NSX-T Data Center REST API

IDSEventsBySignature (type)

{
  "additionalProperties": false,
  "description": "Intrusions that are detected, grouped by signature. It contains the signature id, severity, name, the number of intrusions of that type and the first occurence.",
  "extends": {
    "$ref": "Resource"
  },
  "id": "IDSEventsBySignature",
  "module_id": "IDSMetrics",
  "properties": {
    "_links": {
      "description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
      "items": {
        "$ref": "ResourceLink"
      },
      "readonly": true,
      "title": "References related to this resource",
      "type": "array"
    },
    "_schema": {
      "readonly": true,
      "title": "Schema for this resource",
      "type": "string"
    },
    "_self": {
      "$ref": "SelfResourceLink",
      "readonly": true,
      "title": "Link to this resource"
    },
    "count": {
      "description": "Number of times this particular signature was detected.",
      "readonly": true,
      "required": false,
      "title": "Number of times signature was seen",
      "type": "integer"
    },
    "first_occurence": {
      "$ref": "EpochMsTimestamp",
      "description": "First occurence of the intrusion, in epoch milliseconds.",
      "readonly": true,
      "required": false,
      "title": "First occurence of the intrusion"
    },
    "is_ongoing": {
      "description": "Flag indicating an ongoing intrusion.",
      "readonly": true,
      "required": false,
      "title": "Flag indicating an ongoing intrusion",
      "type": "boolean"
    },
    "resource_type": {
      "description": "IDSEvent resource type.",
      "readonly": true,
      "required": true,
      "title": "IDSEvent resource type",
      "type": "string"
    },
    "severity": {
      "description": "Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.",
      "readonly": true,
      "required": false,
      "title": "Severity of the signature",
      "type": "string"
    },
    "signature_id": {
      "description": "Signature ID pertaining to the detected intrusion.",
      "readonly": true,
      "required": false,
      "title": "Signature ID",
      "type": "integer"
    },
    "signature_name": {
      "description": "Name of the signature pertaining to the detected intrusion.",
      "readonly": true,
      "required": false,
      "title": "Name of the signature",
      "type": "string"
    }
  },
  "title": "Detcted intrusions grouped by signature",
  "type": "object"
}