MikeB @ LG has reported that the webhook defined for DIS isn't being invoked for IPv6 target addresses on their Arbor system.
From the slack messages:
There seems to be an issue with the Arbor API sending alerts. We started off observing a lower number of IPv6 DDOS attacks compared to IPv4, this led to some nice discussions (after all IPv6 space is harder to enumerate) and we were happy that IPv6 was safer. On further investigation we can see we have IPv6 attacks with alert ID’s which aren’t shared to our SIEM. In the API, IPv4 attacks get data, IPv6 attacks seem to be hit and miss. I took an example (screenshots below) of attack 133046 which via the website shows data, when I query via the API I get a blank result set. This seems to also mean the alert isn’t sent via the syslog/APIHOOK to our data collectors.
MikeB @ LG has reported that the webhook defined for DIS isn't being invoked for IPv6 target addresses on their Arbor system.
From the slack messages: