
n tags

limit (Optional) The maximum number of devices per page to display. The
default is 100.

sort (Optional) Sorts the results in the specified order. The value is the form
of field:direction. The field portion of the value is one of the
sortable fields of the function:
n name
n ip

The direction portion of the value can be either ascending or

descending.
The default is name:ascending.

40 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

About the show_schema action

The show_schema action returns the JSON formatted device configuration options that
you can use to update the device’s configuration.

The following is an HTTPS example of using the show_schema action:

https://mariner/arborws/admin/devices?api_key=1234abc&action=show_
schema&sort=name:ascending

cURL example
The following is a cURL example of updating a device in SP:
curl -k -v https://mariner/arborws/admin/devices -d api_key=1234abc -d
action=update --data-urlencode json@devices_update.json -d
sort=name:ascending

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

HTTPS example
The following is an HTTPS example of querying for device data in SP:
https://mariner/arborws/admin/devices?api_
key=1234abc&action=list&sort=name:ascending

Example output
The following is an example of the output returned by the devices function:
[
{
"gid": "115",
"ip": "10.8.2.94",
"name": "spdocvm",
"interfaces": "eth0",
"descr": "",
"tags": "",
"type": "cp",
"model_number": "5500",
"full_model": "",
"license_key": "",
"expiration": "",
"license_mode": "flexible",
"full_model_display": "",
"manager": "",
"flow_ignored": "on",
"forensics": "on",
"arf_enabled": "on",
"scrubber_interface": "",
"scrubber_gids": "",
"portal_hostname": "",
"snmp_community": "",
"snmp_v12_support": "",
"snmp_v3_support": "",
"snmp_security_level": "",

Proprietary and Confidential Information of Arbor Networks Inc. 41

SP API Guide, Version 8.4

"snmp_authprotocol": "",
"snmp_authusername": "",
"snmp_authpassword": "",
"snmp_privkey": "",
"snmp_contact": "",
"snmp_location": "",
"gre_source": "",
"gre_interval": "",
"gre_retries": "",
"gre_keepalives": "",
"gre_source_v6": "",
"gre_interval_v6": "",
"gre_retries_v6": "",
"gre_keepalives_v6": "",
"peer_from": "mitigation",
"offramp_nexthop": "",
"offramp_nexthop_v6": "",
"stacking": "",
"stacking_level": "",
"nblades": "",
"blacklist_offloading": "",
"blacklist_offloading_src_dst": "",
"physical_ports": "",
"logical_ports": "",
"subinterfaces": "",
"dns_sensitivity": "",
"dns_ignore": "",
"flow_export_port": "",
"flow_export_sample_rate": "",
"flow_export_bgp_default": "",
"dpi_deployment_type": "",
"dpi_capabilities": "",
"dpi_reach_src_via_tx_intf": "",
"dpi_l3_forwarding": "",
"dpi_hardware_bypass": "",
"dpi_flow_id_ignore_rx_tags": "",
"dpi_flow_id_ignore_rx_port": "",
"dpi_fail_open": "",
"dpi_routers": "",
"incoming_bw_limit": "0",
"max_mitigations": "",
"offramp_method": "",
"flowspec_route_target": "",
"tms_cluster": "",
"in_tms_cluster": "0",
"rear_10g_only": "",
"fate_sharing_interface": "",
"fate_sharing_nexthop": "",
"fate_sharing_bgppeer": "",
"fate_sharing_gretunnel": "",
"interface_properties": "00",

42 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

"routers":
"ar1.chi|ar1.lax|ar1.nyc|br1.chi|br1.lax|br1.nyc|cr1.chi|cr1.lax|cr1.ny
c|mpls1.chi|vr1.lax|vr1.nyc"
}
]

Proprietary and Confidential Information of Arbor Networks Inc. 43

SP API Guide, Version 8.4

Arbor Networks SP CP 5500 Appliance

URL
/arborws/admin/cp5500

About this function

The cp5500 function allows you to view CP 5500 appliance configurations in JSON format.

Note
This function is only available with appliance-based licensing for Traffic and Analysis
Routing appliances (formerly Collector Platform (CP) appliances).

This function accepts the following parameters:

cp5500 parameters

action One of the following actions that you want to initiate:

filter (Optional) Keywords by which you want to filter search results. You can
search appliances by the following:
n name
n description
n tags

limit (Optional) The maximum number of appliances per page to display. The
default is 100.

44 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

cp5500 parameters (Continued)

Name Description
page (Optional) The page number to display, used with the limit parameter.
For example. if you have limit=50, then page=1 will retrieve results 1
through 50, page=2 will retrieve results 51 through 100, and so on.

sort (Optional) Sorts the results in the specified order. The value is the form
of field:direction. The field portion of the value is one of the
sortable fields of the function:
n name
n ip

The direction portion of the value can be either ascending or

descending.
The default is name:ascending.

About the show_schema action

The show_schema action returns the JSON formatted appliance configuration options that
you can use to update the appliance’s configuration.

The following is an HTTPS example of using the show_schema action:

https://mariner/arborws/admin/cp5500?api_key=1234abc&action=show_
schema&sort=name:ascending

cURL example
The following is a cURL example of updating a CP 5500 appliance in SP:
curl -k -v https://mariner/arborws/admin/cp5500 -d api_key=1234abc -d
action=update --data-urlencode json@cp5500_update.json -d
sort=name:ascending

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

HTTPS example
The following is an HTTPS example of querying for CP 5500 appliance data in SP:
https://mariner/arborws/admin/cp5500?api_
key=1234abc&action=list&sort=name:ascending

Example output
The following is an example of the output returned by the CP 5500 show_schema
function:
gid is_u_int16
name is_collector_name
ip is_ip_addr
interfaces is_local_interface
descr is_notnull
tags is_valid_tag_name_list
type is_device_type
model_number is_valid_model_number

Proprietary and Confidential Information of Arbor Networks Inc. 45

SP API Guide, Version 8.4

full_model is_notnull
license_key is_notnull
expiration is_notnull
full_model_display is_notnull
manager is_collector_gid
flow_ignored is_on_off
forensics is_on_off
arf_enabled is_on_off
scrubber_interface is_notnull
scrubber_gids is_notnull
portal_hostname is_notnull
snmp_community is_notnull
snmp_v12_supportis_enabled_or_disabled
snmp_v3_support is_enabled_or_disabled
snmp_security_level is_snmp_security_level
snmp_authprotocol is_snmp_authpassword
snmp_authusername is_snmp_username
snmp_authpassword is_snmp_authpassword
snmp_privkey is_snmp_authpassword
snmp_contact is_notnull
snmp_location is_notnull
gre_source is_ip_addr
gre_interval is_u_int
gre_retries is_u_int
gre_keepalives is_enabled_or_disabled
peer_from is_notnull
offramp_nexthop is_ip_addr
stackingis_enabled_or_disabled
stacking_level is_valid_stacking_level
nblades is_valid_nblades
physical_ports is_list_of_physical_port_gids
logical_ports is_valid_logical_port_name
subinterfaces is_list_of_subinterface_gids
dns_sensitivity is_dns_sensitivity_threshold
dns_ignore is_dns_ignore_threshold
flow_export_portis_port
flow_export_sample_rate is_sample_rate
flow_export_bgp_default is_bgp_router
dpi_deployment_type is_tms_deployment_type
dpi_capabilitiesis_tms_capabilities
dpi_l3_forwarding is_enabled_or_disabled
dpi_hardware_bypass is_enabled_or_disabled
dpi_flow_id_ignore_rx_tags is_enabled_or_disabled
dpi_flow_id_ignore_rx_port is_enabled_or_disabled
dpi_fail_open is_enabled_or_disabled
dpi_routers is_assoc_mitigation_router
incoming_bw_limit is_notnull
max_mitigations is_notnull
rear_10g_only is_enabled_or_disabled
fate_sharing_interface is_enabled_or_disabled
fate_sharing_nexthop is_enabled_or_disabled

46 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

fate_sharing_bgppeer is_enabled_or_disabled
fate_sharing_gretunnel is_enabled_or_disabled
routers is_assoc_collector_router
max_fps is_pos_int

Proprietary and Confidential Information of Arbor Networks Inc. 47

SP API Guide, Version 8.4

Arbor Networks TMS Appliance

URL
/arborws/admin/tms

About this function

The tms function allows you to view and update TMS appliance configurations in JSON
format. It accepts the following parameters:

tms parameters

action One of the following actions that you want to initiate:

filter (Optional) Keywords by which you want to filter search results. You can
search appliances by the following:
n name
n description
n tags

limit (Optional) The maximum number of TMS appliances per page to

display. The default is 100.

sort (Optional) Sorts the results in the specified order. The value is the form
of field:direction. The field portion of the value is one of the
sortable fields of the function:
n name
n ip

The direction portion of the value can be either ascending or

descending.
The default is name:ascending.

48 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

About the show_schema action

The show_schema action returns the JSON formatted appliance configuration options that
you can use to update an appliance’s configuration.

The following is an HTTPS example of using the show_schema action:

https://mariner/arborws/admin/tms?api_key=1234abc&action=show_schema

cURL example
The following is a cURL example of updating a TMS appliance in SP:
curl -k -v https://mariner/arborws/admin/tms -d api_key=1234abc -d
action=update --data-urlencode json@tms_update.json -d
sort=name:ascending

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

HTTPS example
The following is an HTTPS example of querying for TMS appliance data in SP:
https://mariner/arborws/admin/tms?api_
key=1234abc&action=list&filter=tms_Chicago&sort=name:ascending

Example output
The following is an example of the output returned by the tms function:
[
{
"gid": "1166",
"ip": "10.8.10.49",
"name": "tms_Chicago",
"interfaces": "eth0",
"descr": "Arbor Peakflow collector 8 ",
"tags": "",
"type": "cp",
"model_number": "5500",
"full_model": "CP-5500-10",
"license_key": "*****-*****-*****-*****-*****-*****-*****-*****-
*****",
"expiration": "",
"full_model_display": "CP-5500-10",
"manager": "",
"flow_ignored": "off",
"forensics": "on",
"arf_enabled": "on",
"scrubber_interface": "",
"scrubber_gids": "",
"portal_hostname": "",
"snmp_community": "",
"snmp_v12_support": "",
"snmp_v3_support": "",
"snmp_security_level": "",
"snmp_authprotocol": "",

Proprietary and Confidential Information of Arbor Networks Inc. 49

SP API Guide, Version 8.4

"snmp_authusername": "",
"snmp_authpassword": "",
"snmp_privkey": "",
"snmp_contact": "",
"snmp_location": "",
"gre_source": "",
"gre_interval": "",
"gre_retries": "",
"gre_keepalives": "",
"peer_from": "mitigation",
"offramp_nexthop": "",
"stacking": "",
"stacking_level": "",
"nblades": "",
"physical_ports": "",
"logical_ports": "",
"subinterfaces": "",
"dns_sensitivity": "",
"dns_ignore": "",
"flow_export_port": "",
"flow_export_sample_rate": "",
"flow_export_bgp_default": "",
"dpi_deployment_type": "",
"dpi_capabilities": "",
"dpi_hardware_bypass": "",
"dpi_flow_id_ignore_rx_tags": "",
"dpi_flow_id_ignore_rx_port": "",
"dpi_fail_open": "",
"dpi_routers": "",
"incoming_bw_limit": "0",
"max_mitigations": "",
"ospf_area": "",
"ospf_interfaces": "",
"ospf_md5": "",
"ospf_hello_interval": "",
"ospf_router_dead_time": "",
"ospf_retransmit_interval": "",
"ospf_transmit_delay": "",
"rear_10g_only": "",
"fate_sharing_interface": "",
"fate_sharing_nexthop": "",
"fate_sharing_bgppeer": "",
"fate_sharing_gretunnel": "",
"routers": "aa1-aa2-aa3-aa4-aa5-aa6-aa7"
}
]

50 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

Arbor Networks TMS Ports

URL
/arborws/admin/tms_ports

About this function

The tms_ports function allows you to view TMS appliance port data in JSON format. It
accepts the following parameters:

tms_ports parameter

cURL example
The following is a cURL example of querying for TMS appliance port data in SP:
curl -ks https://mariner/arborws/admin/tms_ports -d api_key=1234abc

HTTPS example
The following is an HTTPS example of querying for TMS appliance port data in SP:
https://mariner/arborws/admin/tms_ports?api_key=1234abc

Example output
The following is an example of the output returned by the tms_ports function:
[
{gid: "33"
name: "tmsx0.0.1"
device: "2360"
type: "subinterface"
action_dns: "1"
action_http: "1"
action_mitigate: ""
address: "10.0.0.1"
description: "Test"
nexthop: "5.6.7.8"
output: "543"
parent: "2369"
snmp_id: "1008"
vlan: "1"}
]

Proprietary and Confidential Information of Arbor Networks Inc. 51

SP API Guide, Version 8.4

Reports
URL
/arborws/reports/function

About these functions

The following are the functions for wizard reports in the Arbor Web Services API:

Wizard report functions

Function Description
/arborws/reports/configured Allows you to view a list of the configured wizard reports
in SP.
For more information about this function and its
accepted parameters, see
“/arborws/reports/configured” below.

/arborws/reports/queue Allows you to queue a wizard report to run.

For more information about this function and its
accepted parameters, see “/arborws/reports/queue” on
the facing page.

/arborws/reports/results Allows you to view a list of the wizard report results that
can be downloaded from SP.
For more information about this function and its
accepted parameters, see “/arborws/reports/results” on
the facing page.

/arborws/reports/download Allows you to download a completed wizard report.

For more information about this function and its
accepted parameters, see
“/arborws/reports/download” on page 54.

/arborws/reports/configured
The /arborws/reports/configured function accepts the following parameters:

configured parameters

filter (Optional) Keywords by which you want to filter search results.

52 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2: Using the Arbor Web Services API

configured parameters (Continued)

Name Description
limit (Optional) The maximum number of wizard reports to return that match
the filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

/arborws/reports/queue
The /arborws/reports/queue function accepts the following parameters:

queue parameters

name The name of the configured wizard report that you want to run.
The returned value is one of the following:
n an HTTP status code 204, which indicates success
n an error message

/arborws/reports/results
The /arborws/reports/results function accepts the following parameters:

results parameters

filter (Optional) Keywords by which you want to filter search results.

Proprietary and Confidential Information of Arbor Networks Inc. 53

SP API Guide, Version 8.4

results parameters (Continued)

Name Description
limit (Optional) The maximum number of wizard reports to return that match
the filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

/arborws/reports/download
The /arborws/reports/download function accepts the following parameters:

download parameters

name The name of the configured wizard report that you want to download.

request_time The time of the wizard report result that you want to download, which
can be one of the following:
n last
The “last” parameter downloads the most recent wizard report result.
n time
The “time” parameter is the time at which a wizard report ran, in
seconds and microseconds since the epoch.

format The format in which you want a wizard report returned, which can be
one of the following:
n PDF
n XML
n CSV

cURL example
The following is a cURL example of querying for a list of configured wizard reports in SP:
curl -ks https://mariner/arborws/reports/configured -d api_key=1234abc

HTTPS example
The following is an HTTPS example of downloading a PDF wizard report in SP:
https://mariner/arborws/reports/download?api_key=1234abc&name=Camp
peers and apps&request_time=last&format=PDF

54 Proprietary and Confidential Information of Arbor Networks Inc.

Part III:
Current SOAP API
SP API Guide, Version 8.4

56 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 3:
Introduction to the Current SOAP API

Introduction
This chapter includes an introduction to the current SOAP API and how to use it with the
PHP package.

In this section
This section contains the following topics:

Using the Current SOAP API in SP 58

SP API Guide, Version 8.4 57

SP API Guide, Version 8.4

Using the Current SOAP API in SP

Introduction
The current SOAP API in SP is implemented by the SP leader appliance or a non-leader
appliance that has the user interface role. You can access the SOAP API using HTTPS.

Note
The SOAP interface requires Digest Authentication using either the user name “arbor”
and your zone secret as the password or the user name and password of a user whose
account has been assigned the sp_soap capability token.

About the WSDL file

The WSDL file for the current SOAP package is named PeakflowSP.wsdl.

SOAP endpoint address

The SP Web Services Definition Language (WSDL) document contains the endpoint
address for the web service. You can edit the endpoint address to reference your SP
leader or an appliance that has the user interface role in order to use the WSDL file to
create a SOAP client. Depending upon the configuration of the SP appliance, this may or
may not be a fully qualified domain name (FQDN).

The following WSDL snippet shows a typical SOAP endpoint binding:

Note
The address of the SP appliance in this example is peakflowsp.

<service name="PeakflowSPService">
<port name="PeakflowSPPort" binding="tns:PeakflowSPBinding">
<soap:address location="https://peakflowsp/soap/sp"/>
</port>
</service>

PHP client requirements

To run the PHP SOAP client, you must have a version of PHP installed on your system that
has SOAP support enabled.

To confirm SOAP support in your PHP build:

1. Go to a terminal prompt on the computer where you installed PHP.
2. Run the php -i command.
3. Verify that you see soap or enable-soap in the output.

58 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 3: Introduction to the Current SOAP API

Note
If you do not have SOAP support enabled in your PHP build, you can download a current
PHP source package from http://www.php.net/downloads.php. Follow the building and
installation instructions included with the source package. To enable SOAP support,
include the “--enable-soap” option when running the build’s “configure” script.

Resolving address resolution problems

You may experience address resolution problems with your SOAP client code that may be
related to a lack of a FQDN associated with the endpoint address. You can resolve this
issue with one of the following methods:

Methods to resolve resolution problems

Method Procedure
Method 1 Manually edit the endpoint/soap binding section of the SP WSDL to
include a FQDN. Replace the string @@HOSTNAME@@ with the FQDN of
the SP appliance you plan to send your SOAP queries to.

Method 2 Programmatically change the endpoint URL within the code. Most
clientside SOAP libraries provide a facility by which you can change
the endpoint URL programatically to redirect the transactions with
the web service.

Working around the SOAP XML client validation error

Beginning with PHP 5.6.0, PHP requires encrypted SOAP XML streams (for example,
HTTPS) to use valid SSL certificates and matching host names. If your script does not
comply, the SOAP XML client displays the following error:
PHP Fatal error: SOAP Fault: (faultcode: (HTTP), faultstring:
(Could not connect to host)) in /<path-to-PHP-script> on line X

To work around this error, add the following variable to the SoapClient instantiation
within your PHP script:
"stream_context" => stream_context_create(array('ssl'=> array
('verify_peer'=>false,'verify_peer_name'=>false,'allow_self_
signed'=>true)))

For example:
$client = new
SoapClient($wsdl, array(
"location" => "https://$server/soap/sp",
"login" => $username,
"password" => $password,
"trace" => 1,
"exceptions" => 0,
"authentication" => SOAP_AUTHENTICATION_DIGEST,
"stream_context" => stream_context_create(array('ssl'=> array
('verify_peer'=>false,'verify_peer_name'=>false,'allow_self_
signed'=>true)))
)
);

Proprietary and Confidential Information of Arbor Networks Inc. 59

SP API Guide, Version 8.4

Ensuring optimal performance

To ensure optimal performance when you use the SOAP API with SP, Arbor recommends
the following:
n For the getTrafficGraph() and runXmlQuery() functions, run the same query at five-
minute or greater intervals.
n For all other SOAP functions, run the same query at one minute or greater intervals.
n Make 15 or fewer active SOAP connections to SP at one time.
n Make 100 or fewer SOAP queries per minute.

Using the example XML reports and queries included in the SOAP package
The binby_router.xml file contains an example XML query for use with runXmlQuery().

The XML query format is described in “XML Specifications” of the SP and TMS User Guide
and in the XML schema files included in the SOAP package.

Note
As an alternative, you can create your own client interface in Perl, Java, or another
language. Select an appropriate SOAP package for that language and use the
PeakflowSP.wsdl file to generate your own client-side interface.

Changing the default SOAP digest authentication timeout interval

It is possible to change the default SOAP digest authentication timeout interval.

Note
You should only make this change in the very rare situation where performing the SOAP
digest authentication at the default interval is problematic. When you upgrade your SP
system, this change is lost and must be reapplied.

To change the default timeout interval:

1. Log in to the appliance’s CLI.
2. To access the diagnostic shell, enter / shell
3. In the file /base/usr/local/share/peakflow/www/conf/httpd.conf, in the
section that begins with <Directory
“/user/local/share/peakflow/www/soap”>, add the line
AuthDigestNonceLifetime X.
Where X is an appropriate number of seconds. The default is 300.
4. Enter / services sp stop.
5. Enter / services sp start.

60 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4:
Alert Functions in the Current SOAP API

Introduction
This chapter includes information about the supported SP current SOAP API alert
functions.

You can download the PeakflowSP.wsdl file for a complete specification of the data
types used for each current SOAP API alert function’s parameters and return values. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor
API SDK).

In this section
This section contains the following topics:

getDosAlertSummaries 62
getDosAlertSummariesXML 67
getDosAlertDetailsXML 68
Understanding XML for Alerts 69
getDosAlertGraph 79
getDosAlertDetails 80

SP API Guide, Version 8.4 61

SP API Guide, Version 8.4

getDosAlertSummaries
Prototype
getDosAlertSummaries(filter, count)

Accepted parameters
getDosAlertSummaries accepts the following parameters:

getDosAlertSummaries parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings that
you can enter in the Search box on the Alerts
pages in the web UI.

count unsigned The number of alerts to return that match the

integer filter. The default setting is 10.

Return value
getDosAlertSummaries returns the following value:

getDosAlertSummaries return value

Name Type Description

results DosAlertSummaryArray An array of DosAlertSummary records.
These include the same alert information
that is available on the All Alerts page.
See “DosAlertSummary” below.

DosAlertSummary
DosAlertSummary contains the following summary data about DoS alerts:

DosAlertSummary elements

Name Type Description

id unsigned An alert’s ID.
integer

type string The type of an alert.

is_fast_detected boolean One of the following:

n “True” for a DoS Fast Flood Host alert.
n “False” for all other DoS alerts including a DoS
Host Alert that was not triggered by fast flood
detection.

62 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertSummary elements (Continued)

Name Type Description

importance string A string that indicates the importance of an alert,
which can be one of the following:
n low
n medium
n high

classification string An alert’s classification.

device_gid unsigned The ID number of the SP appliance.

integer

device_name string The name of the SP appliance.

direction string A string that indicates the direction of an alert’s

traffic, which can be one of the following:
n Incoming
n Outgoing
n N/A

unit string A string that indicates how an alert’s traffic is

measured, which can be one of the following:
n bps
n pps

threshold float The high severity threshold of the misuse type that
the alert traffic has exceeded by the highest
percentage.

severity_percent float The highest single-minute ratio of the alert traffic to

the high severity rate over the lifetime of the alert.

ticket string (Optional) The ticket number that corresponds to

an alert, if ticketing is configured.

ongoing boolean One of the following:

n “True” for an ongoing alert
n “False” for any other alert

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which an alert

ended, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

duration float The number of seconds that an alert has lasted.

resource AlertResource An array of AlertResource records.

See “AlertResource” on page 65.

Proprietary and Confidential Information of Arbor Networks Inc. 63

SP API Guide, Version 8.4

DosAlertSummary elements (Continued)

Name Type Description

signature base64Binary (Optional) A base64-encoded signature of alert
traffic.

protocols string (Optional) One or more protocol numbers of the

protocols in the alert traffic.

misuseTypes string (Optional) One or more misuse signatures

observed in a DoS Host alert’s traffic.

annotations Annotation (Optional) An array of one or more Annotation

records.
See “Annotation” on page 66.

max_impact_bps float (Optional) The maximum impact values (in bps)

observed over the life on an alert.

max_impact_pps float (Optional) The maximum impact values (in pps)

observed over the life of an alert.

max_impact_ float The boundary where the maximum impact values

boundary were observed over the life of an alert.

impact_bps_ float (Optional) The raw data points for the impact
points values (in bps) that are used to generate an alert’s
minigraph in the web UI.

impact_pps_ float (Optional) The raw data points for the impact
points values (in pps) that are used to generate an alert’s
minigraph in the web UI.

impact_recorded float (Optional) One or more timestamps that

correspond to when each of the raw data points
for impact value were recorded for an alert.

dos_version unsigned (Optional) The dos version for a DoS Profiled

integer Router alert. A DoS Profiled Router alert has a dos
version of 3 if the alert is triggered by an SP 8.4
appliance. A DoS Profiled Router alert has a dos
version of 1 if the alert is triggered by an SP 5.8 or
6.0 appliance. The alert can be triggered by a 5.8 or
6.0 appliance in a multi-version deployment or
before you upgrade to SP 8.4.

64 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

AlertResource
AlertResource describes the resource affected by an alert and contains the following
elements:

AlertResource elements

Name Type Description

name string (Optional) The name of the resource
involved in alert traffic.

cidr string (Optional) If applicable, of the following:

n the destination IP address (/32) of the
traffic in a misuse or host alert
n the CIDR against which an alert was
detected, if it is detected for a CIDR
group-based managed object

ipVersion unsigned integer Indicates whether the alert was IPv4 or

IPv6 traffic.

managedObjects AlertManagedObject An array of AlertManagedObject records.

See “AlertManagedObject” below.

AlertManagedObject
AlertManagedObject describes the managed object affected by an alert and contains the
following elements:

AlertManagedObject elements

Name Type Description

name string The name of a managed object.

id unsigned The managed object ID.

integer

cidrGroup string (Optional) The CIDR against which an alert was

detected, if it is detected for a CIDR group-based
managed object.

importance string (Optional) A string that indicates the importance

of an alert, which can be one of the following:
n low
n medium
n high

Proprietary and Confidential Information of Arbor Networks Inc. 65

SP API Guide, Version 8.4

Annotation
Annotation describes an alert annotation and contains the following elements:

Annotation elements

Name Type Description

added dateTime The date and time when an annotation was added
to an alert, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

author string The user who added an annotation to an alert.

content string The comments that a user wrote in an annotation.

66 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

getDosAlertSummariesXML
Prototype
getDosAlertSummaries(filter, count)

Accepted parameters
getDosAlertSummariesXML accepts the following parameters:

getDosAlertSummariesXML parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings that
you can enter in the Search box on the Alerts
pages in the web UI.

count unsigned The number of alerts to return that match the

integer filter. The default setting is 10.

Return value
getDosAlertSummariesXML returns the following value:

getDosAlertSummariesXML return value

Name Type Description

results string An XML representation of the same data that is
returned by the DosAlertSummary function.
See “DosAlertSummary” on page 62.

Proprietary and Confidential Information of Arbor Networks Inc. 67

SP API Guide, Version 8.4

getDosAlertDetailsXML
Prototype
getDosAlertDetailsXML(alertID)

Accepted parameter
getDosAlertDetailsXML accepts the following parameter:

getDosAlertDetailsXML parameter

Name Type Description

alertID unsigned integer The alert ID for the alert whose data you want
to view.

Return value
getDosAlertDetailsXML returns the following value:

getDosAlertDetailsXML return value

Name Type Description

results string An XML representation of detailed data about
the specified alert. The returned data is the
same as the data that can be viewed on the
DoS Alert page in the web UI. See
“Understanding XML for Alerts” on the
facing page.

68 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

Understanding XML for Alerts

Introduction
You can parse the elements that appear in the alert XML for your own purposes. Review
the example and then refer to the other sections for explanations.

Alert example
The following example is for a DoS host alert:
<peakflow version="1.0" release="8.4">
<query id="query1" type="mft">
<time start_ascii="2/10/2016 14:29 +0000" end_ascii="2/10/2016
14:55 +0000"/>
<unit type="bps"/>
<search limit="100"/>
<id>32326</id>
<category>top_talker</category>
<boundary>mo</boundary>
<dataset name="dest_addr_bytes"/>
<dataset name="dest_tcp_ports_bytes"/>
<dataset name="dest_udp_ports_bytes"/>
<dataset name="protos_bytes"/>
<dataset name="src_addr_bytes"/>
<dataset name="src_tcp_ports_bytes"/>
<dataset name="src_udp_ports_bytes"/>
</query>

<query-reply>
<time start="1455114579" end="1455116139" start_ascii="02/10/2016
14:29:39 +0000" end_ascii="02/10/2016 14:55:39 +0000"/>
<sample_info duration="60" count="27" earliest_bin="1455114579"
latest_bin="1455116139" agg_bin_offset="0" agg_bins="27" earliest_
bin_ascii="02/10/2016 14:29:39 +0000" latest_bin_ascii="02/10/2016
14:55:39 +0000" earliest_bin_seen="1455114615" earliest_bin_seen_
offset="0" earliest_bin_seen_ascii="02/10/2016 14:30:15 +0000"
latest_bin_seen="1455116115" latest_bin_seen_offset="25" latest_bin_
seen_ascii="02/10/2016 14:55:15 +0000"/>
<instance id="2">
<dataset name="protos_bytes">
<item id="17" name="udp">
<key id="17" name="udp"/>
<class type="value">
<current value="222666"/>
<avg value="3089294"/>
<max value="4350666"/>

Proprietary and Confidential Information of Arbor Networks Inc. 69

SP API Guide, Version 8.4

About the <query> XML elements

The following table describes the various elements that appear in the <query>
component of XML alerts:

XML <query> elements

Element Attributes Description

<query> id id is the query ID
type

<time> start_ascii The timeframe of the query for alerts.

stop_ascii The start_ascii and stop_ascii
attributes are human-readable dates.

70 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

XML <query> elements (Continued)

Element Attributes Description

<unit> type The unit of the rate of traffic to query
for. The type attribute specifies
whether the alerts are based on bits
per second (bps) or packets per second
(pps). A query can contain only one unit
type.

<search> limit The number of results to return. The

limit attribute specifies the number.

<id> None The ID number of the alert.

<category> None The category for the query. It can be

top_talker, top_contributors, or
router_stats.

<boundary> None The location of the boundary to use in

the query. It can be mo, net, or none for
router.

<dataset> name The dataset you want returned. The

name attribute specifies which one.
You can query for multiple <dataset>
elements within the same <query>.
The datasets available are determined
by the category. See “Datasets” on
page 74.

Proprietary and Confidential Information of Arbor Networks Inc. 71

SP API Guide, Version 8.4

About the <query-reply> XML elements

The following table describes the various elements that appear in the <query-reply>
component in XML alerts:

XML <query-reply> elements

Element Attributes Description

<time> start The time period of the alert.
end The start and end attributes are in
start_ascii UNIX epoch time.
end_ascii The start_ascii and end_ascii
attributes are human-readable dates.

<sample_info> duration The sample information for the alert.

count
earliest_bin
latest_bin
agg_bin_offset
earliest_bin_
ascii
latest_bin_ascii
earliest_bin_
seen
earliest_bin_
seen_offset
earliest_bin_
seen_ascii
latest_bin_seen
latest_bin_seen_
offset
latest_bin_seen_
ascii

<instance> id One of the following:

n The router_gid
n The interface_gid
n 1 (the network boundary)
n 2 (the managed object boundary)

<dataset> name The data in the alert. It occurs under the

instance tag.

<item> id Refer to the “Datasets” on page 74

name below for what item contains. It occurs
under the dataset tag.

<key> id Usually the same as item. However, this

name is under item and a sibling to class, so
it is better to use item for queries. It
occurs under the item tag.

72 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

XML <query-reply> elements (Continued)

Element Attributes Description

<class> type This will almost always be value. The
exception is top_patterns, which may
include tcp_flags and packet_
distribution, where each class is the
name of a packet distribution bucket. It
occurs under the item tag.

<current> value The current value of the traffic at the

time of the query in either bps or pps,
based on the value of the unit element.
It occurs under the class tag.

<avg> value The average value of the traffic in either

bps or pps, based on the value of the
unit element. It occurs under the
class tag.

<max> value The maximum value of the traffic in

either bps or pps, based on the value of
the unit element. It occurs under the
class tag.

<pct95> value The 95th percentile value of the traffic in

either bps or pps, based on the value of
the unit element. It occurs under the
class tag.

<sample> value A series of pipe-delimited numbers, with

the value in the unit specified in the
query. See the duration attribute of
sample-info for the length of each
sample. It occurs under the class tag.

<linear_fit> offset Graphing data. It occurs under the

slope class tag.

Proprietary and Confidential Information of Arbor Networks Inc. 73

SP API Guide, Version 8.4

Datasets

Category: top_talker
All of the datasets in this category will have data for the mo and net boundaries, except for
top_patterns_*, which will have data for the none boundary.

XML top_talker elements

Dataset Item Description

dest_addr_bytes id = CIDR Traffic per IP or CIDR block.
dest_addr_ name = CIDR
packets
src_addr_bytes
src_addr_packets

dest_tcp_ports_ id = port number Traffic per port. Well-known ports (for

bytes name = port name example, DNS and HTTP) will have the
dest_tcp_ports_ port name provided. Other ports will use
packets the port number for the name.
dest_udp_ports_ The following special values are used as
bytes port numbers:
dest_udp_ports_ n 65555: 1 - 1023 (System)
packets n 65565: 1024 - 65535 (Dynamic)
src_tcp_ports_ n *: Widely varied
bytes
src_tcp_ports_
packets
src_udp_ports_
bytes
src_udp_ports_
packets

protos_bytes id = protocol Traffic per protocol (for example, TCP

protos_packets number and UDP).
name = protocol
name

74 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

Category: top_contributors

XML top_contributors elements

Dataset Item Description

icmp_type_and_ id = number Traffic per ICMP type.
code_bytes name = description id is a number which represents the
icmp_type_and_ combination of the ICMP type and
code_packets code.
name is the description of the ICMP
type with the code number. For
example, "Destination Unreachable
(code 5)". IPv6 types will always begin
with "IPv6".

misuse_types_ id = number Traffic per detected misuse type.

bytes name = name
misuse_type_
packets

src_asn_bytes id = ASN Traffic per source AS.

src_asn_packets name = ASN name

src_countries_ id = number Traffic per source country.

bytes name = country name The key also contains the country (full
src_countries_ name) and country_code (2 letter
packets abbreviation) attributes.

tcp_flags_bytes id = bitmask of flags Traffic per combination of TCP flags.

tcp_flags_packets name = combination
of single-letter flag
names

Proprietary and Confidential Information of Arbor Networks Inc. 75

SP API Guide, Version 8.4

Category: router_stats
This is a count of traffic seen by each router or interface. Each instance is either a router or
an interface, as determined by the instance type.

XML router_stats elements

Element Attributes Description

<instance> id id is the ID of the item
type type is either router or interface
name name is the name of the item
router_gid router_gid is the ID of the router that
router_name the interface belongs to (interface
only)
router_name is the name of the router
that the interface belongs to
(interface only)
It occurs under the query-reply tag.

<dataset> name name is either counts_byte or counts_

packets. It occurs under the instance
tag.

<item> id id is the direction of traffic: -1, 0, or 1.

name name is N/A, IN, or OUT.
It occurs under the dataset tag.

<class> type type = value. It contains all of the

attributes listed as children of class in
“About the <query-reply> XML
elements” on page 72. It occurs under
the item tag.

Dataset: packet_distribution
This is a dataset in the top_contributors category. It is a count of the number of packets
of particular sizes, as determined by the class type. There is no unit specified in the query,
because the results only can be packets. Results are available for the mo and net
boundaries.

XML packet_distribution elements

Element Attributes Description

<instance> id id is the boundary type: 1 for net or 2
for mo. It occurs under the query-
reply tag.

<dataset> name name is always packet_distribution.

It occurs under the instance tag.

76 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

XML packet_distribution elements (Continued)

Element Attributes Description

<item> id Ignored. All values are 0. It occurs under
name the dataset tag.

<class> type The size of the bucket in number of

bytes per packet. The format is:
packet_size_<start>_to_<end>. For
example:
packet_size_0_to_50
packet_size_51_to_100
packet_size_101_to_150
…
packet_size_1451_to_1500
packet_size_1501_and_greater
It contains all of the attributes listed as
children of class in the “About the
<query-reply> XML elements” on
page 72 section. It occurs under the
item tag.

Dataset: top_patterns
This is a dataset in the top_talker category. It counts the amount of traffic per pattern.
For more information, see " About the Top Traffic Patterns Table" in the Arbor Networks SP
and TMS User Guide .
Results are available for the mo and net boundaries. The top_patterns dataset is not in
profiled network alerts.

XML packet_distribution elements

Element Attributes Description

<instance> id id is the router gid. It occurs under the
query-reply tag.

<dataset> name name is either top_patterns_bytes

or top_patterns_packets. It occurs
under the instance tag.

Proprietary and Confidential Information of Arbor Networks Inc. 77

SP API Guide, Version 8.4

XML packet_distribution elements (Continued)

Element Attributes Description

<item> id A pattern consisting of the following
elements, separated by underscores:
n protocol
n source CIDR
n source port
n destination CIDR
n destination port

The special port values mentioned

previously may also be used here. It
occurs under the dataset tag.

<class> type Either value or tcp_flags. See the

tcp_flags datasets in the “Category:
top_contributors” on page 75 section
for information about the possible
values.
It contains all of the attributes listed as
children of class in the “About the
<query-reply> XML elements” on
page 72section. It occurs under the
item tag.

78 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

getDosAlertGraph
Prototype
getDosAlertGraph(alertID, width, height)

Accepted parameters
getDosAlertGraph accepts the following parameters:

getDosAlertGraph parameters

Name Type Description

alertID unsigned The ID of a misuse or profiled DoS alert.
integer

width unsigned The width that you want the graph to be. If you
integer enter 0 for either the width or the height
argument, then SP returns a graph that is 948 x
160.

height unsigned The height that you want the graph to be. If you
integer enter 0 for either the width or the height
argument, then SP returns a graph that is 948 x
160.

Return value
getDosAlertGraph returns the following value:

getDosAlertGraph return value

Name Type Description

graph base64binary A PNG graph file of the impact data for a specified
alert ID. If an alert does not have impact data,
then the SOAP API does not populate a graph.

Proprietary and Confidential Information of Arbor Networks Inc. 79

SP API Guide, Version 8.4

getDosAlertDetails
Prototype
getDosAlertDetails(alertID)

Accepted parameter
getDosAlertDetails accepts the following parameter:

getDosAlertDetails parameter

Name Type Description

alertID unsigned integer The ID of a DoS alert.

Return value
getDosAlertDetails returns the following value:

getDosAlertDetails return value

Name Type Description

results DosAlertDetails An array of DosAlertDetails records.
See “DosAlertDetails 7.0” on the facing page
and “DosAlertDetails 6.0 ” on page 88 .

About DosAlertDetails
SP 7.0 uses two sets of DosAlertDetails as described in the following table:

DosAlertDetails sets

DosAlertDetails Set Used For

DosAlertDetails 7.0 n All DoS alerts that are triggered on an SP 7.0 appliance.
n DoS Host alerts and DoS Profiled Network alerts that
existed before an upgrade to SP 7.0.
n DoS Host alerts and DoS Profiled Network alerts that are
triggered on an SP 5.8 or 6.0 appliance in a multi-version
deployment.

See “DosAlertDetails 7.0” on the facing page.

DosAlertDetails 6.0 n DoS Profiled Router alerts that existed before an upgrade
to SP 7.0.
n DoS Profiled Router alerts that are triggered on an SP 5.8
or 6.0 appliance in a multi-version deployment.

See “DosAlertDetails 6.0 ” on page 88.

80 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetails 7.0
DosAlertDetails for DoS 3 alerts contains the following elements:

DosAlertDetails 7.0 elements

Name Type Description

id unsigned integer An alert’s ID.

start dateTime The date and time when an alert

started, in the following ISO 8601
format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which

an alert ended, in the following ISO
8601 format:
n YYYY-MM-DDThh:mm:ssTZD

dest_addr DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

dest_tcp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

dest_udp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

protos DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

src_addr DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

src_tcp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

src_udp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on
page 83.

Proprietary and Confidential Information of Arbor Networks Inc. 81

SP API Guide, Version 8.4

DosAlertDetails 7.0 elements (Continued)

Name Type Description

icmp_ DosAlertDetailsItem (Optional) One or more arrays of
type_and_ DosAlertDetailsItem records.
code See “DosAlertDetailsItem” on the
facing page.

misuse_ DosAlertDetailsItem (Optional) One or more arrays of

types DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

src_asn DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

src_ DosAlertDetailsItem (Optional) One or more arrays of

countries DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

tcp_flags DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

top_ DosAlertTopPatternsItem (Optional) One or more arrays of

patterns DosAlertTopPatternsItem records.
See “DosAlertTopPatternsItem” on
the facing page.

packet_ DosAlertPacketDistributionBound (Optional) One or more arrays of

distributio ary DosAlertPacketDistributionBoundary
n records.
See
“DosAlertPacketDistributionBounda
ry” on page 84.

alert_ DosAlertDetailsRoutersBoundary (Optional) One or more arrays of

routers DosAlertDetailsRoutersBoundary
records.
See
“DosAlertDetailsRoutersBoundary”
on page 87.

82 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetailsItem
DosAlertDetailsItem contains the following elements:

DosAlertDetailsItem elements

Name Type Description

id string The ID of an item.

name string The name of an item.

mo DosAlertDetailsRates One or more arrays of DosAlertDetailsRates

records for the rate of traffic at the managed
object boundary.
See “DosAlertDetailsRates” below.

net DosAlertDetailsRates One or more arrays of DosAlertDetailsRates

records for the rate of traffic at the network
boundary.
See “DosAlertDetailsRates” below.

DosAlertDetailsRates
DosAlertDetailsRates contains the following elements:

DosAlertDetailsRates elements

Name Type Description

bps unsigned integer The rate of traffic (in bps) for the duration of an
alert.

pps unsigned integer The rate of traffic (in pps) for the duration of an
alert.

DosAlertTopPatternsItem
DosAlertTopPatternItem contains the following elements:

DosAlertTopPatternItem elements

Name Type Description

router_ unsigned integer The ID of a router where a traffic pattern was
id observed.

router_ string The name of a router where a traffic pattern

name was observed.

patterns DosAlertTopPatternsDetails One or more arrays of

DosAlertTopPatternsDetails records.
See “DosAlertTopPatternsDetails” on the next
page.

Proprietary and Confidential Information of Arbor Networks Inc. 83

SP API Guide, Version 8.4

DosAlertTopPatternsDetails
DosAlertTopPatternDetails displays the top (up to 10) traffic patterns from the last 5
minutes of the selected timeframe of a DoS Host alert or DoS Profiled Router alert.

DosAlertTopPatternDetails contains the following elements:

DosAlertTopPatternDetails elements

Name Type Description

protocol string The protocol of a traffic pattern.

src_ip string The source IP address of a traffic pattern.

src_port unsigned integer The source port of a traffic pattern.

src_port_name string The name of the service of a source port of a

traffic pattern.

dst_ip string The destination IP address of a traffic pattern.

dst_port unsigned integer The destination port of a traffic pattern.

dst_port_name string The name of the service of a destination port of

a traffic pattern.

tcp_flags string The TCP flag of a traffic pattern.

bps unsigned integer The rate of traffic (in bps) of a traffic pattern.

pps unsigned integer The rate of traffic (in pps) of a traffic pattern.

DosAlertPacketDistributionBoundary
DosAlertPacketDistributionBoundary contains the following elements:

DosAlertPacketDistributionBoundary elements

Name Type Description

mo DosAlertPacketDistribution One or more arrays of
DosAlertPacketDistribution records for the size
of packets at the managed object boundary.
See “DosAlertPacketDistribution” on the facing
page.

net DosAlertPacketDistribution One or more arrays of

DosAlertPacketDistribution records for the size
of packets at the network boundary.
See “DosAlertPacketDistribution” on the facing
page.

84 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertPacketDistribution
DosAlertPacketDistribution contains the following elements:

DosAlertPacketDistribution elements

Name Type Description

packet_size_0_to_50 unsigned The number of packets that are between 0
integer and 50 bytes.

packet_size_51_to_100 unsigned The number of packets that are between 51

integer and 100 bytes.

packet_size_101_to_ unsigned The number of packets that are between 101

150 integer and 150 bytes.

packet_size_151_to_ unsigned The number of packets that are between 151

200 integer and 200 bytes.

packet_size_201_to_ unsigned The number of packets that are between 201

250 integer and 250 bytes.

packet_size_251_to_ unsigned The number of packets that are between 251

300 integer and 300 bytes.

packet_size_301_to_ unsigned The number of packets that are between 301

350 integer and 350 bytes.

packet_size_351_to_ unsigned The number of packets that are between 351

400 integer and 400 bytes.

packet_size_401_to_ unsigned The number of packets that are between 401

450 integer and 450 bytes.

packet_size_451_to_ unsigned The number of packets that are between 451

500 integer and 500 bytes.

packet_size_501_to_ unsigned The number of packets that are between 501

550 integer and 550 bytes.

packet_size_551_to_ unsigned The number of packets that are between 551

600 integer and 600 bytes.

packet_size_601_to_ unsigned The number of packets that are between 601

650 integer and 650 bytes.

packet_size_651_to_ unsigned The number of packets that are between 651

700 integer and 700 bytes.

packet_size_701_to_ unsigned The number of packets that are between 701

750 integer and 750 bytes.

packet_size_751_to_ unsigned The number of packets that are between 751

800 integer and 800 bytes.

packet_size_801_to_ unsigned The number of packets that are between 801

850 integer and 850 bytes.

Proprietary and Confidential Information of Arbor Networks Inc. 85

SP API Guide, Version 8.4

DosAlertPacketDistribution elements (Continued)

Name Type Description

packet_size_851_to_ unsigned The number of packets that are between 851
900 integer and 900 bytes.

packet_size_901_to_ unsigned The number of packets that are between 901

950 integer and 950 bytes.

packet_size_951_to_ unsigned The number of packets that are between 951

1000 integer and 1000 bytes.

packet_size_1001_to_ unsigned The number of packets that are between 1001

1050 integer and 1050 bytes.

packet_size_1051_to_ unsigned The number of packets that are between 1051

1100 integer and 1100 bytes.

packet_size_1101_to_ unsigned The number of packets that are between 1101

1150 integer and 1150 bytes.

packet_size_1151_to_ unsigned The number of packets that are between 1151

1200 integer and 1200 bytes.

packet_size_1201_to_ unsigned The number of packets that are between 1201

1250 integer and 1250 bytes.

packet_size_1251_to_ unsigned The number of packets that are between 1251

1300 integer and 1300 bytes.

packet_size_1301_to_ unsigned The number of packets that are between 1301

1350 integer and 1350 bytes.

packet_size_1351_to_ unsigned The number of packets that are between 1351

1400 integer and 1400 bytes.

packet_size_1401_to_ unsigned The number of packets that are between 1401

1450 integer and 1450 bytes.

packet_size_1451_to_ unsigned The number of packets that are between 1451

1500 integer and 1500 bytes.

packet_size_1501_ unsigned The number of packets that are greater than

and_greater integer 1500 bytes.

86 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetailsRoutersBoundary
DosAlertDetailsRoutersBoundary contains the following elements:

DosAlertDetailsRoutersBoundary elements

Name Type Description

none DosAlertDetailsRouters One or more arrays of
DosAlertDetailsRouters records that match
neither a managed object boundary or a
network boundary of a DoS Host alert or a
DoS Profiled Router alert.
See “DosAlertDetailsRouters” below.

mo DosAlertDetailsRouters One or more arrays of

DosAlertDetailsRouters records that match a
managed object boundary of a DoS Profiled
Network alert.
See “DosAlertDetailsRouters” below.

net DosAlertDetailsRouters One or more arrays of

DosAlertDetailsRouters records that match a
network boundary of a DoS Profiled
Network alert.
See “DosAlertDetailsRouters” below.

DosAlertDetailsRouters
DosAlertDetailsRouters contains the following elements:

DosAlertDetailsRouters elements

Name Type Description

id unsigned integer The ID of the router where traffic was
observed for an alert.

name string The name of the router where traffic was

observed for an alert.

max_bps unsigned integer The maximum rate of alert traffic (in

bytes) at a router.

max_pps unsigned integer The maximum rate of alert traffic (in

packets) at a router.

interfaces DosAlertDetailsInterfaces One or more arrays of

DosAlertDetailsInterfaces records.
See “DosAlertDetailsInterfaces” on the
next page.

Proprietary and Confidential Information of Arbor Networks Inc. 87

SP API Guide, Version 8.4

DosAlertDetailsInterfaces
DosAlertDetailsInterfaces contains the following elements:

DosAlertDetailsInterfaces elements

Name Type Description

name string The name of the interface where alert traffic was
observed.

direction string A string that indicates the direction of alert traffic

on the interface. The direction can be one of the
following:
n Incoming
n Outgoing
n N/A

max_bps unsigned The maximum rate of alert traffic (in bytes)

integer observed for an interface.

max_pps unsigned The maximum rate of alert traffic (in packets)

integer observed for an interface.

DosAlertDetails 6.0
DosAlertDetails for DoS 3 alerts contains the following elements:

DosAlertDetails 6.0 elements

Name Type Description

id unsigned integer An alert’s ID.

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which an alert

ended, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

bytes_total unsigned integer The total traffic involved in an alert (in bytes).

packets_total double The total traffic involved in an alert (in packets).

src_prefixes PrefixTraffic (Optional) One or more arrays of PrefixTraffic

records.
See “PrefixTraffic” on the facing page.

dst_prefixes PrefixTraffic (Optional) One or more arrays of PrefixTraffic

records.
See “PrefixTraffic” on the facing page.

88 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetails 6.0 elements (Continued)

Name Type Description

src_ports PortTraffic (Optional) One or more arrays of PortTraffic
records.
See “PortTraffic” on the next page.

dst_ports PortTraffic (Optional) One or more arrays of PortTraffic

records.
See “PortTraffic” on the next page.

protocols ProtocolTraffic (Optional) One or more arrays of ProtocolTraffic

records.
See “ProtocolTraffic” on the next page.

tcpFlags TcpFlagsTraffic (Optional) One or more arrays of TcpFlagsTraffic

records.
See “TcpFlagsTraffic” on the next page.

impact_bps float The raw data points for the impact values (in bps)
observed over the life of an alert. These are the
same data points used to generate graphs for
DoS Alerts in the web UI.

impact_pps float The raw data points for the impact values (in pps)
observed over the life of an alert. These are the
same data points used to generate graphs for
DoS alerts in the web UI.

routers DosAlertRouter (Optional) One or more arrays of DosAlertRouter

records.
See “DosAlertRouter” on page 91.

PrefixTraffic
PrefixTraffic contains the following elements:

PrefixTraffic elements

Name Type Description

cidr string A CIDR block that was a significant contributor to
an alert.

bytes double The amount of alert traffic (in bytes) observed for
a prefix.

packets double The amount of alert traffic (in packets) observed

for a prefix.

Proprietary and Confidential Information of Arbor Networks Inc. 89

SP API Guide, Version 8.4

PortTraffic
PortTraffic contains the following elements:

PortTraffic elements

Name Type Description

portRangeStart unsigned integer The first port in the port range.

portRangeEnd unsigned integer The last port in the port range.

name string The name of the application associated with a

single port, if a port range only includes one
port.

bytes double The amount of alert traffic (in bytes) observed

for a port or port range.

packets double The amount of alert traffic (in packets) observed

for a port or port range.

ProtocolTraffic
ProtocolTraffic contains the following elements:

ProtocolTraffic elements

Name Type Description

name string The name of the protocol of the traffic of an alert.

number unsigned integer The number for the protocol of the traffic of an alert.

bytes double The amount of alert traffic (in bytes) observed for a
protocol.

packets double The amount of alert traffic (in packets) observed for a
protocol.

TcpFlagsTraffic
TcpFlagsTraffic contains the following elements:

TcpFlagsTraffic elements

Name Type Description

text string The alphabetic values that represent the TCP flags
of the traffic of an alert.

value unsigned The single numeric value, which is the logical OR

integer of all TCP flag values detected in the traffic of an
alert.

90 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4: Alert Functions in the Current SOAP API

TcpFlagsTraffic elements (Continued)

Name Type Description

bytes double The amount of alert traffic (in bytes) observed for
a TCP flag.

packets double The amount of alert traffic (in packets) observed

for a TCP flag.

DosAlertRouter
DosAlertRouter contains the following elements:

DosAlertRouter elements

Name Type Description

gid unsigned integer The ID of the router where the traffic of an alert
was observed.

name string The name of the router where the traffic of an

alert was observed.

bytes_total double The amount of alert traffic (in bytes) observed

for a router.

packets_total double The amount of alert traffic (in packets)

observed for a router.

packet_rate_ double The maximum rate of alert traffic (in packets)

max observed for a router.

byte_rate_max double The maximum rate of alert traffic (in bytes)

observed for a router.

duration unsigned integer The amount of time alert traffic was observed
on a router.

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time when an alert

ended, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

interfaces DosAlertInterface One or more arrays of DoSAlertInterface

records.
See “DosAlertInterface” on the next page.

Proprietary and Confidential Information of Arbor Networks Inc. 91

SP API Guide, Version 8.4

DosAlertInterface
DosAlertInterface contains the following elements:

DosAlertInterface elements

Name Type Description

gid unsigned integer The ID of the interface where alert traffic was
observed.

name string The name of the interface where alert traffic

was observed.

description string The description of the interface where alert

traffic was observed.

snmp_index string The SNMP index of the interface where alert

traffic was observed.

ip string The IP address of the interface where alert

traffic was observed.

bytes_total double The total alert traffic (in bytes) observed at an

interface.

packets_total double The total alert traffic (in packets) observed at

an interface.

packet_rate_max double The maximum rate of alert traffic (in packets)

observed at an interface.

byte_rate_max double The maximum rate of alert traffic (in bytes)

observed at an interface.

duration unsigned integer The amount of time alert traffic was observed
at an interface.

92 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5:
Mitigation Functions in the Current
SOAP API

Introduction
This chapter includes information about the supported SP current SOAP API mitigation
functions.

You can download the PeakflowSP.wsdl file for a complete specification of the data
types used for each current SOAP API mitigation function’s parameters and return values.
The WSDL file is downloaded as part of the API SDK (Administration > Download
Arbor API SDK).

In this section
This section contains the following topics:

applyMitigationTemplateById 94
applyMitigationTemplateByName 95
getMitigationSummaries 96
getMitigationSummariesXML 98
getMitigationStatisticsByIdXML 99
getMitigationStatisticsByNameXML 100
addTmsFilterList 101
editTmsFilterList 103
deleteTmsFilterList 104

SP API Guide, Version 8.4 93

SP API Guide, Version 8.4

applyMitigationTemplateById
Prototype
applyMitigationTemplateByID(mitigation_id, template_id, apply_method)

Accepted parameters
applyMitigationTemplateById accepts the following parameters:

applyMitigationTemplateById parameters

Name Type Description

mitigation_id unsigned The “Id” of a TMS mitigation. When this
integer parameter is used alone, a TMS mitigation
template that is already set in the mitigation is
applied. If a TMS mitigation template is not set, it
returns an error. When this parameter is used
with the template_id parameter, the specified
TMS mitigation template is set and applied to the
mitigation.

template_id unsigned (Optional) The “Id” of a TMS mitigation template

integer that is set and applied to the mitigation.

apply_method string The method used to apply the specified TMS

mitigation template. The override method is
supported, and override is the default value. As
of version 7.0, the merge method is no longer
supported.
The override method overrides the settings in
the TMS mitigation with the settings in the
template. If the settings in the template are
blank, the empty settings in the template will
clear the corresponding settings in the mitigation
except for the protection prefixes and timeout
setting that are configured on the Protect tab of
a mitigation. If the protection prefixes and
timeout setting are blank in the template, they do
not clear the corresponding settings in the
mitigation.

Return values
applyMitigationTemplateByID returns the following values:

applyMitigationTemplateById return value

Name Type Description

results string A success or failure message.

94 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5: Mitigation Functions in the Current SOAP API

applyMitigationTemplateByName
Prototype
applyMitigationTemplateByName(mitigation_name, template_name, apply_method)

Accepted parameters
applyMitigationTemplateByName accepts the following parameters:

applyMitigationTemplateByName parameters

Name Type Description

mitigation_name string The name of a TMS mitigation. When this
parameter is used alone, a TMS mitigation
template that is already set in the mitigation is
applied. If a TMS mitigation template is not set, it
returns an error. When this parameter is used
with the template_name parameter, the specified
TMS mitigation template is set and applied to the
mitigation.

template_name string (Optional) The name of a TMS mitigation

template that is set and applied to the mitigation.

apply_method string The method used to apply the specified TMS

mitigation template. The override method is
supported, and override is the default value. As
of version 7.0, the merge method is no longer
supported.
The override method overrides the settings in the
TMS mitigation with the settings in the template. If
the settings in the template are blank, the empty
settings in the template will clear the
corresponding settings in the mitigation except
for the protection prefixes and timeout setting
that are configured on the Protect tab of a
mitigation. If the protection prefixes and timeout
setting are blank in the template, they do not
clear the corresponding settings in the mitigation.

Return values
applyMitigationTemplateByName returns the following values:

applyMitigationTemplateByName return value

Name Type Description

results string A success or failure message.

Proprietary and Confidential Information of Arbor Networks Inc. 95

SP API Guide, Version 8.4

getMitigationSummaries
Prototype
getMitigationSummaries(filter, max_count)

Accepted parameters
getMitigationSummaries accepts the following parameters:

getMitigationSummaries parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings that
you can enter in the Search box on the
Mitigations pages in the web UI.

max_count unsigned The maximum number of mitigations to return

integer that match the filter.

Return values
getMitigationSummaries returns the following values:

getMitigationSummaries return value

Name Type Description

results MitigationSummaryArray An array of one or more
MitigationSummary records.
See “MitigationSummary” below.

MitigationSummary
MitigationSummary contains the following data about a mitigation:

MitigationSummary elements

Name Type Description

id integer The ID assigned to a mitigation.

type string The type of mitigation.

name string The name of a mitigation.

description string (Optional) The description of a mitigation.

user string The user who started a mitigation.

alert_id integer (Optional) The alert ID that is associated with a

mitigation.

prefix string The diversion prefix used in the mitigation.

96 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5: Mitigation Functions in the Current SOAP API

MitigationSummary elements (Continued)

Name Type Description

is_automitigation boolean One of the following:
“True” for an automitigation
“False” for any other mitigation

managed_object_ integer (Optional) The ID of the managed object

id protected by a mitigation.

managed_object_ string (Optional) The name of the managed object

name protected by a mitigation.

ongoing boolean One of the following:

n “True” for an ongoing mitigation
n “False” for any other mitigation

start time dateTime The date and time when a mitigation started,
in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop time dateTime (Optional) The date and time at which a

mitigation ended, in the following ISO 8601
format:
n YYYY-MM-DDThh:mm:ssTZD

duration float The amount of time that a mitigation has

lasted.

annotations array of (Optional) An array of one or more Annotation

Annotation records.
See “Annotation” below.

Annotation
Annotation describes a mitigation annotation and contains the following elements:

Annotation elements

Name Type Description

added dateTime The date and time when an annotation was added
to a mitigation, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

author string The user who added an annotation to a mitigation.

content string The comments that a user wrote in an annotation.

Proprietary and Confidential Information of Arbor Networks Inc. 97

SP API Guide, Version 8.4

getMitigationSummariesXML
Prototype
getMitigationSummariesXML(filter, max_count)

Accepted parameters
getMitigationSummariesXML accepts the following parameters:

getMitigationSummariesXML parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Search box on the
Mitigations pages in the web UI.

max_count unsigned integer The maximum number of mitigations to return

that match the filter.

Return value
getMitigationSummariesXML returns the following value:

getMitigationSummariesXML return value

Name Type Description

results string An XML representation of the same data that is
returned by the MitigationSummary function.
See “MitigationSummary” on page 96.

98 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5: Mitigation Functions in the Current SOAP API

getMitigationStatisticsByIdXML
Prototype
getMitigationStatisticsByIdXML(id, start, stop)

Accepted parameters
getMitigationStatisticsByIdXML accepts the following parameters:

getMitigationStatisticsByIdXML parameters

Name Type Description

id unsigned integer The ID of a mitigation.

start unsigned integer A UNIX timestamp that specifies the start time of
a mitigation.

stop unsigned integer A UNIX timestamp that specifies the stop time of
a mitigation.

Return value
getMitigationStatisticsByIdXML returns the following value:

getMitigationStatisticsByIdXML return value

Name Type Description

results string An XML representation of the same data that is
available for a mitigation in the web UI.

Proprietary and Confidential Information of Arbor Networks Inc. 99

SP API Guide, Version 8.4

getMitigationStatisticsByNameXML
Prototype
getMitigationStatisticsByNameXML(name, start, stop)

Accepted parameters
getMitigationStatisticsByNameXML accepts the following parameters:

getMitigationStatisticsByNameXML parameters

Name Type Description

name string The name of a mitigation.

start unsigned integer A UNIX timestamp that specifies the start time of
a mitigation.

stop unsigned integer A UNIX timestamp that specifies the stop time of
a mitigation.

Return value
getMitigationStatisticsByNameXML returns the following value:

getMitigationStatisticsByNameXML return value

Name Type Description

results string An XML representation of the same data that is
available for a mitigation in the web UI.

100 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5: Mitigation Functions in the Current SOAP API

addTmsFilterList
Prototype
addTmsFilterList(name, type, filters, import_format, description)

Accepted parameters
addTmsFilterList accepts the following parameters:

addTmsFilterList parameters

Name Type Description

name string The name of a filter list.

type tmsFilterListType The type of filter list, which can be one

of the following strings:
n black_white
n dns
n ip_location
n ip_address
n ipv6_address
n url

filters base64-encoded A list of one of the following:

n IPv4 or IPv6 addresses
n URL regular expressions (in PCRE
format)
n DNS domain name or FQDN
regular expressions (in PCRE
format)

import_format tmsFilterListImportFormat The format of the filter list entries,

which can be one of the following
values:
n line-delimited
n comma-delimited
n tab-delimited

The default value is line-delimited.

description string A description that helps you identify a

filter list.

Proprietary and Confidential Information of Arbor Networks Inc. 101

SP API Guide, Version 8.4

Return value
addTmsFilterList returns an array with the following values:

addTmsFilterList return value

Name Type Description

results string “Success” if the call was successful.

validation_errors base64-encoded An error string with a list of validation

string errors.

102 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5: Mitigation Functions in the Current SOAP API

editTmsFilterList
Prototype
editTmsFilterList(name, filters, import_format, description)

Accepted parameters
editTmsFilterList accepts the following parameters:

editTmsFilterList parameters

Name Type Description

name string The name of the filter list that you
want to edit.

filters base64-encoded A list of one of the following:

n IPv4 or IPv6 addresses
n URL regular expressions (in PCRE
format)
n DNS domain name or FQDN
regular expressions (in PCRE
format)

import_format tmsFilterListImportFormat The format of the filter list entries,

which can be one of the following
values:
n line-delimited
n comma-delimited
n tab-delimited

The default value is line-delimited.

description string A description that helps you identify

the filter list.

Return value
editTmsFilterList returns an array with the following values:

editTmsFilterList return value

Name Type Description

results string “Success” if the call was successful.

validation_errors base64-encoded An error string with a list of validation

string errors.

Proprietary and Confidential Information of Arbor Networks Inc. 103

SP API Guide, Version 8.4

deleteTmsFilterList
Prototype
deleteTmsFilterList(name)

Accepted parameters
deleteTmsFilterList accepts the following parameters:

deleteTmsFilterList parameter

Name Type Description

name string The name of the filter list that you want to
delete.

Return value
deleteTmsFilterList returns the following value:

deleteTmsFilterList return value

Name Type Description

results string “Success” if the call was successful or errors if the
call was not.

104 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6:
Configuration Management Functions
in the Current SOAP API

Introduction
This chapter includes information about the supported configuration management
functions in the SP current SOAP API.

You can download the PeakflowSP.wsdl file (Administration > Download Arbor API
SDK) for a complete specification of the data types used for each current SOAP API
function’s parameters and return values.

In this section
This section contains the following topics:

About the Configuration Management Functions 106

cliRun 108
accountAdd 109
accountDelete 111
accountChangePassword 112
accountChangeGroup 113

SP API Guide, Version 8.4 105

SP API Guide, Version 8.4

About the Configuration Management Functions

Introduction
SP supports the following configuration management functions:
n cliRun
n accountAdd
n accountDelete
n accountChangePassword
n accountChangeGroup

Output format
The output for all of the Configuration Management functions is returned in the standard
SP XML data format with a base64-encoded query-reply text node.

The following XML snippet shows an example result from an accountAdd operation:
<?xml version="1.0"?>
<peakflow version="1.0" release="8.4">
<query-reply name="accountAdd" type="text"> T0s= </query-reply>
</peakflow>

Note
With the exception of the cliRun operation, the normal return value for successful
completion of the operations documented below is OK. The example above reflects the
result from the successful completion of an accountAdd operation—the text node value
is the base64-encoded representation of OK.

Error handling
Errors that occur during the execution of the Configuration Management operations result
in SOAP faults.

The following example shows a typical SOAP fault message (in this case, for the addition of
an account that already exists):
<SOAP-ENV:Envelope SOAP-
ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Server error</faultstring>
<detail> /detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

106 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6: Configuration Management Functions in the Current SOAP API

Note
The faults that are returned by the SP API contain a descriptive string that explains the
nature of the fault in the detail element, as shown above. The faultcode describes the
source of the problem, which is either Client or Server. If the faultcode is Client, then
there was a problem with the parameters submitted to the API. If the faultcode is Server,
then SP encountered a problem while processing the request.

Showing the current configuration

To show the current configuration:
n Execute the config show command with the cliRun method described above.

Note
To apply the configuration, a client could parse this output and replay each command
with this same interface.

Committing and saving the current configuration

Because this API is an extension of the CLI, you must also commit your changes in order
to save them.

To commit configuration changes:

n Execute the config write command.

Important
If you reboot, you will lose any changes that were not committed.

Proprietary and Confidential Information of Arbor Networks Inc. 107

SP API Guide, Version 8.4

cliRun
Prototype
cliRun(command, timeout)

Accepted parameters
cliRun accepts the following parameters:

cliRun parameters

Name Type Description

command base64- an SP base64-encoded CLI command.
encoded
command string

timeout unsigned The number of seconds that the cliRun call is

integer allowed to run. If the call is not completed in the
specified amount of time, SP throws a fault. If you
specify 0 for the timeout, then SP uses the default
value of 30 seconds.

Return value
cliRun returns the following value:

cliRun return value

Name Type Description

results string The output from the CLI after running the
command.
Note
In the case of most configuration commands, the
normal output from the CLI is empty. Errors
during the operation result in SOAP faults.
See “Error handling” on page 106.

108 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6: Configuration Management Functions in the Current SOAP API

accountAdd
Prototype
accountAdd(AccountConfiguration)

Accepted parameter
accountAdd accepts the following parameter:

accountAdd parameter

Name Type Description

AccountConfiguration complex type A SOAP structure that includes all of an
account’s parameters.
See “AccountConfiguration” below.

Note
You can enter an empty value for optional arguments, which indicates that the parameter
is unspecified.

AccountConfiguration
AccountConfiguration contains the following data about an account:

AccountConfiguration elements

Name Type Description

username string The user name for the account that you want
to add.

password base64 binary The base64-encoded password for the

account that you want to add.

group string The account group to which you want to

assign an account.

capabilityLevel capabilityLevelType The capability level that you want to assign to

an account, which can be one of the
following:
n admin
n user

device string The name of an SP appliance with which an

account is associated.

menu string (Optional) The UI menu system that you want

the user of this account to view.

timezone string (Optional) The time zone associated with the

account that you want to add.

Proprietary and Confidential Information of Arbor Networks Inc. 109

SP API Guide, Version 8.4

AccountConfiguration elements (Continued)

Name Type Description

realname string (Optional) The full name of the user whose
account you want to add.

email string (Optional) The email address of the user

whose account you want to add.

Return values
accountAdd returns the following value:

accountAdd return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to
indicate that the operation was successfully
completed. Errors during the operation result in
SOAP faults.
See “Error handling” on page 106.

110 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6: Configuration Management Functions in the Current SOAP API

accountDelete
Prototype
accountDelete(name)

Accepted parameter
accountDelete accepts the following parameter:

accountDelete parameter

Name Type Description

name string The user name of the account that you want to
delete.

Return value
accountDelete returns the following value:

accountDelete return value

Name Type Description

Proprietary and Confidential Information of Arbor Networks Inc. 111

SP API Guide, Version 8.4

accountChangePassword
Prototype
accountChangePassword(name, device, password)

Accepted parameters
accountChangePassword accepts the following parameters:

accountChangePassword parameters

Name Type Description

name string The user name of the account whose password
you want to change.

device string The name of an SP appliance with which an

account is associated.

password string The new base64-encoded password for the

account.

Return value
accountChangePassword returns the following value:

accountChangePassword return value

Name Type Description

112 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6: Configuration Management Functions in the Current SOAP API

accountChangeGroup
Prototype
accountChangeGroup(name, device, group, capabilityLevel)

Accepted parameters
accountChangeGroup accepts the following parameters:

accountChangeGroup parameters

Name Type Description

name string The user name of the account for which you
want to change the account group.

device string The name of an SP appliance with which an

account is associated.

group string The new account group with which you want
to associate the account.

capabilityLevel capabilityLevelType The capability level that you want to assign to

an account, which can be one of the
following:
n admin
n user

Return value
accountChangeGroup returns the following value:

accountChangeGroup return value

Name Type Description

Proprietary and Confidential Information of Arbor Networks Inc. 113

SP API Guide, Version 8.4

114 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7:
Report Functions in the Current SOAP
API

Introduction
This chapter includes information about the supported report functions in the current SP
SOAP API. These functions retrieve data for configured Wizard reports in the web UI.

You can download the PeakflowSP.wsdl file for a complete specification of the data
types used for each current SOAP API report function’s parameters and return values. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor
API SDK).

In this section
This section contains the following topics:

queueReportToRun 116
getReportList 117
getReportListXML 119
getReportResultsList 120
getReportResultsListXML 122
getLastReportResultAsCSV 123
getLastReportResultAsXML 124
getLastReportResultAsPDF 125
getReportResultAsCSV 126
getReportResultAsXML 127
getReportResultAsPDF 128
runXmlQuery 129
getTrafficGraph 131

SP API Guide, Version 8.4 115

SP API Guide, Version 8.4

queueReportToRun
Prototype
queueReportToRun(name)

Accepted parameter
queueReportToRun enters a report into the run queue and accepts the following
parameter:

queueReportToRun parameter

Name Type Description

name string The name of a configured wizard report that
you want to run.
Up to 8 reports can run at once.

Return value
queueReportToRun returns the following value:

queueReportToRun return value

Name Type Description

results string One of the following:
n “Success,” which indicates that a report was
successfully queued
n a SOAP Fault with an error message for failed
commands

116 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getReportList
Prototype
getReportList(filter, count)

Accepted parameters
getReportList returns a list of all configured wizard reports on the system and accepts the
following parameters:

getReportList parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Select a <object>
window Search box on the Reports pages in
the web UI.

count unsigned integer The number of configured reports to return

that match the filter.
Tip
Type 0 to return unlimited results.

Return value
getReportList returns the following value:

getReportList return value

Name Type Description

results ReportConfigurationArray One or more arrays of ReportConfiguration
records.
See “ReportConfiguration” below.

ReportConfiguration
ReportConfiguration describes a report’s configuration and contains the following
elements:

ReportConfiguration elements

Name Type Description

id string The ID of a configured report.

name string The name of a report.

type string The type of report.

description string The description of a report.

Proprietary and Confidential Information of Arbor Networks Inc. 117

SP API Guide, Version 8.4

ReportConfiguration elements (Continued)

Name Type Description

tags string (Optional) One or more tags that are applied to a report.

recipient string The user configured to receive the report when it is

complete.

schedule string The schedule on which a report runs, if configured, in cron

notation.

last_ string The user who last edited a report configuration.

changed_by

118 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getReportListXML
Prototype
getReportListXML(filter, count)

Accepted parameters
getReportListXML returns a list of all configured wizard reports on the system and accepts
the following parameters:

getReportListXML parameters

Name Type Description

count unsigned integer The number of configured reports to return

that match the filter.
Tip
Type 0 to return unlimited results.

Return value
getReportListXML returns the following value:

getReportListXML return value

Name Type Description

results string An XML representation of the same data
that is returned by the ReportConfiguration
function.
See “ReportConfiguration” on page 117.

Proprietary and Confidential Information of Arbor Networks Inc. 119

SP API Guide, Version 8.4

getReportResultsList
Prototype
getReportResultsList(filter, count)

Accepted parameters
getReportResultsList returns a list of meta-data about all available configured report
results. It accepts the following parameters:

getReportResultsList parameters

Name Type Description

count unsigned integer The number of configured reports to return

that match the filter.
Tip
Type 0 to return unlimited results.

Return value
getReportResultsList returns the following value:

getReportResultsList return value

Name Type Description

results ReportResultArray One or more arrays of ReportResult records.

ReportResult
ReportResult describes a report’s results and contains the following elements:

ReportResult elements

Name Type Description

id string The ID of a configured report.

name string The name of a report.

type string The type of report.

description string The description of a report.

tags string (Optional) One or more tags that are applied to a report.

120 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

ReportResult elements (Continued)

Name Type Description

request_time float The time at which a report ran, in seconds and
microseconds since the epoch. You can obtain the
request_time (not the request_time_iso) for a report by
using the getReportResultsList function.

request_time_ dateTime The date and time when an alert started, in the following
iso ISO 8601 format:
n CCYY-MM-DDThh:mm:ss

request_ string The method by which the report was run, which can be
method one of the following:
n manual
n scheduled

requested_by string The user configured to receive the report when it is

complete.

last_changed_ string The user who last edited a report configuration.

Proprietary and Confidential Information of Arbor Networks Inc. 121

SP API Guide, Version 8.4

getReportResultsListXML
Prototype
getReportResultsListXML(filter, count)

Accepted parameters
getReportResultsListXML returns a list of meta-data about all available configured report
results. It accepts the following parameters:

getReportResultsListXML parameters

Name Type Description

count unsigned integer The number of configured reports to return

that match the filter.
Tip
Type 0 to return unlimited results.

Return value
getReportResultsListXML returns the following value:

getReportResultsListXML return value

Name Type Description

results string An XML representation of the same data
that is returned by the ReportResult
function.

122 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getLastReportResultAsCSV
Prototype
getLastReportResultAsCSV(name)

Accepted parameter
getLastReportResultAsCSV returns the output of the specified wizard report in CSV format.

Note
Wizard reports that contain complex data types (for example, alerts and mitigations) are
not supported in CSV format.

SP returns the results in a zip file that contains one CSV file per query in the report. It
accepts the following parameter:

getLastReportResultAsCSV parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsCSV returns the following value:

getLastReportResultAsCSV return value

Name Type Description

csv_zip base64binary A base64-encoded zip file that contains a CSV
file for each query in the specified report.

Proprietary and Confidential Information of Arbor Networks Inc. 123

SP API Guide, Version 8.4

getLastReportResultAsXML
Prototype
getLastReportResultAsXML(name)

Accepted parameter
getLastReportResultAsXML returns the output of the specified wizard report in XML
format. It accepts the following parameter:

getLastReportResultAsXML parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsXML returns the following value:

getLastReportResultAsXML return value

Name Type Description

xml string The XML query results for the specified report.

124 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getLastReportResultAsPDF
Prototype
getLastReportResultAsPDF(name)

Accepted parameter
getLastReportResultAsPDF returns the output of the specified wizard report in PDF format.
It accepts the following parameter:

getLastReportResultAsPDF parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsPDF returns the following value:

getLastReportResultAsPDF return value

Name Type Description

pdf base64binary A base64-encoded PDF of the most recently
completed run of the specified report.

Proprietary and Confidential Information of Arbor Networks Inc. 125

SP API Guide, Version 8.4

getReportResultAsCSV
Prototype
getReportResultAsCSV(name, request_time)

Accepted parameters
getReportResultAsCSV returns the output of the specified wizard report, at a specified run
time, in CSV format.

Note
Wizard reports that contain complex data types (for example, alerts and mitigations) are
not supported in CSV format.

SP returns the results in a zip file that contains one CSV file per query in the report. It
accepts the following parameters:

getReportResultAsCSV parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain the
request_time (not the request_time_iso) for a
report by using the getReportResultsList function.

Return value
getReportResultAsCSV returns the following value:

getReportResultAsCSV return value

Name Type Description

csv_zip base64binary A base64-encoded zip file that contains a CSV file
for each query in the specified report.

126 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getReportResultAsXML
Prototype
getReportResultAsXML(name, request_time)

Accepted parameters
getReportResultAsXML returns the output of the specified wizard report, at a specified run
time, in XML format. It accepts the following parameters:

getReportResultAsXML parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain
the request_time (not the request_time_iso) for
a report by using the getReportResultsList
function.

Return value
getReportResultAsXML returns the following value:

getReportResultAsXML return value

Name Type Description

xml string The XML query results from the specified run
of the configured report.

Proprietary and Confidential Information of Arbor Networks Inc. 127

SP API Guide, Version 8.4

getReportResultAsPDF
Prototype
getReportResultAsPDF(name, request_time)

Accepted parameters
getReportResultAsPDF returns the output of the specified wizard report, at a specified run
time, in a PDF file. It accepts the following parameters:

getReportResultAsPDF parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain
the request_time (not the request_time_iso) for
a report by using the getReportResultsList
function.

Return value
getReportResultAsPDF returns the following value:

getReportResultAsPDF return value

Name Type Description

pdf base64binary A base64-encoded PDF of the specified run of
the specified report.

128 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

runXmlQuery
Prototype
runXmlQuery(query)

Accepted parameter
runXmlQuery accepts the following parameter:

runXmlQuery parameter

Name Type Description

query string An XML query in standard SP XML query
format. This parameter is only the XML query,
not an entire XML report, like the
getTrafficGraph function. Data is returned in
the XML result format as specified in the SP
and TMS User Guide .

For current XML report specifications, see “Using Customized Reports” in the SP and TMS
User Guide .

Using the example query included in the SOAP package

An example XML query that can be used with runXmlQuery() is included in the SP SOAP
package (in the binby_router.xml file). You must edit this file so that it refers to existing
routers in your system.

Creating an XML report on the View Reports page

To create an XML report on the View Reports page:
1. Navigate to the Configure Reports page (Administration > Reports).
2. Click the Add Report Configuration button and select Classic XML Report.
3. Type the name of the report in the Name box.
4. Type the title of the report in the Title box.
5. Click Add Query .
6. Specify the query details for the data that you want to graph in the Report Object
Wizard.
7. Click Save to generate the report XML.
8. Cut the <query> portion of the XML (to use in the runXmlQuery() function), and then
paste it directly under the <peakflow> XML element.
9. Delete the remaining part of the <report> XML element.

Editing your XML so it works with SOAP

You must enclose all XML queries inside a <peakflow></peakflow> XML element.

Edit your report XML so it matches the following:

<?xml version=”1.0”?>
<peakflow version=”1.0”>
...

Proprietary and Confidential Information of Arbor Networks Inc. 129

SP API Guide, Version 8.4

</query>
</peakflow>

runXmlQuery outputs
The query returns detailed sample data for items matching the query. The results are
returned in the standard SP XML data format, as if it was downloaded directly from the SP
web UI.

Writing XML reports manually

You can also write XML reports manually using the XML specifications (either compact or
RelaxNG notation) in the SP SOAP package.

130 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7: Report Functions in the Current SOAP API

getTrafficGraph
Prototype
getTrafficGraph(query, graph_configuration)

Accepted parameters
getTrafficGraph accepts the following parameters:

getTrafficGraph parameters

Name Type Description

query string An XML query, defined using current the standard SP XML
query schema.
See “Example: XML query” below.

graph_ string An XML representation that specifies the following for the
configuration graph:
n (Optional) the title of the graph
n (Optional) the y-axis label
n (Optional) the width of the graph
n (Optional) the height of the graph
n (Optional) whether you want to include a legend with the
graph

See “Example: graph_-configuration XML format” below.

Example: XML query

The following is an example of an XML query:
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="2.0">
<query type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<class type="in"/>
<class type="out"/>
<filter type="customer">
<instance name="CustomerName"/>
</filter>
<filter type="application" binby="1"/>
</query>
<peakflow>

Example: graph_-configuration XML format

The following is an example of the graph_configuration XML format:
<?xml version=\"1.0\" encoding=\"utf-8\"?>

Proprietary and Confidential Information of Arbor Networks Inc. 131

SP API Guide, Version 8.4

<peakflow version=\"2.0\">
<graph id=\"graph1\">
<title>Google Daily Traffic</title>
<ylabel>bps</ylabel>
<width>800</width>
<height>300</height>
<legend>1</legend>
</graph>
</peakflow>

Return value
getTrafficGraph returns the following value:

getTrafficGraph return value

Name Type Description

graph base64-encoded PNG A graph that displays all of the items returned
image by the query specified as part of the XML
report. If greater than 15 items are returned,
then the top 15 items are graphed.

132 Proprietary and Confidential Information of Arbor Networks Inc.

Part IV:
Classic SOAP API
SP API Guide, Version 8.4

134 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 8:
Introduction to the Classic SOAP API
and the Python and PHP Package

Introduction
SP supports its classic SOAP API, which allows you to have programmatic access to the
data on SP appliances. This chapter includes an introduction to the classic SOAP API and
how to use it with the Python and PHP package. Information about using the classic SOAP
API with Java is described in the next chapter.

Important
The classic SOAP API has been deprecated and support is limited to bugs that break the
service completely. The classic SOAP API is maintained only as a courtesy to customers
until they can migrate to the current SOAP API or to the Arbor Web Services API.
Individual functions in the classic SOAP API may not work in releases after SP 7.0.

In this section
This section contains the following topics:

Using the SOAP API in SP 136

Getting Started 138
Installing the SP SOAP Python Client 139
Viewing Classic SOAP API Examples in PHP 140
How Classic SOAP API Calls Map to Current SOAP API Calls 141

SP API Guide, Version 8.4 135

SP API Guide, Version 8.4

Using the SOAP API in SP

Introduction
The SOAP API in SP is implemented by the SP leader appliance or a non-leader appliance
that has the user interface role. You can access the SOAP API using HTTPS.

References
For more information about SOAP API, see the following references:
n SOAP v1.1: http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
n WSDL v1.1: http://www.w3.org/TR/wsdl
n XMLSchema: http://www.w3.org/TR/xmlschema-0/
n ZSI (a Python SOAP framework) documentation:
http://pywebsvcs.sourceforge.net/zsi.html
Note
There is a known bug with Digest Authentication in ZSI that causes all calls to the SOAP
API to fail. See http://sourceforge.net/p/pywebsvcs/bugs/285/ for information about
the bug and how to fix it.
n Java (Oracle Technology Network):
http://www.oracle.com/technetwork/java/index.html
n Apache Axis: http://ws.apache.org/axis/

Components of the SP SOAP packages

There are two SP SOAP packages. One package is for Python and PHP and the other
package is for Java / Axis.

Each package contains the following components:

n SP Web Services Definition Language (WSDL) document (called PeakflowSPClassic.wsdl)

n SOAP client samples (Python and PHP or Java /Axis)

n Readme documentation

The files in these packages provide an XML specification for the SP XML Query and XML
Report formats. XML reports always include an XML query. XML queries are not used
outside of an XML report, except with the SOAP API call getTrafficData().

For an example of an XML report query, see the samples in the SOAP package or
Appendix B, “XML Specifications” in the SP and TMS User Guide .

SOAP endpoint address

136 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package

The following WSDL snippet shows a typical SOAP endpoint binding:

Resolving address resolution problems

Methods to resolve resolution problems

Method Procedure
Method 1 1. Set the FQDN on the SP appliance using the following
command: / system name set host.domain.ext.
2. Change the name of the appliance in the SP configuration using
the following command: / services sp devices rename
oldnamenewname
Note
You must download the WSDL file from the SP web UI in order to
show the changed address. The WSDL file is downloaded as part of
the API SDK (Administration > Download Arbor API SDK).

Method 2 Manually edit the endpoint/soap binding section of the SP WSDL to

include a FQDN.

Method 3 Programmatically change the endpoint URL within the code. Most
client-side SOAP libraries provide a facility by which you can change
the endpoint URL programatically to redirect the transactions with
the web service.

Arbor recommendations to ensure optimal performance

Arbor recommends the following to ensure optimal performance when you use the SOAP
API with SP:
n For the getTrafficGraph() and getTrafficData() SOAP functions, run the same query at
five minute or greater intervals.
n For all other SOAP functions, run the same query at one minute or greater intervals.
n Make 15 or fewer active SOAP connections to SP at one time.
n Make 100 or fewer SOAP queries per minute.

Proprietary and Confidential Information of Arbor Networks Inc. 137

SP API Guide, Version 8.4

Getting Started
Introduction
The SP API works well with the following:
n Python using the ZSI 1.5 SOAP package
Note
There is a known bug with Digest Authentication in ZSI that causes all calls to the SOAP
API to fail. See
http://sourceforge.net/tracker/index.php?func=detail&aid=2936589&group_
id=26590&atid=387667 for information about the bug and how to fix it.
n PHP
n Java and Apache Axis 1.4

This topic provides information about and instructions for using Python as well as Java
and Apache Axis with the SP API.

Using the example XML reports and queries included in the SOAP package
The binby_router.xml file contains an example XML query for use with getTrafficData(). The
file report.xml contains an example XML report for use with getTrafficGraph().

The XML query format is described in Appendix B, “XML Specifications” of the SP and TMS
User Guide and in the XML schema files included in the SOAP package.

138 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package

Installing the SP SOAP Python Client

Introduction
This topic describes how to install the SP SOAP Python client.

Procedure
To install the SP SOAP Python client:
1. Download the Arbor SDK from the web UI (Administration > Download Arbor API
SDK).
The example SOAP clients are located in the Classic folder.
2. Install the following third-party packages:
l py-ZSI 1.5–You can download the ZSI 1.5 package for Python from
http://pywebsvcs.sourceforge.net/zsi.html.
l pyXML 0.6 or later–You can download the XML package for Python from
http://python.org.
l Python 2.3 or later–You can download Python from
http://python.org.
3. Run the sudo Python setup application. This installs the necessary sp.soap Python
library into your Python site-packages location.
4. Test the script by running the following:
./soap_client.py -h leader_appliance -z zone_secret \ -c
getAlertSummaries -o offset=0 -o count=10
leader_appliance = the name of the leader appliance
zone_secret = the word or phrase that is used by all appliances in the system for
internal communication
5. Run the following command to get its usage and a list of examples:
./soap_client.py -h

Note
There is a known bug with Digest Authentication in ZSI that causes all calls to the SOAP
API to fail. See
http://sourceforge.net/tracker/index.php?func=detail&aid=2936589&group_
id=26590&atid=387667 for information about the bug and how to fix it.

Proprietary and Confidential Information of Arbor Networks Inc. 139

SP API Guide, Version 8.4

Viewing Classic SOAP API Examples in PHP

Introduction
The PHP SOAP client shows examples of the classic SOAP API written in PHP. You can use
the examples to determine how to use many of the SP classic SOAP API calls. Arbor
recommends using PHP because it is easy to use and well-supported.

PHP client requirements

To run the PHP SOAP client, you must have a version of PHP installed on your system that
has SOAP support enabled.

To confirm SOAP support in your PHP build:

1. Go to a terminal prompt on the computer where you installed PHP.
2. Run the php -i command.
3. Verify that you see soap or enable-soap in the output.

140 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package

How Classic SOAP API Calls Map to Current SOAP API Calls
Introduction
This topic describes how classic SOAP API calls map to current SOAP API calls. This can
help you transition to using the current SOAP API.

SOAP call changes

The following table shows how classic SOAP API calls map to current SOAP API calls:

Classic SOAP API mapping to current SOAP API

Classic SOAP Call Current SOAP Call Notes

getAlertSummaries getDosAlertSummaries Characterization is available
using getDosAlertDetails-
XML.

getAlertGraph getDosAlertGraph

getAlertGraphData getDosAlertDetails
getDosAlertDetailsXML
(the impact_bps and
impact_pps values)

getAlertInterfaces getDosAlertDetails

getAlertInterfaceDetails getDosAlertDetails

getAlertInterfacesXML getDosAlertDetailsXML

getAlertRouterInterfacesXML getDosAlertDetailsXML

getReport getReportList Only available for Wizard

getReportListXML reports.
getReportResult
getReportResultsList
getReportResultsListXML
getLastReportResultAsCSV
getLastReportResultAsXML
getLastReportResultAsPDF
getReportResultAsCSV
getReportResultAsXML
getReportResultAsPDF

accountAdd accountAdd Arguments are different.

accountDelete accountDelete

accountChangeGroup accountChangeGroup Arguments are different.

accountChangePassword accountChangePassword Arguments are different.

sqlQuery deprecated

getTrafficData runXmlQuery

Proprietary and Confidential Information of Arbor Networks Inc. 141

SP API Guide, Version 8.4

Classic SOAP API mapping to current SOAP API (Continued)

Classic SOAP Call Current SOAP Call Notes

getTrafficGraph getTrafficGraph

cliRun cliRun

142 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9:
Using Java/Axis with the Classic SOAP
API

Introduction
This chapter provides information about and instructions for using Java and Axis with the
classic SP SOAP API.

In this section
This section contains the following topics:

Prerequisites for Using Java/Axis with the SP SOAP Interface 144

Configuring Certificates 146
Generating the Client Proxy Code 148
Using the Client Proxy Code 149
Using the Utility Package 152
Working with the Sample Code for Java/Axis 153
Building and Running the Sample Projects 155
Fault Handling 164
Capturing the XML Request and Response 165

SP API Guide, Version 8.4 143

SP API Guide, Version 8.4

Prerequisites for Using Java/Axis with the SP SOAP Interface

Introduction
This topic describes the component and configuration prerequisites for using Java/Axis
with the classic SP SOAP Interface.

Requirements
The information and examples included in this chapter use the following configuration:
n Java JDK 5.0 Update 9 or higher

n Apache Axis 1.4 -- http://ws.apache.org/axis/

Note
Due to a known issue in the Axis 1.4 release build (AXIS-2394), you may want to use an
Axis 1.4 nightly build for SP SOAP client development.
n Apache Commons HttpClient, version 3.1 -- http://hc.apache.org/httpclient-3.x/
Note
In SP versions 5.0 and higher, clients must support HTTP Digest Authentication. To
enable this behavior, the Commons HTTPSender is selected as the HTTP transport in
client-config.wsdd. Clients must also either force HTTP/1.0 or disable chunked
encoding with the present server implementation. The Java client example forces
HTTP/1.0 for SOAP transactions. To disable chunked encoding instead, use the
following Java statement:
pfspStub._setProperty
(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,”false”)
n Apache Commons Codec, version 1.2 or higher -- http://commons.apache.org/codec/

Classpath notes
The Axis toolkit has a number of jar files that Java must be able to find. These include the
following:
n axis.jar

n axis-ant.jar
n axis-schema.jar
n commons-discovery-0.2.jar
n commons-logging-1.0.4.jar
n jaxrpc.jar
n saaj.jar
n wsdl4j-1.5.1
n log4j-1.2.8.jar (or whatever is appropriate for your chosen logging implementation)

Note
All of these Axis class .jar files should be added to the AXISCLASSPATH environment
variable.

In addition, the following classes from the Apache Commons project must be somewhere
in your classpath:
n commons-httpclient-3.1.jar

n commons-codec-1.2.jar

144 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Note
This guide assumes that variables were configured as described in the “Classpath Setup”
section of the Axis Installation Guide . As such, this guide includes simpler, rather than
detailed, references to variables like AXIS_HOME and AXISCLASSPATH.

For more information, see the following page detailing the Axis classpath:
http://ws.apache.org/axis/java/install.html#ClasspathSetup

Digest authentication
Starting with version 5.0, SP uses Digest authentication for HTTPS connections. You must
configure your Java Axis environment to perform Digest authentication in order to use the
SP Java SOAP client. The SP Java client examples are configured to perform Digest
authentication by default, using the Apache Commons HttpClient.

Proprietary and Confidential Information of Arbor Networks Inc. 145

SP API Guide, Version 8.4

Configuring Certificates
Introduction
All SP API calls are encrypted with SSL (as HTTPS) to protect the privacy of your data. Use of
the SP API is therefore subject to SSL certificate configuration.

When you use a browser to display an SSL encrypted site, you may be prompted to
configure a certificate if the certificate was not issued by a trusted certificate authority or if
there is another certificate issue. However, when you attempt to make an SSL connection
programmatically, there is not an automated mechanism for interactive prompting.
Because of this, a connection that normally results in a prompt for the user results in a
failed connection for a web service client application.

Before using the SP API, you must configure the Java environment to accept the certificate
of the SP appliance. You can download the certificate from the SP appliance and then
install it into a system-wide Java keystore as described below.

Obtaining the SP certificate file

You can obtain the SP certificate file from Arbor Customer Support or by issuing either of
the following commands:
n / system files show
The certificate file is listed in the output.
n / system files directory disk:
The certificate file is on disk.

The Java Runtime Environment and the cacerts keystore

The Java Runtime Environment (JRE) uses keystore databases to store information about
private keys and certificates. Keystores are configured using the keytool command-line
utility included with the JRE.

A system-wide keystore named cacerts resides in the security properties directory,

java.home\lib\security, where java.home is the runtime environment's directory (the JRE
directory in the SDK or the top-level directory of the Java 2 Runtime Environment). For the
examples in this chapter, you should import the SP certificate into the cacerts keystore.

Importing a SP certificate file

To import an SP certificate file:
1. To convert the SP certificate to X.509 format using the openssl tool, enter openssl
x509 -in peakflowsp.crt -out peakflowsp.der -outform der
Note
Replace peakflowsp with the hostname of the SP system from which you
downloaded the certificate.
2. To import the SP certificate into your cacerts keystore, enter $JAVA_
HOME/bin/keytool -import -alias peakflowsp -file peakflowsp.der -
keystore $JRE_HOME/lib/security/cacerts
Note
Replace peakflowsp with the hostname of the SP system from which you
downloaded the certificate.

146 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Note
A password is required to change the cacerts keystore (the keytool will prompt you for
this password). The default password for the cacerts keystore is changeit. You may want
to change this for security purposes.

Completion of these steps configures the Java environment to allow connections to the SP
appliance.

Proprietary and Confidential Information of Arbor Networks Inc. 147

SP API Guide, Version 8.4

Generating the Client Proxy Code

Introduction
To generate web service client proxy code for the SP API, use the WSDL2Java tool that is
provided with Axis. WSDL2Java is part of the org.apache.axis.wsdl package and uses the
following syntax:
java [-cp <classpath>] org.apache.axis.wsdl.WSDL2Java [options]

You can use the WSDL2Java tool to process remote WSDL documents that are specified by
URL or local WSDL documents that are specified by path. The generated client code is
created in a package hierarchy rooted in the current working directory.

Note
For WSDL documents specified by URL, WSDL2Java connects to the web service server
and then downloads the WSDL document and process.

Generating the client proxy code with WSDL2Java

After you download the WSDL document for your SP appliance to your local system, you
can use WSDL2Java to generate the client proxy code. The WSDL2Java command to do this
requires only the path to the local WSDL document as an argument.

By default, the WSDL2Java tool uses the current working directory as the output target.
This means that it will generate a directory hierarchy within the current working directory
that contains the various class files that comprise the SP stub client code. You can move
these directories and files later; however, you may want to run this command directly from
your project directory so that the files are created there. Alternatively, you can also use the
–o argument to specify an output directory.

The following command processes the SP WSDL document that is located in the current
directory (named peakflowsp.wsdl) and generates the stub client code:

Windows: java -cp %AXISCLASSPATH% org.apache.axis.wsdl.WSDL2Java

peakflowsp.wsdl

Unix: java -cp "$AXISCLASSPATH" org.apache.axis.wsdl.WSDL2Java

peakflowsp.wsdl

If successful, the generated client proxy code is created as a PeakflowSP package, rooted
in the current working directory. A directory hierarchy appropriate for this package (for
example, PeakflowSP/PeakflowSP/… ) is created in the current directory.

148 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Using the Client Proxy Code

Introduction
The following sections detail the steps required to use the generated client proxy code in a
Java/Axis project.

Task Overview
After the client proxy code is generated, perform the following required tasks to begin
using the SP API:
1. Import the classes into your Java project.
2. Create and initialize the necessary interface objects.
3. Supply the proper authentication credentials to the interface.
4. Import and add handling for the AxisFault class for SOAP faults.
5. Add proper handling of response values.

Importing the classes

To import the classes into your Java project:
1. Confirm that the directory hierarchy (PeakflowSP), containing the SP classes
generated by WSDL2Java, is located within your project directory. If it is not, copy it
there.
2. Add the following import statement to your referencing Java class:
import PeakflowSP.*;

Creating and initializing the interface objects

To create and initialize the interface objects:
1. Create a PeakflowSPServiceLocator object (ServiceLocator).
2. Initialize the getPeakflowSPPort() method to retrieve the PeakflowSPPort object
that is the actual wrapper for the SP API.
Note
SP operations are member functions of the Port class.

The following code shows an example of these steps for creating and initializing the
pfspPort object:
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();
PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

Supplying authentication credentials

To supply the proper authentication credentials for the interface to connect to the SP
appliance:
n Use the Stub class (the class that hides all of the detailed work behind the scenes) to
supply a user name and password for the connection.

Note
Verify that you have your Java Axis environment configured to perform Digest
authentication.

The following code shows an example of these steps to set up authentication:

PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;

Proprietary and Confidential Information of Arbor Networks Inc. 149

SP API Guide, Version 8.4

pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");

Note
For users who do not have the sp_soap capability, the SOAP interface requires
authentication using the user name arbor and their zone secret as the password.

Adding exception handling

To add exception handling:
1. Add an import for the org.apache.axis.AxisFault class for catching these SOAP
faults.
2. Wrap SOAP operations in try-catch blocks to handle AxisFaults.
3. Add the following import statements to your referencing Java class:
import org.apache.axis.AxisFault;

Note
You must use the proper exception handling with try-catch blocks that include handling
of the AxisFault class for SOAP faults. AxisFaults represent the error conditions that
can occur during SOAP operations with Java/Axis.

AxisFault handling example

The following code shows an example of AxisFault handling:
try {
...
String strResultXML = pfspPort.cliRun(strCommand);
...
}
catch (AxisFault e) {
System.out.println("AxisFault: " + e.getFaultString());
}

For more information about AxisFaults and their content, see “Fault Handling” on
page 164 .

Response handling
The output for all of the Configuration Management functions are returned in the
standard SP XML data format with a base64-encoded query-reply text node.

150 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

an SP SOAP client application will need to parse the returned XML blob to extract the
query-reply text node. The value of this text node is base64-encoded and must be
decoded to get the plaintext result value.

Note
The SP Utility package (described in the next section) includes helper functions to assist
with the processing of response values.

Proprietary and Confidential Information of Arbor Networks Inc. 151

SP API Guide, Version 8.4

Using the Utility Package

Introduction
an SP Utility package was created with some simple helper functions that you might find
useful while developing SP SOAP client code with Java/Axis. The sample code, discussed in
the sections below, uses this package. The use of this package is not required but provides
a shared codebase of common methods and allows for the samples themselves to be as
simple as possible with a minimum of code duplication. The utility package provides
simple functions to handle base64 encoding and decoding as well as a helper function to
parse and decode an SP response value.

Procedure
To import the SP Utility classes into your Java project:
1. Confirm that the directory hierarchy (PeakflowSPUtil), containing the SP utility class
(available within the SP SOAP Package), is located within your project directory. If it is
not, copy it there.
2. Add the following import statement to your referencing Java class:
import PeakflowSPUtil.*;

Example
You can use the simple utility functions within the PeakflowSPUtil package once they are
imported into your project. The functions are all static member functions within the
PfSPUtil class and can be called without creation of a class instance.

The following code is an example of how to use the getResultFromXML function:

try
{
...
String strResultXML = pfspPort.cliRun(strCommand);
System.out.println(PfSPUtil.getResultFromXML(strResultXML));
...
}
catch(AxisFault e)
{
e.printStackTrace();
}

152 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Working with the Sample Code for Java/Axis

Introduction
This section provides a few example projects that integrate all of the elements discussed
earlier into applications that use the classic SP API to query and display data from the SP
appliance. The SDK includes the source code and the necessary project files and scripts.

About the sample code included

The src directory of the SDK includes the sample code for Java with Axis. There are four
subdirectories that correspond to the two sample projects (pfspsample1 and
pfspsample2), the shared client proxy code (pfspproxy), and the utility package
(pfsputil).

The following diagram shows this hierarchy:

+ src
+ pfspsample1 – Sample Project 1
+ pfspsample2 – Sample Project 2

+ pfspproxy - Shared Client Proxy Package

+ PeakflowSP - Root of generated SP proxy package

+ pfsputil - Shared Utility Package

+ PeakflowSPUtil - Root of the provided SP Utility package

Customizing the sample code

Because the SP client proxy code is associated with an endpoint of a specific SP appliance,
you must customize the projects for your SP deployment.

Complete the following steps to customize the solution for your SP deployment:
1. Update the client proxy code within the pfspproxy directory.
2. Update the user name and password used for authentication in each of the sample
projects (pfspsample1, pfspsample2).

Updating the client proxy code

You can update the client proxy code (pfspproxy) for your SP deployment by using one of
the following methods:
n Replace the existing client proxy code (pfspproxy).

n Programmatically change the endpoint URL within the code.

Note
An existing pfspproxy client proxy package is included but is intended to be only a
placeholder.

Replacing the sample client proxy code

To replace the client proxy code included in the pfspproxy directory:
1. Delete the existing net directory within pfspproxy.
2. Download the WSDL document for your SP appliance to the pfspproxy directory.

Proprietary and Confidential Information of Arbor Networks Inc. 153

SP API Guide, Version 8.4

3. Generate the PeakflowSP package (recreating the PeakflowSP directory and content).
For information on generating the PeakflowSP package, see “Generating the Client
Proxy Code” on page 148 .

Changing the endpoint URL

As an alternative to replacing the client proxy code, you can also programmatically modify
the endpoint URL within the code (while continuing to use the pre-generated client proxy
code included with the SDK). To do this:
1. Locate the block of code that includes the call to
setPeakflowSPPortEndpointAddress in each of the sample classes.
It is located near the beginning of each of the samples immediately following the
creation of the PeakflowSPServiceLocator object. It looks like the following:
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);
Note
The client proxy code in the SDK was generated using a version of the SP WSDL
document that is not specific to a particular SP appliance. Instead, it includes an
endpoint address of ”https://@@HOSTNAME@@/cgi-bin/soap”. You can replace
the ”@@HOSTNAME@@” programatically with the address of your SP appliance, which
is the purpose of the three samples above.
2. Uncomment the calls as they are currently commented out.
3. Replace peakflowsp with the address of your SP appliance.

Updating the password

You must change the password used for communication with the SP appliance to your SP
zone secret. The user name and password are configured using the stub’s setUserName
and setPassword methods in each of the sample projects (pfspsample1, pfspsample2).
You must change each instance.

Note
For users who do not have the sp_soap capability, the SOAP interface requires
authentication using the user name arbor and their zone secret as the password.

To update the password:

1. Locate calls to the setUserName and setPassword methods in each of the sample
classes.
They are located at the beginning of each of the samples closely following the creation
of the PeakflowSPServiceLocator object. It looks like the following:
pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");
2. Replace the <<zonesecret>> with your SP zone secret.

154 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Building and Running the Sample Projects

Introduction
You can use the script files in the SDK to build and run the sample projects after you
perform the following actions:
n either replace the client proxy code or change the endpoint URL

n update the user name and password to customize the sample code for your SP
appliance

The script files are located in the project directories (pfspsample1, pfspsample2). Use the
build scripts (build.sh for Unix; build.cmd for Windows) to build a project, and then use
the test scripts (testit.sh for Unix; testit.cmd for Windows) to run a project.

Sample 1— adding and deleting accounts

The first use of the interface (pfspsample1) is a program that demonstrates the addition
and deletion of a sample account (PfSPSampleUser). This program presents a simple
menu with the following three options:
n (1) Create the PfSPSampleUser account

n (2) Delete the PfSPSampleUser account

n (0) Exit the sample application

Sample 1 code overview

To build and run the sample 1 project:
1. Create the objects and initialize the SP stub client (pfspPort).
2. Use the pfspStub object to establish network credentials with the appropriate user
name and password (as described above) for the SP appliance.
3. Display a menu with options to create the account, delete the account, and exit the
application.
4. Prompt the user for the menu selection and then process as described in the
following:
l [1] Use the accountAdd operation to add the PfSPSampleUser account.
l [2] Use the accountDelete operation to delete the PfSPSampleUser account.
l [0] Exit the program.
5. Parse, decode, and display the result of the SOAP operation executed.
6. Prompt the user to “Press <ENTER> to continue...”
7. Return to Step 3 to display the menu for the user.
The menu repeatedly displays after each operation until the user selects to exit the
application.

Sample 1 listing
The following example shows the listing of the first sample project:
import java.io.BufferedReader;
import java.io.InputStreamReader;

import org.apache.axis.AxisFault;
import org.w3c.dom.Element;

Proprietary and Confidential Information of Arbor Networks Inc. 155

SP API Guide, Version 8.4

import org.w3c.dom.Node;

import PeakflowSP.*;
import PeakflowSPUtil.*;

public class PfSPSample1 {

public static void main(String[] args) {

try
{
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();
// The client proxy code can be customized for a particular SP
installation by either:
//
// (1) Generating the client proxy code from the WSDL document
downloaded
// directly from the SP interface (from the Scripting Interface
// page or the Scoped UI Settings page).
// (2) Or, by programmatically modifying the endpoint using
the code below.
// To do so, uncomment the code below and change 'peakflowsp' to
the address of
// the SP box.
//
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);

PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;

// Configure Basic Authentication

pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");

String strAccountName = "PfSPSampleUser";

while(true)
{
System.out.println("");
System.out.println("PeakflowSP Java/Axis1 SOAP Sample #1");

156 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

System.out.println("");
System.out.println("[1] Create the " + strAccountName + " account
(accountAdd operation)");
System.out.println("[2] Delete the " + strAccountName + " account
(accountDelete operation)");
System.out.println("");
System.out.println("[0] Exit sample application");
System.out.println("");
System.out.print("Choice: ");

String input = stdin.readLine();

int nChoice = 0;
try { nChoice = Integer.valueOf(input).intValue(); }
catch (NumberFormatException e) { continue; }

if (nChoice == 0)
break;
else if (nChoice == 1)
{
String strPassword = "sample";
String strGroup = "arbor_user";
String strMenu = ""; // Use default
String strTimezone = ""; // Use default
String strScope = ""; // Use default
String strRealname = "Java/Axis1 Sample Account";
String strEmail = "";

System.out.println("");
System.out.println("Calling PeakflowSPPort.accountAdd(" +
toQuotedString(strAccountName) + "," + toQuotedString(strPassword) +
"," + toQuotedString(strGroup) + "," + toQuotedString(strMenu) + "," +
toQuotedString(strTimezone) + "," + toQuotedString(strScope) + "," +
toQuotedString(strRealname) + "," + toQuotedString(strEmail) + ")");
System.out.println("");

try
{
String strResultXML = pfspPort.accountAdd(strAccountName, strPassword,
strGroup, strMenu, strTimezone, strScope, strRealname, strEmail);
System.out.println("PeakflowSPPort.accountAdd return value = " +
PfSPUtil.getResultFromXML(strResultXML));
}
catch(AxisFault e)

Proprietary and Confidential Information of Arbor Networks Inc. 157

SP API Guide, Version 8.4

{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
catch(Exception e)
{
e.printStackTrace();
}
}
else if (nChoice == 2)
{
System.out.println("");
System.out.println("Calling PeakflowSPPort.accountDelete(" +
toQuotedString(strAccountName) + ")");
System.out.println("");

try
{
String strResultXML = pfspPort.accountDelete(strAccountName);
System.out.println("PeakflowSPPort.accountDelete return value = " +
PfSPUtil.getResultFromXML(strResultXML));
}
catch(AxisFault e)
{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
catch(Exception e)
{
e.printStackTrace();
}
}

158 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

System.out.println("");
System.out.println("Press <ENTER> to continue ...");

stdin.readLine();
}
}
catch (Exception e)
{
System.out.println("An exception was encountered: " + e);
e.printStackTrace();
}
}

private static String toQuotedString(String strValue)

{
return "\"" + strValue + "\"";
}

// Create a single shared BufferedReader for keyboard input.

private static BufferedReader stdin = new BufferedReader(
new InputStreamReader( System.in ) );

Sample 1 output
The output of the first sample project that demonstrates the addition and deletion of
accounts will be similar to the following:
PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 1

Calling PeakflowSPPort.accountAdd("PfSPSampleUser","sample", "arbor_

user","","","", "Java/Axis1 Sample Account","")

PeakflowSPPort.accountAdd return value = OK

Press <ENTER> to continue ...

Proprietary and Confidential Information of Arbor Networks Inc. 159

SP API Guide, Version 8.4

PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 2

Calling PeakflowSPPort.accountDelete("PfSPSampleUser")

PeakflowSPPort.accountDelete return value = OK

Press <ENTER> to continue ...

PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 0

Sample 2 —Executing CLI commands

The second use of the interface (pfspsample2) provides an example of executing CLI
commands by providing a “pseudo-CLI” interface. The program simply displays a #
prompt at which you can type CLI commands. The output of each specified command is
then displayed.

Sample 2 code overview

To build and run the sample 2 project:
1. Create the objects and initialize the SP stub client (pfspPort).
2. Use the pfspStub object to establish network credentials with the appropriate user
name and password (as described above) for the SP appliance.
3. Display ‘#’ and prompt the user for a command to execute.
4. Parse, decode, and display the result of the CLI command (SOAP operation) executed.
Note
/x is used to exit the program.
5. Return to Step 3 to prompt the user for the next command.

160 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Sample 2 listing
The following example shows the listing of the second sample project:
import java.io.BufferedReader;
import java.io.InputStreamReader;

import org.apache.axis.AxisFault;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

import PeakflowSP.*;
import PeakflowSPUtil.*;

public class PfSPSample2 {

public static void main(String[] args) {

try
{
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();

// The client proxy code can be customized for a particular SP

installation by either:
//
// (1) Generating the client proxy code from the WSDL document
downloaded
// directly from the SP interface (from the Scripting Interface
// page or the Scoped UI Settings page).
// (2) Or, by programmatically modifying the endpoint using
the code below.
// To do so, uncomment the code below and change 'peakflowsp' to
the address of
// the SP box.
//
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);

PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;

// Configure Basic Authentication

pfspStub.setUsername("arbor");

Proprietary and Confidential Information of Arbor Networks Inc. 161

SP API Guide, Version 8.4

pfspStub.setPassword("<<zonesecret>>");

System.out.println("");
System.out.println("Entering Pseudo-CLI Mode ('/x' to exit)...");
System.out.println("");

while(true)
{
try
{
System.out.print("# ");
String strCommand = stdin.readLine();

if (strCommand.compareToIgnoreCase("/x") == 0)
{
System.out.println("");
System.out.println("Exiting Pseudo-CLI Mode...");
System.out.println("");
return;
}

String strResultXML = pfspPort.cliRun(strCommand);

System.out.println(PfSPUtil.getResultFromXML(strResultXML));
}
catch(AxisFault e)
{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
}
}
catch (Exception e)
{
System.out.println("An exception was encountered: " + e);
e.printStackTrace();
}

162 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

private static String toQuotedString(String strValue)

{
return "\"" + strValue + "\"";
}

// Create a single shared BufferedReader for keyboard input.

private static BufferedReader stdin = new BufferedReader(
new InputStreamReader( System.in ) );

Sample 2 output
The output of the second sample project that allows for the execution of specified CLI
commands for SP will be similar to the following (subject to the commands specified):
Entering Pseudo-CLI Mode ('/x' to exit)...

# / ?

ip/ IP and network configuration

services/ System services
system/ System configuration

# / services sp show

SP (CP) state: started

# / services ssh show

SSH service status:

Status: running
Port: 22 (default)
Protocol: 2,1 (default)

# /x

Exiting Pseudo-CLI Mode...

Proprietary and Confidential Information of Arbor Networks Inc. 163

SP API Guide, Version 8.4

Fault Handling
Introduction
You must properly handle AxisFaults in your application. This means having the proper
catch blocks to catch exceptions of this type and then processing them accordingly.

See “Generating the client proxy code with WSDL2Java” on page 148.

AxisFault fields
The following table shows the AxisFault fields returned by the SP API and what they
mean:

AxisFault fields

Field Description
faultCode The faultCode field describes the source of the problem, which is
either Client or Server.
n If the faultCode is Client, it means that there was a problem
with the parameters submitted to the API.
n If the faultCode is Server, it means that SP encountered an
unexpected problem while processing the request.

faultString A descriptive string that explains the source of the error.

n If the faultCode is Client, the faultString will be “Client
Error”.
n If the faultCode is Server, the faultString will be “Server
Error”.

details A descriptive string that explains the nature of the fault.

Example: The accountAdd operation may result in an AxisFault
for an existing account with the same name, as shown in “About
the Configuration Management Functions” on page 190 . This type
of details would look like:
“Local user already exists "PfSPSampleUser": ...“

164 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9: Using Java/Axis with the Classic SOAP API

Capturing the XML Request and Response

Introduction
It may be helpful to capture the XML request and response messages for debugging
purposes. Axis allows you to log these messages to a file of your choice. To do this, you
must create a client-config.wsdd in the application’s working directory.

Example
The following example shows the content of the client-config.wsdd that accomplishes this:

Note
All of the sample Java/Axis projects include a client-config.wsdd, configured as shown
above.

Proprietary and Confidential Information of Arbor Networks Inc. 165

SP API Guide, Version 8.4

166 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10:
Alert Functions in the Classic SOAP API

Introduction
This chapter includes information about the supported alert functions in the SP classic
SOAP API.

You can download the PeakflowSPClassic.wsdl file for a complete specification of the
data types used for each classic SOAP API alert function’s parameters and return value.
The WSDL file is downloaded as part of the API SDK (Administration > Download
Arbor API SDK).

In this section
This section contains the following topics:

getAlertSummaries 168
getAlertInterfaces 173
getAlertInterfaceDetails 176
getAlertInterfacesXML 181
getAlertRouterInterfacesXML 183
getAlertGraph 185
getAlertGraphData 186
getAlertStatisticsRaw and sqlQuery 188

SP API Guide, Version 8.4 167

SP API Guide, Version 8.4

getAlertSummaries
Prototype
getAlertSummaries(filter, count, offset )

Accepted parameters
getAlertSummaries accepts the following parameters:

getAlertSummaries parameters

Name Type Description

filter AlertSummaryFilter Criteria to filter which alerts to return.
See “AlertSummaryFilter elements” below.

count unsigned integer The number of alerts to return.

offset unsigned integer Designates to skip the first offset alerts (sorted
by alert ID).

AlertSummaryFilter elements
AlertSummaryFilter is a complex type that contains the following elements:

AlertSummaryFilter element

Name Type Description

parentProfile string Limits the returned alerts to those that affect the
managed object named parentProfile and its
children.

Return values
getAlertSummaries returns the following values:

getAlertSummaries return values

Name Type Description

count unsigned integer The number of alerts to return.

offset unsigned integer The offset of the returned alerts (as sorted
by alert ID).

summaries array of An array of summary information about

AlertSummary each alert.
See “AlertSummary elements” on the facing
page.

168 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

AlertSummary elements
The AlertSummary record describes a single alert and contains the following elements:

AlertSummary elements

Name Type Description

alertId unsigned integer An alert ID.

active boolean One of the following:

n “True” for an ongoing alert
n “False” for any other alert

srcCidr string The primary source CIDR that matches the

alert traffic.

dstCidr string The primary destination CIDR that matches

the alert traffic.

direction string The direction of the alert traffic, relative to

the managed object against which the alert
was detected. The direction can be either
“Incoming” or “Outgoing.”

startTime unsigned integer The time at which an alert started, in

seconds past the epoch (January 1, 1970
UTC).

stopTime unsigned integer The time at which an alert stopped, in

seconds since the epoch (January 1, 1970
UTC).

type string The type of alert, which is the same as that

which is displayed in the web UI.

importance string The importance of an alert, which can be

one of the following:
n low
n medium
n high

profile string The name of the affected managed object.

characterization AlertCharacterization The alert traffic summary.

See “AlertCharacterization” on the next
page.

Proprietary and Confidential Information of Arbor Networks Inc. 169

SP API Guide, Version 8.4

AlertCharacterization
AlertCharacterization describes alert traffic and contains the following elements:

AlertCharacterization elements

Name Type Description

src string The primary source of alert traffic.

dst string The primary destination of alert traffic.

srcPorts string The port or port range of primary source ports of

alert traffic.

dstPorts string The port or port range of primary destination

ports of alert traffic.

protocol string The protocol number of the primary protocol of

alert traffic.

tcpFlags string The bitwise OR of all TCP flags detected in alert

traffic.

Example: PHP
The following is a PHP example of calling the getAlertSummaries SOAP function for an
alert, skipping the five most recent alerts and returning the two alerts prior to that:
$count = 2;
$offset = 5;
$filter = array('parentProfile' => 'myCustomer');

$result = $client->getAlertSummaries($count, $offset, $filter);

if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:
Array
(
[count] => 2
[offset] => 5
[summaries] => Array
(
[0] => stdClass Object
(

170 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

[alertId] => 345389

[active] => 0
[srcCidr] => 0.0.0.0/0
[dstCidr] => 2.3.2.5/32
[direction] => Incoming
[startTime] => 1254248832
[stopTime] => 1254249153
[type] => TCP RST
[importance] => 0
[profile] => myCustomer
[characterization] => stdClass Object
(
[src] => 1.1.2.1/32
[dst] => 2.3.3.5/32
[srcPorts] => 1296-1297
[dstPorts] => 80-81
[protocols] => -
[tcpFlags] => 31
)

[1] => stdClass Object

(
[alertId] => 345388
[active] => 0
[srcCidr] => 0.0.0.0/0
[dstCidr] => 1.2.3.5/32
[direction] => Incoming
[startTime] => 1254248832
[stopTime] => 1254249273
[type] => TCP RST
[importance] => 0
[profile] => UUNET
[characterization] => stdClass Object
(
[src] => 2.3.3.5/32
[dst] => 1.2.3.5/32
[srcPorts] => 1222-1223
[dstPorts] => 80-81
[protocols] => -
[tcpFlags] => 29

Proprietary and Confidential Information of Arbor Networks Inc. 171

SP API Guide, Version 8.4

Example: Python
The following is a Python example of calling the getAlertSummaries SOAP function for an
alert, skipping the five most recent alerts and returning the two alerts prior to that:
soap_client.py -h my_sp_leader -z my_zone_secret -c getAlertSummaries
-o count=2 -o offset=5

172 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

getAlertInterfaces
Prototype
getAlertInterfaces(alertId)

Accepted parameters
getAlertInterfaces accepts the following parameter:

getAlertInterfaces parameters

Name Type Description

alertId unsigned integer An alert ID.

Return values
getAlertInterfaces returns the following value:

getAlertInterfaces return values

Name Type Description

details array of An array of interfaces that saw traffic that
AlertInterface matched a given DoS alert.
See “AlertInterface elements” below.

AlertInterface elements
AlertInterface contains the following elements:

AlertInterface elements

Name Type Description

name string The name of an interface.

descr string The description of an interface.

ip string The IP address of an interface.

snmp_index integer The SNMP index of an interface.

iface_id integer The internal SP identifier for the interface.

expected_bps float The expected bps rate of traffic on an interface

for profiled DoS alerts.

expected_pps float The expected pps rate of traffic on an interface

for profiled DoS alerts.

mean_bps float The mean bps rate of traffic on an interface.

mean_pps float The mean pps rate of traffic on an interface.

Proprietary and Confidential Information of Arbor Networks Inc. 173

SP API Guide, Version 8.4

AlertInterface elements (Continued)

Name Type Description

max_bps float The maximum bps rate of traffic detected on an
interface.

max_pps float The maximum pps rate of traffic detected on an

interface.

Example: PHP
The following is an example of calling the getAlertInterfaces SOAP function using PHP:
$alertId = 344317;

$result = $client->getAlertInterfaces($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}

print_r($result);

Prints:

Array
(
[0] => stdClass Object
(
[name] => GigabitEthernet0/2.0
[descr] => myCustomer VLAN
[ip] => 1.1.2.2
[snmp_index] => 29
[iface_id] => 1179678
[mean_bps] => 6289.000000
[mean_pps] => 107.000000
[max_bps] => 17702.000000
[max_pps] => 314.000000
)

174 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

Example: Python
The following is an example of calling the getAlertInterfaces SOAP function using Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfaces -o
alertId=344317

Proprietary and Confidential Information of Arbor Networks Inc. 175

SP API Guide, Version 8.4

getAlertInterfaceDetails
Prototype
getAlertInterfaceDetails(alertId, interfaceIp)

Accepted parameters
getAlertInterfaceDetails accepts the following parameters:

getAlertInterfaceDetails parameters

Name Type Description

alertId unsigned An alert ID.
integer

interfaceIp string The IP address of the interface that saw traffic for the
specified alert.

Return values
getAlertInterfaceDetails returns the following value:

getAlertInterfaceDetails return values

Name Type Description

details array of Displays an array of details about the traffic seen on
AlertInterfaceDetail the specified interface for the specified alert.
See “AlertInterfaceDetail” below.

AlertInterfaceDetail
AlertInterfaceDetail contains details about the alert traffic seen on the specified interface
for a specified alert and contains the following elements:

176 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

AlertInterfaceDetail elements

Name Type Description

type an The type of data represented by the
AlertInterfaceDetailType structure. This is an enumeration and
can be one of the following:
n srcCidr
n dstCidr
n protocol
n srcPort
n dstPort
n tcpFlag
n icmpCode

typeData string The value that corresponds to the type

field. For example, a srcCidr entry might
have a typeData value of
192.168.12.0/24. A dstPort entry might
have a typeData value of 200-400.

totalBytes unsignedLong The total number of bytes seen for alert

traffic matching the type and typeData
attributes over the life of an alert.

totalPkts unsignedLong The total number of packets seen for

alert traffic matching the type and
typeData attributes over the life of an
alert.

meanBytesPerPkt float The average number of Bytes per

packet for all alert traffic matching the
type and typeData attributes.

meanBitsPerSec float The average traffic rate in bps for all

alert traffic matching the type and
typeData attributes.

meanPktsPerSec float The average traffic rate in pps for all

alert traffic matching the type and
typeData attributes.

Example: PHP
The following is an example of calling the getAlertInterfaceDetails SOAP function using
PHP:
$alertId = 344317;
$interfaceIp = '1.1.2.2';

$result = $client->getAlertInterfaceDetails($alertId, $interfaceIp);

if (is_soap_fault($result)) {
$result = array(

Proprietary and Confidential Information of Arbor Networks Inc. 177

SP API Guide, Version 8.4

'faultcode' => $soap_result->faultcode,

'faultstring' => $soap_result->faultstring
);
}

print_r($result);

Prints:

Array
(
[0] => stdClass Object
(
[type] => tcpFlag
[typeData] => 31
[totalBytes] => 1084141
[totalPkts] => 19038
[meanBytesPerPkt] => 56.946160
[meanBitsPerSec] => 48184.044444
[meanPktsPerSec] => 105.766667
)

[1] => stdClass Object

(
[type] => dstCidr
[typeData] => 2.3.3.5/32
[totalBytes] => 1132067
[totalPkts] => 19322
[meanBytesPerPkt] => 58.589535
[meanBitsPerSec] => 50314.088889
[meanPktsPerSec] => 107.344444
)

[2] => stdClass Object

(
[type] => dstPort
[typeData] => 0-1
[totalBytes] => 4180
[totalPkts] => 41
[meanBytesPerPkt] => 101.951220
[meanBitsPerSec] => 185.777778

178 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

[meanPktsPerSec] => 0.227778

)

[3] => stdClass Object

(
[type] => dstPort
[typeData] => 60011-60012
[totalBytes] => 1117807
[totalPkts] => 19185
[meanBytesPerPkt] => 58.264634
[meanBitsPerSec] => 49680.311111
[meanPktsPerSec] => 106.583333
)

[4] => stdClass Object

(
[type] => srcPort
[typeData] => 0-4096
[totalBytes] => 41094
[totalPkts] => 227
[meanBytesPerPkt] => 181.030837
[meanBitsPerSec] => 1826.400000
[meanPktsPerSec] => 1.261111
)

[5] => stdClass Object

(
[type] => srcPort
[typeData] => 3283-3284
[totalBytes] => 1021082
[totalPkts] => 18658
[meanBytesPerPkt] => 54.726230
[meanBitsPerSec] => 45381.422222
[meanPktsPerSec] => 103.655556
)

[6] => stdClass Object

(
[type] => srcCidr
[typeData] => 1.2.3.5/32
[totalBytes] => 1040408
[totalPkts] => 18742

Proprietary and Confidential Information of Arbor Networks Inc. 179

SP API Guide, Version 8.4

[meanBytesPerPkt] => 55.512112

[meanBitsPerSec] => 46240.355556
[meanPktsPerSec] => 104.122222
)

[7] => stdClass Object

(
[type] => srcCidr
[typeData] => 0.0.0.0/0
[totalBytes] => 91659
[totalPkts] => 580
[meanBytesPerPkt] => 158.032759
[meanBitsPerSec] => 4073.733333
[meanPktsPerSec] => 3.222222
)

Example: Python
The following is an example of calling the getAlertInterfaceDetails SOAP function using
Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfaceDetails
-o alertId=344317 -o interfaceIp=1.1.2.2

180 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

getAlertInterfacesXML
Prototype
getAlertInterfacesXML(alertId)

Accepted parameter
getAlertInterfacesXML accepts the following parameter:

getAlertInterfacesXML parameters

Name Type Description

alertId unsigned integer An alert ID.

Return values
getAlertInterfacesXML returns an XML version of the same values as the getAlertInterfaces
function.

For more information about the getAlertInterfaces return values, see “Return values” on
page 173 .

Example: PHP
The following is an example of calling the getAlertInterfacesXML SOAP function using PHP:
$alertId = 344317;

$result = $client->getAlertInterfacesXml($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}

print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="8.4">
<query-reply name="getAlertInterfaces-query" type="soap">
<interface name="GigabitEthernet0/2.0" descr="myCustomer VLAN"
gid="1179678" snmp_index="29" ip="1.1.2.2" sample_id="" max_bps="17702"
mean_bps="6289" max_pps="314" mean_pps="107"/>
</query-reply>
</peakflow>

Proprietary and Confidential Information of Arbor Networks Inc. 181

SP API Guide, Version 8.4

Example: Python
The following is an example of calling the getAlertInterfacesXML SOAP function using
Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfacesXml
-o alertId=344317

182 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

getAlertRouterInterfacesXML
Prototype
getAlertRouterInterfacesXML(alertId)

Accepted parameter
getAlertRouterInterfacesXML accepts the following parameter:

getAlertRouterInterfacesXML parameter

Name Type Description

alertId unsigned integer An alert ID.

Return value
getAlertRouterInterfacesXML returns the following value:

getAlertRouterInterfacesXML return value

Name Type Description

results string A detailed list of alert traffic for all routers’ interfaces
involved in the specified alert. It returns the results
as XML data, rather than in SOAP structure.
getAlertRouterInterfacesXML returns the following
information about each interface:
n interface name
n interface description
n SNMP index
n IP address
n total bytes seen
n total packets seen
n average bytes seen
n average packets seen

Example: PHP
The following is an example of calling the getAlertRouterInterfacesXML SOAP function
using PHP:
$alertId = 344317;

$result = $client->getAlertRouterInterfacesXml($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}

Proprietary and Confidential Information of Arbor Networks Inc. 183

SP API Guide, Version 8.4

print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="8.4">
<query-reply name="getAlertRouterInterfaces" type="soap">
<router am_start="-1.0" am_stop="-1.0" exp_bps="0.0" exp_pps="500.0"
expected="500.0" importance="0" ip="198.110.209.9" lrm="0.0589" max_
bps="17702" max_pps="314" mean_bps="6289" mean_pps="107"
name="myrouter" rate_unit="pps" router_gid="18" router_id="18" rtr_
addr="164720326" sample_id="" type="router" >
<interface descr="myCustomer VLAN" gid="1179678" iface_id="1179678"
ip="1.1.2.3" max_bps="17702" max_pps="314" mean_bps="6289" mean_
pps="107" name="GigabitEthernet0/2.0" router_address="9.1.9.9" router_
gid="18" sample_id="" snmp_index="29" />
</router>
</query-reply>
</peakflow>

Example: Python
The following is an example of calling the getAlertRouterInterfacesXML SOAP function
using Python:
soap_client.py -h myleader -z mysecret -c getAlertRouterInterfacesXml
-o alertId=344317

184 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

getAlertGraph
Prototype
getAlertGraph(alertId, size)

Accepted parameters
getAlertGraph accepts the following parameters:

getAlertGraph parameters

Name Type Description

alertId unsigned integer An alert ID.

size string The size of the graph, which can be one of the
following:
n small (for a thumbnail)
n large (for 600x400)
n larger (for 800x600)

Note
This parameter is optional, and the default
setting is large.

Return values
getAlertGraph returns the following value:

getAlertGraph return values

Name Type Description

graph base64Binary PNG A graph of the total alert traffic per customer
image interface over the life of the alert.

Proprietary and Confidential Information of Arbor Networks Inc. 185

SP API Guide, Version 8.4

getAlertGraphData
Prototype
getAlertGraphData(alertId, unit, limit, element_limit)

Accepted parameters
getAlertGraphData accepts the following parameters:

getAlertGraphData parameters

Name Type Description

alertId unsigned An alert ID.
integer

unit string Specifies the type of data that you want returned. You can type
either bps or pps.
Note
This parameter is optional.

limit unsigned Specifies the number of data points to return for each network
integer element. Data is sampled over the life of an alert to return an
even distribution of points.
Note
This parameter is optional, and the default setting is 100.

element_ unsigned Specifies the number of network elements for which you want
limit integer the system to return data.
Note
This parameter is optional, and the default setting is 100.

Return values
getAlertGraphData returns the following value:

getAlertGraphData return values

Name Type Description

results string A list of network elements, including the following:
n router name
n interface name
n interface SNMP index (this is the interface ID)

For each network element involved in an alert, the getAlertGraphData

function returns the following data samples:
n UTC timestamp (this is the time at which the sample was taken)
n amount of traffic for a router or interface at the sample time (this is
the value)

186 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10: Alert Functions in the Classic SOAP API

Example
The following is an example of calling the getAlertGraphData function using PHP:
<?xml version="1.0" encoding="utf=8"?>
<peakflow version="1.0" release="8.4">
<query-results>
<alertId>15162</alertId>
<unit>pps</unit>
<limit>200</limit>
<element_limit>200</element_limit>
<router name="Fake1">
<samples>
<sample time="1196964375" value="71331.55"/>
<sample time="1196967814" value="70846.67"/>
...
</samples>
<interface id="1" name="index:1">
<samples>
<sample time="1196964375" value="71331.55"/>
<sample time="1196967814" value="70846.67"/>
...
</samples>
</interface>
<interface>
...
</router>
<router>
....
</query_results>
</peakflow>

Proprietary and Confidential Information of Arbor Networks Inc. 187

SP API Guide, Version 8.4

getAlertStatisticsRaw and sqlQuery

Internal use only
The getAlertStatisticsRaw and sqlQuery functions are deprecated. These functions are only
used internally by SP.

188 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11:
Configuration Management Functions
in the Classic SOAP API

Introduction
This chapter includes information about the supported configuration management
functions in the SP classic SOAP API.

You can download the PeakflowSPClassic.wsdl file for a complete specification of the
datatypes used for each classic SOAP API function’s parameters and return value. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor
API SDK).

In this section
This section contains the following topics:

About the Configuration Management Functions 190

cliRun 192
accountAdd 193
accountDelete 196
accountChangePassword 198
accountChangeGroup 199

SP API Guide, Version 8.4 189

SP API Guide, Version 8.4

About the Configuration Management Functions

Introduction
SP supports the following configuration management functions:
n cliRun
n accountAdd
n accountDelete
n accountChangePassword
n accountChangeGroup

You can download the PeakflowSPClassic.wsdl file for a complete specification of the
data types used for each classic SOAP API function’s parameters and return value. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor
API SDK).

Output format
The output for all of the Configuration Management functions are returned in the
standard SP XML data format with a base64-encoded query-reply text node.

Error handling
Errors that occur during the execution of the Configuration Management operations result
in SOAP faults.

190 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11: Configuration Management Functions in the Classic SOAP API

</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Showing the current configuration

To show the current configuration:
n Execute the config show command with the cliRun method described above.

Note
To apply the configuration, a client could parse this output and replay each command
with this same interface.

Committing and saving the current configuration

Because this API is an extension of the CLI, you must also commit your changes in order
to save them.

To commit configuration changes:

n Execute the config write command.

Important
If you reboot, you will lose any changes that were not committed.

Proprietary and Confidential Information of Arbor Networks Inc. 191

SP API Guide, Version 8.4

cliRun
Prototype
cliRun(command)

Accepted parameters
cliRun accepts the following parameters:

cliRun parameter

Name Type Description

command base64-encoded an SP base64-encoded CLI command.
command string

Return value
cliRun returns the following value:

cliRun return value

Name Type Description

192 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11: Configuration Management Functions in the Classic SOAP API

accountAdd
Prototype
accountAdd(name, password, group, capabilityLevel, device, menu, timezone, realname,
email)

Accepted parameters
accountAdd accepts the following parameters:

accountAdd parameters

Name Type Description

name string The user name for the account that you want to
add.

password string The password for the account that you want to
add.

group string The account group to which you want to assign

an account.

capabilityLevel string The capability level that you want to assign to an

account, which can be one of the following:
n admin
n user

device string The name of an SP appliance.

menu string The UI menu system that you want the user of
this account to view.
Note
This parameter is optional.

timezone string The time zone associated with the account that
you want to add.
Note
This parameter is optional.

realname string The full name of the user whose account you
want to add.
Note
This parameter is optional.

email string The email address of the user whose account

you want to add.
Note
This parameter is optional.

Note
You can enter an empty value for optional arguments, which indicates that the parameter
is unspecified.

Proprietary and Confidential Information of Arbor Networks Inc. 193

SP API Guide, Version 8.4

Return values
accountAdd returns the following value:

accountAdd return value

Name Type Description

Example: PHP
The following is an example of calling the accountAdd SOAP function in PHP:
$user = 'arborman';
$pass = 'Yarhar13';
$group = 'arbor_admin';
$capabilityLevel = 'admin';
$device = 'global';
$realname = 'Arbor Man';

$result = $client->accountAdd($user, $pass, $group, $device,

$realname);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="5.5">
<query-reply name="accountAdd" type="text">
T0s=

</query-reply>
</peakflow>

194 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11: Configuration Management Functions in the Classic SOAP API

Example: Python
The following is an example of calling the accountAdd SOAP function in Python:
soap_client.py -h myleader -z mysecret -c accountAdd
-o name=arborman -o password=Yarhar1328 -o group=arbor_admin
-o capabilityLevel=admin -o device=global -o realname="Arbor Man"

Proprietary and Confidential Information of Arbor Networks Inc. 195

SP API Guide, Version 8.4

accountDelete
Prototype
accountDelete(name)

Accepted parameter
accountDelete accepts the following parameter:

accountDelete parameter

Name Type Description

name string The user name of the account that you want to
delete.

Return value
accountDelete returns the following value:

accountDelete return value

Name Type Description

Example: PHP
The following is an example of calling the accountDelete SOAP function in PHP:
$user = 'arborman';
$device = 'global';

$result = $client->accountDelete($user, $device);

if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:
<?xml version="1.0"?>

196 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11: Configuration Management Functions in the Classic SOAP API

<peakflow version="1.0" release="8.4">

<query-reply name="accountDelete" type="text">
T0s=

</query-reply>
</peakflow>

Example: Python
The following is an example of calling the accountDelete SOAP function in Python:
soap_client.py -h myleader -z mysecret -c accountDelete
-o name=arborman -o -o device=global

Proprietary and Confidential Information of Arbor Networks Inc. 197

SP API Guide, Version 8.4

accountChangePassword
Prototype
accountChangePassword(name, password, device)

Accepted parameters
accountChangePassword accepts the following parameters:

accountChangePassword parameters

Name Type Description

name string The user name of the account whose password
you want to change.

password string The new password for the account.

device string The name of an SP appliance.

Return value
accountChangePassword returns the following value:

accountChangePassword return value

Name Type Description

198 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11: Configuration Management Functions in the Classic SOAP API

accountChangeGroup
Prototype
accountChangeGroup(name, group, device, capabilityLevel)

Accepted parameters
accountChangeGroup accepts the following parameters:

accountChangeGroup parameters

Name Type Description

name string The user name of the account for which you want
to change the account group.

group string The new account group with which you want to
associate the account.

device string The name of an SP appliance.

capabilityLevel capabilityLevelType The capability level that you want to assign to an

account, which can be one of the following:
n admin
n user

Return value
accountChangeGroup returns the following value:

accountChangeGroup return value

Name Type Description

Proprietary and Confidential Information of Arbor Networks Inc. 199

SP API Guide, Version 8.4

200 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 12:
Traffic Report Functions in the Classic
SOAP API

Introduction
This chapter includes information about the supported traffic report functions in the SP
classic SOAP API.

You can download the PeakflowSPClassic.wsdl file for a complete specification of the
datatypes used for each classic SOAP API traffic report function’s parameters and return
value. The WSDL file is downloaded as part of the API SDK (Administration > Download
Arbor API SDK).

In this section
This section contains the following topics:

getTrafficData 202
getTrafficGraph 205

SP API Guide, Version 8.4 201

SP API Guide, Version 8.4

getTrafficData
Prototype
getTrafficData(query)

Accepted parameter
getTrafficData accepts the following parameter:

getTrafficData parameter

Name Type Description

query string An XML query in standard SP XML query format.
This parameter is only the XML query, not an
entire XML report, like the getTrafficGraph
function. Data is returned in the XML result format
as specified in the SP and TMS User Guide .

For current XML report specifications, see “Using Customized Reports” in the SP and TMS
User Guide .

Using the example query included in the SOAP package

An example XML query that can be used with getTrafficData() is included in the SP SOAP
package (in the binby_router.xml file). You must edit this file so that it refers to existing
routers in your system.

Creating an XML report on the View Reports page

To create an XML report on the View Reports page:
1. Navigate to the Configure Reports page (Administration > Reports).
2. Click the Add Report Configuration button and select Classic XML Report.
3. Type the name of the report in the Name box.
4. Type the title of the report in the Title box.
5. Click Add Query .
6. Specify the query details for the data that you want to graph in the Report Object
Wizard.
7. Click Save to generate the report XML.
8. Cut the <query> portion of the XML (to use in the getTrafficData() function), and then
paste it directly under the <peakflow> XML element.
9. Delete the remaining part of the <report> XML element.

Editing your XML so it works with SOAP

You must enclose all XML queries inside a <peakflow></peakflow> XML element.

Edit your report XML so it matches the following:

<?xml version=”1.0”?>
<peakflow version=”1.0”>
...
</query>

202 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 12: Traffic Report Functions in the Classic SOAP API

</peakflow>

getTrafficData outputs
The query returns detailed sample data for items matching the query. The results are
returned in the standard SP XML data format, as if it was downloaded directly from the SP
web UI.

Writing XML reports manually

You can also write XML reports manually using the XML specifications (either compact or
RelaxNG notation) in the SP SOAP package.

See the PeakflowXML/README.dist file in the SOAP package for more information.

Example: PHP
The following is an example of calling the getTrafficData SOAP function using PHP:
$query = <<<END
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
</peakflow>
END;

$result = $client->getTrafficData($query);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="8.4">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>

Proprietary and Confidential Information of Arbor Networks Inc. 203

SP API Guide, Version 8.4

</query>
<query-reply>
<time start="1254166631" end="1254252731" start_ascii="09/28/2009
19:37:11 +
0000" end_ascii="09/29/2009 19:32:11 +0000"/>
<sample_info duration="300" count="288"/>
<item id="35" name="http">
<key id="35" name="http"/>
<class type="in">
<current value="44854000"/>
<avg value="2984835840"/>
<max value="5331000000"/>
<pct95 value="5015630000"/>
<sample
value="4878225000|4877671000|4772210000|4769017000|4648080000|46
65196000|4618053000|4526825000|4577403000|4552284000|4582147000|4349199
000|44136

Example: Python
The following is an example of calling the getTrafficData SOAP function using Python:
# cat > query.xml
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
</peakflow>
^D

soap_client.py -h myleader -z mysecret -c getTrafficData -o

[email protected]

204 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 12: Traffic Report Functions in the Classic SOAP API

getTrafficGraph
Prototype
getTrafficGraph(query)

Accepted parameter
getTrafficGraph accepts the following parameter:

getTrafficGraph parameter

Name Type Description

query string An XML report, defined using current XML report
specifications. You can specify the graph options
in the report to control the appearance of the
graph. The report XML must include a chart
definition that indicates the data values to sort on
to determine which items to graph. The default
flag, which must exist in one of the chart column
definitions, determines the sort order.

For current XML report specifications, see “Using Customized Reports” in the SP and TMS
User Guide .

Using the SOAP package example XML report

An example XML report that can be used with getTrafficGraph() is included in the SP SOAP
package (in the report.xml file). You must edit this file so that it references the managed
objects (customer, profiles, etc.) that exist in your system.

Creating an XML report on the View Reports page

You can create an XML report on the Add Classic XML Report page (Administration >
Reports, Add Report Configurationbutton, select Classic XML Report) and then
copy the XML text from the web UI and save it for later use with the getTrafficGraph call (or
the CLI command /services sp reports quick).Click the

Using a report with the getTrafficGraph() call

Because all XML reports and queries submitted to the system externally must exist inside a
<peakflow></peakflow> XML element, you must make one change to the XML before
using the report with getTrafficGraph(). Once you make this change, you can use the
report through all external interfaces, including getTrafficGraph() and the CLI.

The report XML is displayed in the web UI as the following:

<?xml version=”1.0”?>
<report id=”my_report”>
...
</report>

Edit your XML report so that it matches the following:

<?xml version=”1.0”?>
<peakflow version=”1.0”>

Proprietary and Confidential Information of Arbor Networks Inc. 205

SP API Guide, Version 8.4

Return value
getTrafficGraph returns the following value:

getTrafficGraph return value

Name Type Description

graph base64- A graph that displays all of the items returned by
encoded PNG the query specified as part of the XML report. If
image greater than 15 items are returned, then the top
15 items are graphed.

Example: PHP
The following is an example of calling the getTrafficGraph SOAP function using PHP:
$report = <<<END
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<report id="myapplications">
<name>my_applications</name>
<timezone>US/Eastern</timezone>
<query id="query1" type="traffic" flag="map_names">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
<graph id="graph">
<title>Traffic per Application</title>
<dataset>query1</dataset>
<type name="stacked" default="yes">
<class>in</class>
<class>out</class>
</type>
<options>
<ylabel>%unit (-In / + Out)</ylabel>
<width>600</width>
<height>400</height>
</options>
</graph>

206 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 12: Traffic Report Functions in the Classic SOAP API

<chart id="mychart">
<dataset>query1</dataset>
<column id="CHECKBOX"/>
<column id="NAME"/>
<column id="IN"/>
<column id="OUT"/>
<column id="TOTAL" flag="default"/>
</chart>
<output>
<file format="tar"/>
</output>
</report>
</peakflow>
END;

$result = $client->getTrafficGraph($report);
file_put_contents($result, 'graph.png');

You could then view graph.png in your browser or image viewer.

Example: Python
The following is an example of calling the getTrafficGraph SOAP function using Python:
cat > report.xml
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<report id="myapplications">
<name>my_applications</name>
<timezone>US/Eastern</timezone>
<query id="query1" type="traffic" flag="map_names">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
<graph id="graph">
<title>Traffic per Application</title>
<dataset>query1</dataset>
<type name="stacked" default="yes">
<class>in</class>
<class>out</class>
</type>
<options>
<ylabel>%unit (-In / + Out)</ylabel>

Proprietary and Confidential Information of Arbor Networks Inc. 207

SP API Guide, Version 8.4

<width>600</width>
<height>400</height>
</options>
</graph>
<chart id="mychart">
<dataset>query1</dataset>
<column id="CHECKBOX"/>
<column id="NAME"/>
<column id="IN"/>
<column id="OUT"/>
<column id="TOTAL" flag="default"/>
</chart>
<output>
<file format="tar"/>
</output>
</report>
</peakflow>
^D

soap_client.py -h myleader -z mysecret -c getTrafficGraph -o

[email protected]
-w graph=graph.png

208 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

A
AAA (Authentication, Authorization, & Accounting) — This is an acronym used to describe the
process of authorizing access to a system, authenticating the identity of users, and logging their
behaviors.

ACL (Access Control List) — A list composed of rules and filters stored in a router to allow, deny, or
otherwise regulate network traffic based on network parameters such as IP addresses, protocol
types, and port numbers.

active route — A network route installed in a routing table.

address — A coded representation that uniquely identifies a particular network identity.

AES (Advanced Encryption Standard) — A commonly used encryption block cipher adopted as the
standard of the U.S. government.

AIF (ATLAS Intelligence Feed) — Real-time threat information that is an Arbor-maintained feed
consisting of a database of security threats and signatures that automatically updates each minute
and DDoS regular expressions that are used by TMS to mitigate attacks. SP regularly downloads
this information and uses it to detect and block emerging botnet attacks and application-layer
attacks.

anomaly — An event or condition in the network that is identified as an abnormality when compared to a
predefined illegal traffic pattern.

anonymous statistic sharing — A service whereby service providers and enterprise businesses share
anonymized statistics on ongoing attacks in order to provide an internet-wide view of ongoing
attacks.

API (Application Programming Interface) — A well-defined set of function calls providing high-level
controls for underlying services.

appliance — An Arbor Networks server that gathers network statistics from adjacent routers via either
packet capture or flow and performs first-order traffic analysis. Anomalous activities are
compressed into alert messages that are periodically sent to the listening leader.

ARP (Address Resolution Protocol) — A protocol for mapping an IP address to a physical machine
address.

AS (Autonomous System) — A collection of IP networks and routers under the control of one entity
and assigned a single ASN for purposes of BGP routing.

ASCII (American Standard Code for Information Interchange) — A coded representation for
standard alphabetic, numeric, and punctuation characters, also referred to as “plain text.”

SP API Guide, Version 8.4 209

SP API Guide, Version 8.4

ASN (Autonomous System Number) — A unique number assigned to an autonomous system for
purposes of BGP routing.

AS Path (Autonomous System Path) — The ASNs that comprise a packet's path through the internet
using BGP.

ATLAS (Active Threat Level Analysis System) — A globally scoped threat analysis network that
analyzes data from darknets and the internet’s core backbone to provide information to
participating customers about malware, exploits, phishing, and botnets.

authentication — An identity verification process.

B
backbone router — An OSPF router with all operational interfaces within 0.0.0.0.

baseline — A description of typical traffic patterns over a period of time. Baselines are generated by
reducing collections of fine-grained profiles into a more monolithic data representation that
includes a chronological component.

BGP (Border Gateway Protocol) — The core routing protocol of the internet.

binning — Grouping data into chunks or "bins" usually defined by time periods, for example, traffic for
the last 24 hours.

blackhole routing — A technique to route traffic to null interfaces that can never forward the traffic.

bogon — An IP packet that claims to originate from "dark" IP space.

border router — A router at the border of an AS or network.

bps — Bits per second.

C
CA (Certificate Authority) — A third party which issues digital certificates for use by other parties. CAs
are characteristic of many public key infrastructure (PKI) schemes.

CAR (Committed Access Rate) — A tool for managing bandwidth that provides the same control as
ACL with the additional property that traffic can be regulated based on bandwidth usage rates in
bits per second.

CIDR (Classless Inter-Domain Routing) — Method for classifying and grouping internet addresses.

CIDR Group — CIDR addresses grouped together to share a common managed object configuration. The
equivalent of DoS "detection groups."

cflowd — Developed to collect and analyze the information available from NetFlow. It allows the user to
store the information and enables several views of the data. It produces port matrices, AS matrices,
network matrices, and pure flow structures.

210 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

challenge packets — Information sent by a TMS model to an unknown host in response to a request
from the unknown host. The unknown host must provide a valid response to the challenge
packets. If it does not, the TMS model refuses the request and adds the unknown host to the
blacklist. Several TMS countermeasures use challenge packets to authenticate unknown hosts.

chargen — The character generator protocol that was used for testing the TCP/IP protocol.

CLI (Command Line Interface) — A user interface that uses a command line, such as a terminal or
console (as opposed to a graphical user interface).

client — The component of client/server computing that uses a service offered by a server.

Collector — An appliance that gathers network information from adjacent routers through flow and
performs first-order traffic analysis. Anomalous events are compressed into event messages that
are then sent to the listening leader.

commit — The process of saving a configuration change so that the changes take effect on the SP system.

customer — A managed object that defines traffic for a business or organization who purchases internet
service from an internet service provider. Note, this type of managed object should be used to
define most managed services clients.

customer edge router — A router within a customer's network connected to an ISP's customer peering
edge.

D
Dark IP — Regions of the IP address space that are reserved or known to be unused.

DDoS (Distributed Denial of Service) — An interruption of network availability typically caused by

many, distributed malicious sources.

designated router — The router designated by other routers (via the OSPF protocol) as the sender of
link state advertisements.

DHCP (Dynamic Host Configuration Protocol) — A protocol used to distribute IP addresses to host
machines, which has a list of available addresses.

DNS (Domain Name System) — A system that translates numeric IP addresses into meaningful,
human-consumable names and vice-versa.

DoS (Denial of Service) — An interruption of network availability typically caused by malicious sources.

DoS alert — A notification indicating an event or condition in the network that is identified as a statistical
abnormality when compared to typical traffic patterns gleaned from previously collected profiles
and baselines or that matches a predefined illegal traffic pattern.

E
encryption — The process by which plain text is scrambled in such a way as to hide its content.

ESP (Encapsulating Security Payload) — An IPSec protocol for establishing secure tunnels.

Ethernet — A series of technologies used for communication on local area networks.

Proprietary and Confidential Information of Arbor Networks Inc. 211

SP API Guide, Version 8.4

exploit — Tools intended to take advantage of security holes or inherent flaws in the design of network
applications, devices, or infrastructures.

F
failover — Configuring two appliances so that if one appliance fails, the second appliance takes over the
duties of the first, ensuring continued service.

fate sharing — Putting a mitigation out of service when a part of the mitigation’s deployment fails or
becomes unreachable. Fate sharing can occur when a dependent interface loses link, a nexthop
becomes unreachable, a BGP peer is down, a GRE tunnel is down, one or more TMS appliances or
TMS clusters are out of service, or the leader appliance becomes unreachable. For example, if
nexthop fate sharing is configured for a TMS appliance and the nexthop used by a mitigation
becomes unreachable, then the mitigation is put out of service.

FCAP — A fingerprint expression language that describes and matches traffic information.

Fibre Channel — Gigabit-speed network technology primarily used for storage networking.

firewall — A security measure that monitors and controls the types of packets allowed in and out of a
network, based on a set of configured rules and filters.

flow — Flow is a characterization of the network traffic. It defines the traffic that is seen. It provides SP with
information from layers 1, 3, and 4 for the traffic that traverses a network.

flowspec — A BGP-based IETF standard for exchanging flexible firewall and ACL rules implemented by
Juniper routers utilizing JunOS 7.3 or later.

fps — Traffic flows per second (NetFlow, ArborFlow, SFlow, etc.).

FQDN (Fully Qualified Domain Name) — A complete domain name, including both the registered
domain name and any preceding node information.

FTP — A TCP/IP protocol for transferring files across a network.

G
GMT (Greenwich Mean Time) — A deprecated world time standard, replaced by UTC.

GRE (Generic Routing Encapsulation) — A tunneling protocol commonly used to build VPNs.

H
host — A networked computer (client or server); in contrast to a router or switch.

HTTP (HyperText Transfer Protocol) — A protocol used to transfer or convey information on the
World Wide Web. Its original purpose was to provide a way to publish and retrieve HTML pages.

HTTPS (HyperText Transfer Protocol over SSL) — The combination of a normal HTTP interaction
over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport
mechanism.

212 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

I
IANA (Internet Assigned Numbers Authority) — An entity that oversees global IP address allocation,
DNS root zone management, and other internet protocol assignments. It is operated by ICANN.

ICMP (Internet Control Message Protocol) — An IP protocol that delivers error and control messages
between TCP/IP enabled network devices, for example, ping packets.

IETF (Internet Engineering Task Force) — An internet standards organization that develops draft
documents and RFC documents defining protocols for the internet.

IGMP (Internet Group Management Protocol) — A communications protocol used to manage the
membership of Internet Protocol multicast groups.

intelligent filtering — A feature that adds the ability to work with an integrated filtering device to
automatically filter traffic.

IMAP (Internet Message Access Protocol) — An application layer internet protocol that allows a local
client to access email on a remote server. (Also known as Internet Mail Access Protocol, Interactive
Mail Access Protocol, and Interim Mail Access Protocol.)

interface — An interconnection between routers, switches, or hosts.

IP (Internet Protocol) — A connectionless network layer protocol used for packet delivery between
hosts and devices on a TCP/IP network.

IP Address — A unique identifier for a host or device on a TCP/IP network.

IPS (Intrusion Prevention System) — A computer security device that exercises access control to
protect computers from exploitation.

IPSec (Internet Protocol Security) — A suite of protocols for securing Internet Protocol (IP)
communications by authenticating and/or encrypting each IP packet in a data stream.

ISP (Internet Service Provider) — A business or organization that provides to consumers access to the
internet and related services.

L
LAN (Local Area Network) — A typically small network that is confined to a small geographic space.

leader — A designated SP appliance that accepts alert messages from one or more normal devices and
performs second-order traffic analysis in order to identify and visualize potential attacks. (These
were referred to as "Controllers" in previous Arbor Networks products.)

M
MAC (Media Access Control) Address — A unique hardware number associated with a networking
device.

managed object — User-defined network objects used to classify logical portions of your network or
network traffic. Managed objects can be customers, peers, profiles, VPNs, or VPN sites.

MD5 (Message Digest algorithm 5) — A widely used cryptographic hash function.

Proprietary and Confidential Information of Arbor Networks Inc. 213

SP API Guide, Version 8.4

MDI (Media Dependent Interface) — An Ethernet port connection that allows network hubs or
switches to connect to other hubs or switches without a null-modem or Ethernet crossover cable.

MIB (Management Information Base) — A database used by the SNMP protocol to manage devices
in a network. Your SNMP polling device uses this to understand SP SNMP traps.

MPLS label — An identifying string for packets using the MPLS protocol.

mitigation — The process of using recommendations from SP to apply policies to your network to
reduce the effects of a worm or DoS attack.

mitigation device — A device that filters network traffic passing through it based upon a ruleset
provided by SP. This can be either a dedicated network device (TMS appliance or Flowspec capable
router) or an SP appliance with software mitigation enabled.

MPLS (Multiprotocol Label Switching) — A packet-switching protocol developed by the Internet

Engineering Task Force (IETF) initially to improve switching speeds, but other benefits are now
seen as being more important.

MS (Managed Services) — an SP appliance that has the ability to provide a web UI to allow customers a
special, restricted access to the SP system.

MTU (Maximum Transmission Unit) — The size (in bytes) of the largest packet that a given layer of a
communications protocol can efficiently forward.

multicast — Protocols that address multiple IP addresses with a single packet (as opposed to unicast
and broadcast protocols).

N
NAT (Network Address Translation) — Rewriting the source and destination addresses of IP packets
as they pass through a router or firewall.

NetFlow — A technology developed by Cisco Systems, Inc. that allows routers and other network devices
to periodically export information about current network conditions and traffic volumes.

netmask — A dotted quad notation number used by routers determine which part of the address is the
network address and which part is the host address.

network object — Network objects are portions of your network or network traffic and include both
managed objects (customers, peers, profiles, VPNs, or VPN sites) and physical network objects
(routers and interfaces).

NIC (Network Interface Card) — A hardware component that maintains a network interface
connection.

NTP (Network Time Protocol) — A protocol that is used to synchronize clock times in a network of
computers.

O
OC-3 — A fiber optic network line with transmission speeds of up to 155.52 Mbit/s.

OC-12 — A fiber optic network line with transmission speeds of up to 622.08 Mbit/s.

214 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

offnet — Traffic that leaves the network through a BGP boundary and is not destined for a configured
customer entity.

P
packet — A unit of data transmitted across the network that includes control information along with
actual content.

password — A secret code used to gain access to a computer system.

PCC (Packet Capture Collector) — Packet capture is a method of passively monitoring network traffic
to create flow information. The packet capture mode on an Arbor Networks appliance can be used
in cases where flow from routers is unavailable or unwanted.

PE (Provider Edge) Router — A router in a service provider's network that is connected to a customer
edge router.

peer — A managed object that describes other networks that are peering with yours.

peer to peer — (Sometimes abbreviated P2P) a computer network that relies primarily on the computing
power of the clients in the network rather than concentrating it in a relatively low number of
servers. P2P networks are typically used for connecting nodes via largely ad hoc connections.

pps — Packets per second.

ping — An ICMP request to determine if a host is responsive.

POP (Post Office Protocol) — A TCP/IP email protocol for retrieving messages from a remote server.

PoP (Point of Presence) — A physical connection between telecommunications networks.

port — A field in TCP and UDP protocol, packet headers that corresponds to an application level service
(for example TCP port 80 corresponds to HTTP).

profile — A managed object that defines an arbitrary subset of network traffic that does not fit any of the
other managed object types.

protocol — A well-defined language used by networking entities to communicate with one another.

Q
QoS (Quality of Service) — A method of providing different priority to different traffic, or guaranteeing
a certain level of performance to a data flow for a particular traffic type.

R
RADIUS (Remote Authentication Dial In User Service) — A client/server protocol that enables
remote access servers to communicate with a central server to authenticate dial-in users and
authorize their access to the requested system or service.

RDN (Registered Domain Name) — A domain name as registered, without any preceding node
information (for example, “arbor.net” instead of www.arbor.net).

refinement — The process of continually gathering information about anomalous activity seen.

Proprietary and Confidential Information of Arbor Networks Inc. 215

SP API Guide, Version 8.4

remediation — The process of minimizing attack damage by taking the recommendations from SP and
applying reasonable changes to the network.

remote BGP routeviews — External route servers maintained by Arbor Networks which provide
information on route availability with remote ASNs.

report — An informational page presenting data about a traffic type or event.

RFC (Request For Comments) — An IETF document that defines a protocol or other standard for
internet communications.

route — A path a packet takes through a network.

route distinguisher — An address qualifier that is prepended to an IPv4 address to create a unique
VPN-IPv4 address.

route target — A VPN identifier. A VPN might require more than one route target.

router — A device that connects one network to another. Packets are forwarded from one router to
another until they reach their ultimate destination.

S
scoping — The container managed object within which a managed services customer's traffic view is
restricted.

secret key — A secret shared only between a sender and receiver of data.

SFlow — A standard similar to NetFlow which describes a mechanism to capture traffic data in switched
or routed networks.

site-of-origin — A BGP extended community attribute that identifies the VPN site from which a route
originates.

skins — Sets of UI parameters, including menus, used to facilitate different SP workflows.

SMTP - (Simple Mail Transfer Protocol) — The de facto standard protocol for email transmissions
across the internet.

smurf attack — A DDoS attack that exploits misconfigured network devices to broadcast large numbers
of ICMP packets to all the computer hosts on a network.

SNMP (Simple Network Management Protocol) — A standard protocol that allows routers and
other network devices to export information about their routing tables and other state
information.

spoofing — A situation in which one person or program successfully masquerades as another by

falsifying data (usually the IP address) and thereby gains an illegitimate advantage.

SSDP (Simple Service Discovery Protocol) — A network protocol that is used to advertise and
discover network services and devices.

216 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

SSH (Secure Shell) — A command line interface and protocol for securely getting access to a remote
computer. SSH is also known as Secure Socket Shell.

SSL (Secure Sockets Layer) — A protocol for secure communications on the internet for such things as
web browsing, email, instant messaging, and other data transfers.

T
TACACS+ (Terminal Access Controller Access Control System +) — An authentication protocol
common to UNIX networks that allows a remote access server to forward a user’s login password
to an authentication server to determine whether that user is allowed to access a given system.

target — A victim host or network of a worm or other malicious denial of service (DoS) attacks.

TCP (Transmission Control Protocol) — A connection-based, transport protocol that provides reliable
delivery of packets across the internet.

TCP/IP — A suite of protocols that controls the delivery of messages across the internet.

Telnet — A TCP protocol used primarily for unencrypted CLI communications (usually deprecated and
replaced by SSH).

TMS — an SP appliance designed for intelligent traffic filtering and DNS monitoring in conjunction with an
SP deployment.

tunnel — A method of communication where one protocol is encapsulated within another.

U
UDP (User Datagram Protocol) — An unreliable, connectionless, communication protocol.

UNC (Universal Naming Convention) — A standard which originated from UNIX for identifying
servers, printers, and other resources in a network.

uptime — The time elapsed since a given host or server was last rebooted.

URI (Uniform Resource Identifier) — A protocol, login, host, port, path, etc. in a standard format used
to reference a network resource, (for example http://arbor.net/).

URL (Uniform Resource Locator) — Usually a synonym for URI.

UTC (Universal Time Coordinated) — The time zone at zero degrees longitude which replaced GMT as
the world time standard.

V
VLAN (Virtual Local Area Network) — Hosts connected in an infrastructure that simulates a local area
network, when the hosts are remotely located, or to segment a physical local network into smaller,
virtual pieces.

VoIP (Voice over Internet Protocol) — Routing voice communications (such as phone calls) through
an IP network.

Proprietary and Confidential Information of Arbor Networks Inc. 217

SP API Guide, Version 8.4

VPN (Virtual Private Network) — A private communications network often used within a company, or
by several companies or organizations, to communicate confidentially over a public network using
encrypted tunnels.

vulnerability — A security weakness that could potentially be exploited.

W
WAN (Wide Area Network) — A computer network that covers a broad area. (Also, Wireless Area
Network meaning a wireless network.)

WEP (Wired Equivalent Privacy) — A security scheme for wireless networks intended to provide
comparable confidentiality to a traditional wired network (in particular it does not protect users of
the network from each other).

worm — A self propagating program, usually used to spread a malicious payload across networked
computers.

X
XML (eXtensible Markup Language) — A metalanguage written in Standard Generalized Markup
Language (SGML) that allows one to design a markup language for easy interchange of documents
on the World Wide Web.

218 Proprietary and Confidential Information of Arbor Networks Inc.

Index

using Java/Axis 144

A using the client proxy code 149
using the SP Utility package 152
accountAdd 109, 193
working with sample code for Java/Axis 153
accountChangeGroup 113, 199
cliRun 108, 192
accountChangePassword 112, 198
commands
accountDelete 111, 196
DELETE 17
address resolution problems
GET 16
resolving 59, 137
PATCH 17
addTmsFilterList 101
POST 16
alert function
configuration management function
getAlertGraph 185
about 106, 190
getAlertGraphData 186
accountAdd 109, 193
getAlertInterfaceDetails 176
accountChangeGroup 199
getAlertInterfaces 173
accountChangePassword 112, 198
getAlertInterfacesXML 181
accountDelete 111, 196
getAlertRouterInterfacesXML 183
accoutChangeGroup 113
getAlertSummaries 168
cliRun 108, 192
getDosAlertDetails 80
conventions, typographic
getDosAlertDetailsXML 68
in commands and expressions 10
getDosAlertGraph 79
in procedures 9
getDosAlertSummaries 62
cp5500 44
getDosAlertSummariesXML 67
customer support, contacting 11
alerts 29
API Guide online 20
API output 17 D
applyMitigationTemplateById 94 DELETE command 17
applyMitigationTemplateByName 95 deleteTmsFilterList 104
Arbor Technical Assistance Center, contacting 11 devices 40
Arbor Web Services API documentation 8
about 12
ATAC, contacting 11 E
editTmsFilterList 103
B endpoint address 16
binby_router.xml file 60
G
C GET command 16
classic SOAP API getAlertGraph 185
building and running sample projects 155 getAlertGraphData 186
capturing the XML request and response 165 getAlertInterfaceDetails 176
configuring certificates 146 getAlertInterfaces 173
fault handling 164 getAlertInterfacesXML 181
generating the client proxy code 148 getAlertRouterInterfacesXML 183
mapping calls to current SOAP API calls 141 getAlertStatisticsRaw 188
PHP examples 140 getAlertSummaries 168

SP API Guide, Version 8.4 219

Index: getDosAlertDetails – traffic report function

getDosAlertDetails 80 POST command 16

getDosAlertDetailsXML 68 programming languages 18
getDosAlertGraph 79 Python client
getDosAlertSummaries 62 installing 139
getDosAlertSummariesXML 67
getLastReportResultAsCSV 123 Q
getLastReportResultAsPDF 125
queueReportToRun 116
getLastReportResultAsXML 124
getMitigationStatisticsByIdXML 99
getMitigationStatisticsByNameXML 100 R
getMitigationSummaries 96 report function
getMitigationSummariesXML 98 getLastReportResultAsCSV 123
getReportList 117 getLastReportResultAsPDF 125
getReportListXML 119 getLastReportResultAsXML 124
getReportResultAsCSV 126 getReportList 117
getReportResultAsPDF 128 getReportListXML 119
getReportResultAsXML 127 getReportResultAsCSV 126
getReportResultsList 120 getReportResultAsPDF 128
getReportResultsListXML 122 getReportResultAsXML 127
getTrafficData 202 getReportResultsList 120
getTrafficGraph 131, 205 getReportResultsListXML 122
using a report with 205 getTrafficGraph 131
queueReportToRun 116
H runXmlQuery 129
reports 52
HTTP 16, 18
REST 18
about 16
J routers 37
JSON data serialization format 18
S
M SDK
managed_object 35 downloading 12
mitigation function SOAP
addTmsFilterList 101 endpoint address 58, 136
applyMitigationTemplateById 94 SOAP API
applyMitigationTemplateByName 95 about 12
deleteTmsFilterList 104 configuration management functions 106, 190
editTmsFilterList 103 recommendations 60, 137
getMitigationStatisticsByIdXML 99 using 28, 58, 136
getMitigationStatisticsByNameXML 100 using Java/Axis 144
getMitigationSummaries 96 SOAP package
getMitigationSummariesXML 98 components 136
mitigations 33 example query 60, 138
SP User Guide 20
O sqlQuer 188
support, contacting 11
optimal performance
recommendations 60, 137
OPTIONS command 17 T
tms 48
P tms_ports 51
traffic 31
PATCH command 17
traffic report function
PHP client
getTrafficData 202
requirements 58

220 Proprietary and Confidential Information of Arbor Networks Inc.

Index: typographic conventions – XML report

getTrafficGraph 205
typographic conventions
commands and expressions 10
procedures 9

W
Web Services
alerts 29
cp5500 44
devices 40
managed_object 35
mitigations 33
reports 52
routers 37
tms 31, 48
tms_ports 51
WSDL file
about 58

X
XML
editing for SOAP 129, 202
XML alert notification
query-reply elements 72
query elements 70
XML report
creating 205
writing manually 130, 203

Proprietary and Confidential Information of Arbor Networks Inc. 221

SP API Guide, Version 8.4

222 Proprietary and Confidential Information of Arbor Networks Inc.

Software License Agreement
ARBOR NETWORKS, INC., IF YOUR PRINCIPAL PLACE OF BUSINESS IS IN THE UNITED STATES , OR ARBOR NETWORKS UK LTD., IF
YOUR PRINCIPAL PLACE OF BUSINESS IS OUTSIDE OF THE UNITED STATES (“ARBOR”) LICENSES THE PRODUCT AND/OR USE OF
ARBOR’S CLOUD SERVICE AND/OR MANAGED SERVICES (”SERVICES”) AND DOCUMENTATION (TOGETHER, THE “SOFTWARE”) TO
YOU ("YOU” OR “YOUR") PROVIDED YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE, CLOUD AND MANAGED SERVICE
AGREEMENT (the “AGREEMENT”). IF YOU’VE PURCHASED THE CLOUD OR MANAGED SERVICE, YOU ALSO AGREE TO THE
ADDITIONAL TERMS AND CONDITIONS LOCATED AT www.arbornetworks.com/cloud-suppterms AND/OR
www.arbornetworks.com/managedservice_suppterms. BY SIGNING THE ATTACHED FORM, OPENING THIS PACKAGE,
BREAKING THE SEAL, CONNECTING PRODUCT TO YOUR NETWORK, OR ACCESSING THE SERVICE, YOU AGREE TO THE TERMS AND
CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, RETURN THE UNUSED PRODUCT
WITHIN TEN (10) DAYS OF RECEIPT AND, WHERE APPLICABLE, YOU’LL BE DISCONNECTED FROM THE SERVICE FOR A REFUND OF
FEES PAID.
1. License to Use. Arbor grants You a limited, revocable non-exclusive, non-transferable license (the “License”) to: a) use
Arbor’s software in machine-readable form that is shipped to You and/or identified on the attached form (“Form”) and
accompanying documentation (collectively “Product”) on the machines on which the software has been installed or authorized
by Arbor; and/or b) access and use the Services as described herein. The term of the license shall be as stated on the Form. Your
affiliate(s), purchasing agents, and outsourcing vendors (“Affiliates”) may on your behalf purchase or use Product and/or
Services hereunder so long as each is bound to terms as in this Agreement and You indemnify Arbor for their breach of this
Agreement. Any future trial or purchase of Product and services and future trials or purchases of Services is governed
exclusively by this Agreement and may be effected by You or Your Affiliates providing a purchase order or trial request. Trial
term licenses for Services shall be as stated on the Form. Trial term licenses for Product shall be for the longer of thirty (30) days
from date of Product’s delivery to You or as stated on the Form supplied by Arbor. Any feed, release, revision or enhancement
to the Software that Arbor may furnish to You becomes a part of Product or Services and is governed by this Agreement.
Specifically for Product, if You have not purchased a license by the end of a Product trial term or You breach this Agreement,
You agree to return Product and any machine provided by Arbor to Arbor in its original condition less normal wear and tear in
original packaging or equivalent and in accordance with Arbor’s RMA process within 10 days. You agree to pay for any damage
to Product occurring prior to receipt by Arbor. If You purchase a license to Product, this Agreement will control that purchase
and title to machines (where applicable) provided hereunder vests in You.
2. Proprietary Rights and Restrictions. Arbor and/or its licensors and outsourcing vendors (together, “Vendors”) retain all
right, title, and interest in the Software and in all copies thereof, and no title to the Software or any intellectual property or
other rights therein, are transferred to You other than as specified herein. No right, title or interest to any trademarks, service
marks or trade names of Arbor or its Vendors is granted by this Agreement. Software is copyrighted and contains proprietary
information and trade secrets belonging to Arbor and/or its Vendors. You will only use Software for Your own internal business
purposes. You may not make copies of the Software, other than a single copy in machine-readable format for back-up or
archival purposes. You may make copies of the associated documentation for Your internal use only. You shall ensure that all
proprietary rights notices on Software are reproduced and applied to any copies. Licenses are limited to use in accordance with
the “Description” on the Form and user documentation. You agree not to cause or permit the reverse engineering or
decompilation of the Software or to derive source code therefrom. You may not create derivative works based upon all or part
of Software. You may not transfer, lend, lease, assign, sublicense, and/or make available through timesharing, Software, in
whole or in part. If you are purchasing spare Product, You’re only licensed to use such spare during such time as another
Product is removed from service for repair.
3. Confidentiality. When disclosing information under this Agreement, the disclosing party will be the “Disclosing Party” and
the receiving party will be the “Receiving Party.” The term “Confidential Information” includes: (a) a party’s technical, financial,
commercial or other proprietary information including without limitation product roadmaps, pricing, software code and
documentation, Software, techniques or systems and (b) information or data that is confidential and proprietary to a third
party and is in the possession or control of a party. The Receiving Party will not disclose any of the Disclosing Party’s
Confidential Information to any third party except to the extent such disclosure is necessary for performance of the Agreement
or it can be documented that any such Confidential Information is in the public domain and generally available to the general
public without any restriction or license, or is required to be disclosed by any authority having jurisdiction so long as Disclosing
Party is provided advance notice of such disclosure by the Receiving Party. Each party’s respective Confidential Information shall
remain its own property. Notwithstanding the foregoing, Arbor may use anonymized data from the Product or Services for its
business purposes provided that Arbor shall not identify You to any third party as the source of such data.
4. Product Warranty, Indemnification. Arbor warrants, for sixty (60) days from shipment, that Product will perform in
compliance with user manuals accompanying Product. If, within sixty (60) days of shipment, You report to Arbor that Product is
not performing as described above, and Arbor is unable to correct it within sixty (60) days of the date You report it, You may
return the non-performing Product at Arbor’s expense, and Arbor will refund amounts paid for such Product. The foregoing is
Your sole and exclusive remedy. Arbor agrees to defend You from and against any third party claim or action based on any
alleged infringement of any U.S. patent or copyright arising from use of the Product or Services according to the terms and
conditions of this Agreement (“Claim”), and Arbor agrees to indemnify You from damages awarded against You in any such
Claim or settlement thereof, provided that (i) Arbor is promptly notified in writing of such Claim, (ii) You grant Arbor sole
control of the defense and any related settlement negotiations, and (iii) You cooperate with Arbor in defense of such Claim.
Notwithstanding the foregoing, Arbor shall have no liability to You if the infringement results from (a) use of the Product or
Services in combination with software not provided by Arbor; (b) modifications to the Product or Services not made by Arbor;
(c) use of the Product or Services other than in accordance with the Documentation or this Agreement; or (d) failure to use an
updated, non-infringing version of the applicable Product or Services. The foregoing states the entire liability of Arbor with
respect to infringement.
5. Limitations. EXCEPT AS OTHERWISE PROVIDED HEREIN, ARBOR AND ITS THIRD PARTY VENDORS MAKE NO OTHER
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. ARBOR’S AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING OUT OF OR IN
CONNECTION WITH THIS AGREEMENT, THE PERFORMANCE OF PRODUCT PROVIDED HEREUNDER, AND/OR ARBOR'S
PERFORMANCE OF SERVICES (INCLUDING, WITHOUT LIMITATION, THE SERVICES), SHALL NOT EXCEED THE AMOUNT PAID UNDER
THIS AGREEMENT FOR PRODUCT AND/OR SERVICES WITHIN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE
CLAIM, WHETHER A CLAIM IS BASED ON CONTRACT OR TORT, INCLUDING NEGLIGENCE. IN NO EVENT SHALL ARBOR OR ITS
VENDORS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, DAMAGES RESULTING FROM LOSS OF PROFITS, DATA, OR BUSINESS ARISING OUT OF OR IN
CONNECTION WITH THIS AGREEMENT, EVEN IF ARBOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO
EVENT SHALL ARBOR BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION
DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA. YOUR SOLE RECOURSE HEREUNDER SHALL BE
AGAINST ARBOR AND YOU SHALL HOLD THIRD PARTY VENDORS HARMLESS.
6. Product Installation and Support. Installation purchased directly from Arbor with Product is governed by this
Agreement, but Arbor shall not be required to continue any installation for longer than 90 days following receipt of Product. If a
perpetual license is granted hereunder, You agree to purchase support ("Support") for at least the initial year from shipment.
Thereafter, Arbor will invoice approximately sixty (60) days prior to the end of the Support term for additional one-year periods
so long as Product is covered by Support. Failure to pay such invoice will result in a lapse of Your Support. If Support lapses,
upon renewal of Support a 10% reinstatement fee will be assessed and you shall pay all Support fees back to the date Support
lapsed. Each annual renewal service price shall be no less than the previous service price. With Support, Arbor will provide You
(i) telephone and email based technical support in accordance with the level purchased and (ii) all new maintenance releases to
Product when and if available during Your participation in Support. Arbor shall not be required to provide Support on any
Product (i) for more than twelve months after its general release, or (ii) more than one release behind the currently shipping
release. Arbor shall be permitted to subcontract any or all of its services or Support obligations under this Agreement to an
affiliated company including, without limitation, Arbor Networks, Inc. in the United States.
7. Export Regulation and Government Rights. You agree to comply strictly with all U.S. export control laws, including the
U.S. Export Administration Act and Export Administration Regulations (“EAR”). Product is prohibited for export or re-export to
the list of terrorist supporting countries or to any person or entity on the U.S. Department of Commerce Denied Persons List or
on the U.S. Department of Treasury's lists of Specially Designated Nationals, Specially Designated Narcotics Traffickers or
Specially Designated Terrorists. If Product is being shipped by Arbor, then it is exported from the U.S. in accordance with the
EAR. Diversion contrary to U.S. law is prohibited. If You are licensing Product or its accompanying documentation on behalf of
the U.S. Government, it is classified as “Commercial Computer Product” and “Commercial Computer Documentation”
developed at private expense, contains confidential information and trade secrets of Arbor and its licensors, and is subject to
“Restricted Rights” as that term is defined in the Federal Acquisition Regulations (“FARs”). Contractor/Manufacturer is: Arbor
Networks, Inc., and its subsidiaries, Burlington, Massachusetts, USA.
8. Modifications to the Agreement. Notwithstanding anything to the contrary in this Agreement, Arbor may modify
Sections 1-3 and 6-8 of this Agreement (including any referenced policies or terms) as they relate to the Services at any time by
posting a revised version at www.arbornetworks.com/cloud-suppterms or www.arbornetworks.com/managedservice_
suppterms and any successor site designated by Arbor. The modified terms will become effective upon posting. By continuing
to use the Services after the effective date of any modification to this Agreement, you agree to be bound by the modified terms.
It is Your responsibility to check the referenced site regularly for modifications to this Agreement.
9. General. This Agreement is made under the laws of the Commonwealth of Massachusetts, USA, excluding the choice of law
and conflict of law provisions. You consent to the federal and state courts of Massachusetts as sole jurisdiction and venue for
any litigation arising from or relating to this Agreement. This Agreement is the entire agreement between You and Arbor
relating to Product and Services and supersedes all prior, contemporaneous and future communications, proposals and
understandings with respect to its subject matter, as well as without limitation terms and conditions of any past, present or
future purchase order. No modification to this Agreement is binding unless in writing and signed by a duly authorized
representative of each party. The waiver or failure of either party to exercise any right provided for herein shall not be deemed
a waiver of any further right hereunder. If any provision of this Agreement is held invalid, all other provisions shall continue in
full force and effect. All licenses and rights granted hereunder shall terminate upon expiration of the term or Your breach of
this Agreement. Neither party shall be liable for the failure to perform its obligations under this Agreement due to events
beyond such party's reasonable control including, but not limited to, strikes, riots, wars, fire, acts of God or acts in compliance
with any applicable law, regulation or order of any court or governmental body. Neither party may assign its rights, duties or
obligations under this Agreement without the prior written consent of the other party and any attempt to do so shall be void;
except to a successor by merger, acquisition or restructuring that assumes the rights and duties of this Agreement. The
following sections survive termination or expiration of this Agreement: Proprietary Rights and Restrictions, Confidentiality,
Limitations, Export and Government Rights, and General. All Product shipments are FCA Shipping Point and title to machines
shall pass upon shipment. (07-09-15)

Using FlowSpec For Diverting Traffic To A TMS
100% (1)
Using FlowSpec For Diverting Traffic To A TMS
30 pages
II. Arbor Networks SP System Administrator Training Book
67% (3)
II. Arbor Networks SP System Administrator Training Book
257 pages
TMS 9.6.0.0 Release Notes 2022-05-02
No ratings yet
TMS 9.6.0.0 Release Notes 2022-05-02
24 pages
PocketGuide Jun23
0% (1)
PocketGuide Jun23
40 pages
Arbor SP 8.4.0-Release Notes 20180411
No ratings yet
Arbor SP 8.4.0-Release Notes 20180411
37 pages
Arbor SP-TMS 8.4.0-Advanced Configuration Guide 20180404
No ratings yet
Arbor SP-TMS 8.4.0-Advanced Configuration Guide 20180404
312 pages
MIN-1K-1.5K User Manual - New
No ratings yet
MIN-1K-1.5K User Manual - New
22 pages
Overview of Dell Digital Locker
No ratings yet
Overview of Dell Digital Locker
14 pages
Jain College of Engineering, Belagavi: Department of Masters of Computer Applications
No ratings yet
Jain College of Engineering, Belagavi: Department of Masters of Computer Applications
11 pages
Arbor Networks Help - Configuring Loopback Interfaces PDF
No ratings yet
Arbor Networks Help - Configuring Loopback Interfaces PDF
2 pages
Arbor Networks Sightline 9.0.2 9.0.1 9.0 Release-Notes 2019-09-24
No ratings yet
Arbor Networks Sightline 9.0.2 9.0.1 9.0 Release-Notes 2019-09-24
40 pages
ThePocketGuide Jan2022
No ratings yet
ThePocketGuide Jan2022
40 pages
APS 6.0 Defend Unit 2 UI and Create PGs - 20180823 PDF
No ratings yet
APS 6.0 Defend Unit 2 UI and Create PGs - 20180823 PDF
106 pages
Virtual Machine Installation Guide: Sightline
No ratings yet
Virtual Machine Installation Guide: Sightline
38 pages
Arbor APS STT - Unit 05 - Inline Mitigation - 25jan2018
No ratings yet
Arbor APS STT - Unit 05 - Inline Mitigation - 25jan2018
81 pages
AEM 7.0.0.0 Upgrade Guide
No ratings yet
AEM 7.0.0.0 Upgrade Guide
12 pages
Arbor-Advanced DDoS Trends and Protection
No ratings yet
Arbor-Advanced DDoS Trends and Protection
43 pages
ARBOR Peakflow-SP DS 201211-FR PDF
No ratings yet
ARBOR Peakflow-SP DS 201211-FR PDF
4 pages
NE - 9 - Volumetric DDoS Attacks
No ratings yet
NE - 9 - Volumetric DDoS Attacks
9 pages
Arbor Networks Help - Ports Used by SP
No ratings yet
Arbor Networks Help - Ports Used by SP
4 pages
TMS Mitigation Status DoS Alert 65153 IPv4
100% (1)
TMS Mitigation Status DoS Alert 65153 IPv4
9 pages
Working With Offramp-Onramps
No ratings yet
Working With Offramp-Onramps
39 pages
SL DDOS Detection Mitigation User Course 1.16a R9.5.0.0
No ratings yet
SL DDOS Detection Mitigation User Course 1.16a R9.5.0.0
484 pages
Netscout University - Lab - Payload Regular Expression - DNS
No ratings yet
Netscout University - Lab - Payload Regular Expression - DNS
6 pages
Netscout University - Lab - Router Profiled Automatic Threshold Configuration
No ratings yet
Netscout University - Lab - Router Profiled Automatic Threshold Configuration
6 pages
Arbor Networks SP 8.4 and TMS 8.4.0 Deployment and Appliance Limits 2018-04-16
No ratings yet
Arbor Networks SP 8.4 and TMS 8.4.0 Deployment and Appliance Limits 2018-04-16
19 pages
Junos Os For Dummies Cheat Sheet - Navid 323195.html
No ratings yet
Junos Os For Dummies Cheat Sheet - Navid 323195.html
3 pages
Radware DefensePro Datasheet Updated
No ratings yet
Radware DefensePro Datasheet Updated
6 pages
Sightline 9.3 Release Notes 2020-07-31
No ratings yet
Sightline 9.3 Release Notes 2020-07-31
40 pages
Introduction To Using Sightline and TMS
0% (1)
Introduction To Using Sightline and TMS
1 page
BGP FlowSpec Cisco
No ratings yet
BGP FlowSpec Cisco
14 pages
SL Traffic Reporting and Analysis Course 2.0 R9.5.0.0
No ratings yet
SL Traffic Reporting and Analysis Course 2.0 R9.5.0.0
354 pages
BIG-IP Application Security Manager: Implementations
No ratings yet
BIG-IP Application Security Manager: Implementations
15 pages
NE - 8 - Apply Profile Capture
No ratings yet
NE - 8 - Apply Profile Capture
3 pages
High Performance Web Sites
No ratings yet
High Performance Web Sites
97 pages
Radware DefensePro Data Sheet
No ratings yet
Radware DefensePro Data Sheet
6 pages
How To Configure Zabbix Monitoring' To Send Email Alerts To Gmail Account
No ratings yet
How To Configure Zabbix Monitoring' To Send Email Alerts To Gmail Account
9 pages
Netscout University - Lab - TCP SYN Authentication Countermeasure
No ratings yet
Netscout University - Lab - TCP SYN Authentication Countermeasure
3 pages
Data Sheet SMS
No ratings yet
Data Sheet SMS
4 pages
CCNP Quick Reference PDF
No ratings yet
CCNP Quick Reference PDF
30 pages
AEM 7.0.0.0 User Guide
No ratings yet
AEM 7.0.0.0 User Guide
390 pages
CP R80.10 IPS BestPractices Guide
No ratings yet
CP R80.10 IPS BestPractices Guide
18 pages
Virtual AED 7.1.0.0 Installation Guide
No ratings yet
Virtual AED 7.1.0.0 Installation Guide
68 pages
CCNA-CCNP Switch
No ratings yet
CCNA-CCNP Switch
98 pages
NE - 7 - Working With Protection Groups
No ratings yet
NE - 7 - Working With Protection Groups
6 pages
Fortiddos 5 0 0 Handbook PDF
No ratings yet
Fortiddos 5 0 0 Handbook PDF
688 pages
MSTP Tutorial Part I and II - Lapukhov
No ratings yet
MSTP Tutorial Part I and II - Lapukhov
20 pages
10 - Deploying Mpls l2vpn
No ratings yet
10 - Deploying Mpls l2vpn
56 pages
FortiAuthenticator 4.0 Release Notes
No ratings yet
FortiAuthenticator 4.0 Release Notes
25 pages
B Ise Upgrade Guide 3 1 PDF
No ratings yet
B Ise Upgrade Guide 3 1 PDF
58 pages
ACOS 4.1.1-P11 Configuring VRRP-A High Availability: For A10 Thunder Series and AX™ Series 29 May 2019
No ratings yet
ACOS 4.1.1-P11 Configuring VRRP-A High Availability: For A10 Thunder Series and AX™ Series 29 May 2019
182 pages
Checkpoint DDOS
No ratings yet
Checkpoint DDOS
48 pages
Untitled
No ratings yet
Untitled
730 pages
CH16 PowerPoint - Managers Guide To The Internet and Telecom
No ratings yet
CH16 PowerPoint - Managers Guide To The Internet and Telecom
38 pages
Service Provider IPv6 Deployment PDF
No ratings yet
Service Provider IPv6 Deployment PDF
79 pages
Understanding Network Taps: The First Step To Visibility
100% (1)
Understanding Network Taps: The First Step To Visibility
16 pages
Palo Alto Networks Stallion Autumn Seminar
No ratings yet
Palo Alto Networks Stallion Autumn Seminar
20 pages
Alteon ITM Training
No ratings yet
Alteon ITM Training
39 pages
Vyatta VPNRef R6.1 v02
No ratings yet
Vyatta VPNRef R6.1 v02
321 pages
APS 6.0 Defend Unit 3 View Attack Details - 20180823 PDF
No ratings yet
APS 6.0 Defend Unit 3 View Attack Details - 20180823 PDF
82 pages
Fortigate Infrastructure: Software-Defined Wan
No ratings yet
Fortigate Infrastructure: Software-Defined Wan
37 pages
Pocket Guide Optimized For Viewing
No ratings yet
Pocket Guide Optimized For Viewing
32 pages
Modernizing Security Operations With SOAR
No ratings yet
Modernizing Security Operations With SOAR
13 pages
222
No ratings yet
222
311 pages
Manual RTU Rus
No ratings yet
Manual RTU Rus
8 pages
Lucas Batteries Motorcycle en
No ratings yet
Lucas Batteries Motorcycle en
5 pages
Datasheet GEL and AGM Batteries en
No ratings yet
Datasheet GEL and AGM Batteries en
4 pages
MuleSoft Connectivity Benchmark Report 2018
No ratings yet
MuleSoft Connectivity Benchmark Report 2018
30 pages
Python Pbl2
No ratings yet
Python Pbl2
13 pages
Add or Remove A Macro From Code
No ratings yet
Add or Remove A Macro From Code
2 pages
Sureen Resume
No ratings yet
Sureen Resume
4 pages
Unity Mcqs
100% (1)
Unity Mcqs
1 page
Pega Certifications - Pega Academy
No ratings yet
Pega Certifications - Pega Academy
2 pages
How To Post A Purchase Return FB65 in SAP FI
100% (1)
How To Post A Purchase Return FB65 in SAP FI
4 pages
Riscv Sapphire Ug v5.1
No ratings yet
Riscv Sapphire Ug v5.1
140 pages
Bug Life Cycle
No ratings yet
Bug Life Cycle
4 pages
CSIR 2016 ImprovementsWinDCPSoftwarePavementDesignLVR FinalDevReport AFCAP
No ratings yet
CSIR 2016 ImprovementsWinDCPSoftwarePavementDesignLVR FinalDevReport AFCAP
33 pages
How Can I Uninstall JDownloader - Powered by Kayako Help Desk Software
No ratings yet
How Can I Uninstall JDownloader - Powered by Kayako Help Desk Software
1 page
Microsoft Commerce Server 2009 Installation and Configuration Guide
No ratings yet
Microsoft Commerce Server 2009 Installation and Configuration Guide
118 pages
Worksheet Data Rep and Intro C++
No ratings yet
Worksheet Data Rep and Intro C++
4 pages
Software Engineer C++ FRIEND MTS
No ratings yet
Software Engineer C++ FRIEND MTS
2 pages
Flutter Architecture
No ratings yet
Flutter Architecture
65 pages
Lecture 3-Script and Function
No ratings yet
Lecture 3-Script and Function
28 pages
Agile Methods: Scrum, Crystal, Lean SD, : Course "Spezielle Themen Der Softwaretechnik"
No ratings yet
Agile Methods: Scrum, Crystal, Lean SD, : Course "Spezielle Themen Der Softwaretechnik"
45 pages
Final Exam Guide SER423
No ratings yet
Final Exam Guide SER423
14 pages
Goutam Resume (Django Developer)
No ratings yet
Goutam Resume (Django Developer)
2 pages
Noida Software Companies - List of IT Companies in Noida
No ratings yet
Noida Software Companies - List of IT Companies in Noida
3 pages
RPGToolBox Manual
No ratings yet
RPGToolBox Manual
156 pages
IoT Group Project - Instruction Sheet
No ratings yet
IoT Group Project - Instruction Sheet
3 pages
STL - Vector - HackerEarth
No ratings yet
STL - Vector - HackerEarth
4 pages
Compiler Construction i Csc310 1719310228
No ratings yet
Compiler Construction i Csc310 1719310228
112 pages
Construct 3 Manual
No ratings yet
Construct 3 Manual
1,327 pages
Rekayasa Perangkat Lunak
0% (1)
Rekayasa Perangkat Lunak
7 pages
SE601 Week 2
No ratings yet
SE601 Week 2
10 pages
Lab Activity Java Basic
No ratings yet
Lab Activity Java Basic
4 pages
Logcat 1712701083115
No ratings yet
Logcat 1712701083115
502 pages