NSX-T Data Center REST API

PolicyIdsEventsBySignature (type)

{
  "additionalProperties": false,
  "description": "Intrusions that are detected, grouped by signature. It contains the signature id, severity, name, the number of intrusions of that type and the first occurence.",
  "id": "PolicyIdsEventsBySignature",
  "module_id": "PolicyIDSMetrics",
  "properties": {
    "count": {
      "description": "Number of times this particular signature was detected.",
      "readonly": true,
      "required": false,
      "title": "Number of times signature was seen",
      "type": "integer"
    },
    "first_occurence": {
      "$ref": "EpochMsTimestamp",
      "description": "First occurence of the intrusion, in epoch milliseconds.",
      "readonly": true,
      "required": false,
      "title": "First occurence of the intrusion"
    },
    "first_occurrence_site": {
      "description": "The site at which the intrusion first occurred.",
      "readonly": true,
      "required": false,
      "title": "IDS event first occurrence site",
      "type": "string"
    },
    "is_ongoing": {
      "description": "Flag indicating an ongoing intrusion.",
      "readonly": true,
      "required": false,
      "title": "Flag indicating an ongoing intrusion",
      "type": "boolean"
    },
    "project_id": {
      "readonly": true,
      "required": false,
      "title": "Project Identifier",
      "type": "string"
    },
    "project_path": {
      "readonly": true,
      "required": false,
      "title": "Project path",
      "type": "string"
    },
    "resource_type": {
      "description": "IDSEvent resource type.",
      "readonly": true,
      "required": true,
      "title": "IDSEvent resource type",
      "type": "string"
    },
    "severity": {
      "description": "Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.",
      "readonly": true,
      "required": false,
      "title": "Severity of the signature",
      "type": "string"
    },
    "signature_id": {
      "description": "Signature ID pertaining to the detected intrusion.",
      "readonly": true,
      "required": false,
      "title": "Signature ID",
      "type": "integer"
    },
    "signature_name": {
      "description": "Name of the signature pertaining to the detected intrusion.",
      "readonly": true,
      "required": false,
      "title": "Name of the signature",
      "type": "string"
    },
    "sites_occurred": {
      "description": "The sites at which the intrusion occurred.",
      "items": {
        "type": "string"
      },
      "readonly": true,
      "required": false,
      "title": "IDS event occurrence sites",
      "type": "array"
    },
    "traffic_type": {
      "description": "The source where the intrusion was detected. Possible values are GATEWAY and HOST.",
      "enum": [
        "GATEWAY",
        "HOST"
      ],
      "readonly": true,
      "required": false,
      "title": "IDS event detection source",
      "type": "string"
    }
  },
  "title": "Detected intrusions grouped by signature",
  "type": "object"
}