Suspicious Behavior

NVIDIA UFM Cyber-AI Documentation v2.7.0
  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/network

  • URL filters:

    • From – retrieve alerts triggered within the last given time period:

      Copy
      Copied!
                  

      ?from=-<time>

      Supported time units: h (for hours), d (for days), w (for weeks), m (for months). For example: ?from=-6h.

    • Severity – retrieve only alerts with a severity included in the list:

      Copy
      Copied!
                  

      ?severities=<comma-separated list of severities>

      Supported severity types: Critical, Major, Minor, Warning, Info.

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { [ "alert_id": 2001, "timestamp": "Mon Sep 7 07:54:17 2020", "network_name": "default", "severity": "Critical", "probability": 85, “percentage”:60     "influencers": [ "infl1", "infl2", "infl3" ], "description": "Suspicious network behavior is detected in your cluster", ] }

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/network/<alert_id>

  • URL filters:

    • From – retrieve alerts triggered within the last given time period:

      Copy
      Copied!
                  

      ?from=-<time>

      Supported time units: h (for hours), d (for days), w (for weeks), m (for months). For example: ?from=-6h.

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { "alert_id": 39241, "occurrence": "1 time during the last 2 hours", "severity": "Warning", "description": "port_xmit_wait is 2735.23% above the average", "full_description": "port_xmit_wait:132470536 is above the average: 4672298", "influencers": [ "port_xmit_wait" ], "recommended_actions": [ "These steps should be applied on top 5 ports", "Port reset and keep monitoring", "If still getting the alerts, please check if there any related cable alerts via cable anomaly tab", "In addition, please check relevant cable measure trend via cable anomaly tab", "If there are alerts for connected cable and/or depredating trend please consider cable replacement", "If known issue due to maintenance activity please use suppress function do define as known issue" ], "percentage": 2735.23, "nodes": [ { "port_guid": "0x24be05ffffc13011", "port_xmit_wait": 467264335.5705527, "port_name": "HCA-1/1", "node_guid": "0x24be05ffffc13010", "system_name": "mtlx319", "type": "switch", "role": "tor" }, { "port_guid": "0x98039b03006c6912", "port_xmit_wait": 466359722.25149757, "port_name": "1", "node_guid": "0x98039b03006c6912", "system_name": "mtlx473", "type": "host", "role": "endpoint" } ], "first_occurrence_timestamp": "2022-09-21 13:00", "influencers_display_names": [ "Port Xmit Wait" ], "timestamp": "2022-09-21 13:00" }  

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

    404

    Not found

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/tenant

  • URL filters:

    • From – retrieve alerts triggered within the last given time period:

      Copy
      Copied!
                  

      ?from=-<time>

      Supported time units: h (for hours), d (for days), w (for weeks), m (for months). For example: ?from=-6h.

    • Severity – retrieve only alerts with a severity included in the list:

      Copy
      Copied!
                  

      ?severities=<comma-separated list of severities>

      Supported severity types: Critical, Major, Minor, Warning, Suspect, Info.

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { [ "alert_id": 3001, "timestamp": "Mon Sep 7 07:53:45 2020", "tenant_id": "0x0004", "severity": "Critical", "probability": 85, "influencers": [ "infl1", "infl2", "infl3" ], "description": "Inefficient network utilization for PKey 0x0004" ] }

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/tenant/<alert_id>

  • URL filters:

    • From – retrieve alerts triggered within the last given time period:

      Copy
      Copied!
                  

      ?from=-<time>

      Supported time units: h (for hours), d (for days), w (for weeks), m (for months). For example: ?from=-6h.

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    [ "alert_id": 3001, "timestamp": "Mon Sep 7 07:54:17 2020", "tenant_id": "0x0004", "severity": "Critical", "probability": 85, "influencers": [ "infl1", "infl2", "infl3" ], "description": "Inefficient network utilization for PKey 0x0004", "occurrence": "9 times during the last 24 hours", "recommended_actions": "It seems that your placement engine/job scheduler did not allocate the best nodes for this job", "nodes": [ { "node_guid": "0x24be05ffffc13010", "system_name": "mtlx319", "type": "switch", "role": "tor" }, { "node_guid": "0x98039b03006c6912", "system_name": "mtlx473", "type": "host", "role": "endpoint" } }

  • Response codes

    Status

    Description

    200

    Success

    404

    Not found

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/ logical-server

  • URL filters

    • From – retrieve alerts triggered within the last given time period:

      Copy
      Copied!
                  

      ?from=-<time>

      Supported time units: h (for hours), d (for days), w (for weeks), m (for months). For example: ?from=-6h.

    • Severity – retrieve only alerts with a severity included in the list:

      Copy
      Copied!
                  

      ?severities=<comma-separated list of severities>

      Supported severity types: Critical, Major, Minor, Warning, Suspect, Info and Notice.

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    [ { "alert_id": 1, "logical_server": "LS_test", "severity": "Critical", "description": "Logical server test_ls is utilized above 71.54%", "influencers": [ "utilization", "port_xmit_data", "port_rcv_data" ], "influencers_display_names": [ "Utilization", "Port Xmit Data", "Port Received Data" ], "timestamp": "2022-02-21 18:10" } ]

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

    Get Specific Logical Server Alert

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/logical-server/<alert_id>

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { "alert_id": 1, "logical_server": "LS_test", "severity": "Critical", "description": "Logical server test_ls is utilized above 71.54%", "influencers": [ "utilization", "port_xmit_data", "port_rcv_data" ], "influencers_display_names": [ "Utilization", "Port Xmit Data", "Port Received Data" ], "timestamp": "2022-02-21 18:10" }

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

Cable Alerts Summary

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/summary

  • Filters

    • from

    • to

    • min_deviation

    • max_deviation

  • Request Data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { 'cable_threshold_events': {    'Critical': 6,    'Major': 0,    'Minor': 0,    'Warning': 0,    'Suspect': 0,    'Info': 0,    'Notice': 0 }, 'cable_deviation_events': {    'Critical': 0,    'Major': 0,    'Minor': 0,    'Warning': 0,    'Suspect': 0,    'Info': 5,    'Notice': 0 } }

  • Response Code

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

Threshold Events

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/threshold

  • Filters

    • from

    • to

    • sn

    • guid

    • severity

    • influencers

    • port

    • channel

    • brief

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    "alert_id": 1, "occurrence": 179, "node_guid": "0x0010e0000187dce9", "port": 1, "link_partner": "0x506b4b0300623360:7", "source_type": "switch", "source_role": "tor", "destination_type": "switch", "destination_role": "tor", "sn": "NA", "speed": "NA", "cable_info": "850 nm VCSEL", "description": "Cable Failure for 0x0010e0000187dce9:1:NA regarding tx_bias.1:0.0", "severity": "Critical", "influencers": [ "tx_bias.1" ], "influencers_values": [ 0 ], "channel": 1, "influencers_display_names": [ "TX Bias" ], "timestamp": "2022-06-18 00:00" }, ...

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

Specific Threshold Event

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/threshold/<event_id>

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    {    "alert_id": 1,    "occurrence": 179,    "node_guid": "0x0010e0000187dce9",    "port": 1,    "link_partner": "0x506b4b0300623360:7",    "source_type": "switch",    "source_role": "tor",    "destination_type": "switch",    "destination_role": "tor",    "sn": "NA",    "speed": "NA",    "cable_info": "850 nm VCSEL",    "description": "Cable Failure for 0x0010e0000187dce9:1:NA regarding tx_bias.1:0.0",    "severity": "Critical",    "influencers": [        "tx_bias.1"    ],    "influencers_values": [        0    ],    "channel": 1,    "influencers_display_names": [        "TX Bias"    ],    "timestamp": "2022-06-18 00:00" }

  • Response codes

    Status

    Description

    200

    Success

Threshold Event Tachometer

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/threshold/<event_id>/meter

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    { "high_alarm_range": [8.5, 9], "high_warning_range": [8, 8.5], "normal_range": [6.1, 8], "low_warning_range": [5.5, 6.1], "low_alarm_range": [5, 5.5] }

  • Response codes

    Status

    Description

    200

    Success

Deviation Events

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/deviation

  • Filters

    • from

    • to

    • sn

    • guid

    • severity

    • influencers

    • port

    • channel

    • min_deviation

    • max_deviation

    • brief

  • Request data

    Copy
    Copied!
                

    None

  • Response

    Copy
    Copied!
                

    [ {    "alert_id": 1,    "occurrence": 179,    "node_guid": "0x0010e0000187dce9",    "port": 1,    "link_partner": "0x506b4b0300623360:7",    "source_type": "switch",    "source_role": "tor",    "destination_type": "switch",    "destination_role": "tor",    "sn": "NA",    "speed": "NA",    "cable_info": "850 nm VCSEL",    "description": "Cable Failure for 0x0010e0000187dce9:1:NA regarding tx_bias.1:0.0",    "deviation": 69.14892243,    "severity": "Critical",    "influencers": [        "tx_bias.1"    ],    "influencers_values": [        0    ],    "channel": 1,    "influencers_display_names": [        "TX Bias"    ],    "timestamp": "2022-06-18 00:00" }, ... ]

  • Response codes

    Status

    Description

    200

    Success

    400

    Bad request (invalid argument)

Specific Deviation Event

  • URL

    Copy
    Copied!
                

    GET /cyber-ai/anomalies/cable/deviation/<event_id>

  • Request data

    Copy
    Copied!
                

    none

  • Response

    Copy
    Copied!
                

    {    "alert_id": 1,    "occurrence": 179,    "node_guid": "0x0010e0000187dce9",    "port": 1,    "link_partner": "0x506b4b0300623360:7",    "source_type": "switch",    "source_role": "tor",    "destination_type": "switch",    "destination_role": "tor",    "sn": "NA",    "speed": "NA",    "cable_info": "850 nm VCSEL",    "description": "Cable Failure for 0x0010e0000187dce9:1:NA regarding tx_bias.1:0.0",    "deviation": 69.14892243,    "severity": "Critical",    "influencers": [        "tx_bias.1"    ],    "influencers_values": [        0    ],    "channel": 1,    "influencers_display_names": [        "TX Bias"    ],    "timestamp": "2022-06-18 00:00" }

  • Response codes

    Status

    Description

    200

    Success

© Copyright 2023, NVIDIA. Last updated on Feb 8, 2024.