## Get top layer 7 attack pairs (origin and target locations) **get** `/radar/attacks/layer7/top/attacks` Retrieves the top attacks from origin to target location. Values are percentages of the total layer 7 attacks (with billing country). The attack magnitude can be defined by the number of mitigated requests or by the number of zones affected. You can optionally limit the number of attacks by origin/target location (useful if all the top attacks are from or to the same location). ### Query Parameters - `asn: optional array of string` Filters results by Autonomous System. Specify one or more Autonomous System Numbers (ASNs) as a comma-separated list. Prefix with `-` to exclude ASNs from results. For example, `-174, 3356` excludes results from AS174, but includes results from AS3356. - `continent: optional array of string` Filters results by continent. Specify a comma-separated list of alpha-2 codes. Prefix with `-` to exclude continents from results. For example, `-EU,NA` excludes results from EU, but includes results from NA. - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `limitDirection: optional "ORIGIN" or "TARGET"` Specifies whether the `limitPerLocation` applies to the source or target location. - `"ORIGIN"` - `"TARGET"` - `limitPerLocation: optional number` Limits the number of attacks per origin/target (refer to `limitDirection` parameter) location. - `location: optional array of string` Filters results by location. Specify a comma-separated list of alpha-2 codes. Prefix with `-` to exclude locations from results. For example, `-US,PT` excludes results from the US, but includes results from PT. - `mitigationProduct: optional array of "DDOS" or "WAF" or "BOT_MANAGEMENT" or 4 more` Filters the results by layer 7 mitigation product. - `"DDOS"` - `"WAF"` - `"BOT_MANAGEMENT"` - `"ACCESS_RULES"` - `"IP_REPUTATION"` - `"API_SHIELD"` - `"DATA_LOSS_PREVENTION"` - `name: optional array of string` Array of names used to label the series in the response. - `normalization: optional "PERCENTAGE" or "MIN_MAX"` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN_MAX"` ### Returns - `result: object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { originCountryAlpha2, originCountryName, targetCountryAlpha2, 2 more }` - `originCountryAlpha2: string` - `originCountryName: string` - `targetCountryAlpha2: string` - `targetCountryName: string` - `value: string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/attacks/layer7/top/attacks \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z", "tags": [ "BOT_CLASS" ] } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "originCountryAlpha2": "US", "originCountryName": "United States", "targetCountryAlpha2": "FR", "targetCountryName": "France", "value": "4.323214" } ] }, "success": true } ```