NSX-T Data Center REST API

Publish/Cancel/Validate the custom signatures

Publish/Cancel/Validate the customer signatures.
CANCEL: Revert to earlier published state i.e. cancel/remove all the unpublished custom signatures.
VALIDATE: Trigger the validation of the custom signatures.
PUBLISH: Publish the custom signatures. This action will push all the valid custom signatures to datapath.
This API is only available when using VMware NSX.

Request:

Method:
POST
URI Path(s):
/policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures
Request Headers:
n/a
Query Parameters:
IdsCustomSignatureActionParameter+
Request Body:
CustomSignatureValidationPayload+

Example Request:

##Publish API request to override a signature POST https://<policy-mgr>/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/Test/custom-signatures?action=PUBLISH { "modified_signatures": [ { "signature_id": "1001061397", "overridden_signature": { "action": "DROP" } } ] } ##Validate API request payload to override a signature and edirt another signature POST https://<policy-mgr>/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/Test/custom-signatures?action=VALIDATE { "modified_signatures": [ { "signature_id": "1001061397", "overridden_signature": { "action": "DROP" } }, { "signature_id": "1001060933", "raw_signature": "reject http $HOME_NET any -> $EXTERNAL_NET any (msg:\"NSX - (Initial Access) Detect CVE-2014-6332\"; flow:established,to_server; target:src_ip; content:\"GET\"; nocase; http_method; content:\"?MTIzNDU2\"; http_uri; pcre:\"/\/\\?MTIzNDU2[A-Za-z0-9+\/=]*&d=[a-z0-9]{32} HTTP/\"; flowbits:set,LL.verifier_http_successful; flowbits:set,LL.verifier_http_failed; flowbits:set,LL.verifier_http_blocked; threshold: type limit, track by_src, seconds 180, count 1; metadata:ll_expected_verifier default, flip_endpoints False, server_side False, threat_class_name drive-by, threat_name CVE-2014-6332, ids_mode REAL, blacklist_mode DISABLED, exploited None, confidence 70, severity 75, detector_id 61397, signature_severity High; reference:url,www.lastline.com; classtype:attempted-user; sid:1061397; rev:3565; priority:2;)" } ] } ##CAncel API request POST https://<policy-mgr>/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/Test/custom-signatures?action=CANCEL

Successful Response:

Response Code:
202 Accepted
Response Headers:
n/a
Response Body:
n/a

Required Permissions:

crud

Feature:

policy_common_ids

Additional Errors: