NSX-T Data Center REST API

PolicyIdsEventsSummary (type)

{
  "additionalProperties": false,
  "description": "Intrusion event with all the event and signature details, each event contains the signature id, name, severity, first and recent occurence, users and VMs affected and other signature metadata.",
  "id": "PolicyIdsEventsSummary",
  "module_id": "PolicyIDSMetrics",
  "properties": {
    "affected_ip_count": {
      "description": "Count of workload IPs on which a particular signature was detected.",
      "readonly": true,
      "required": false,
      "title": "Count of workload IPs this signature was detected on",
      "type": "integer"
    },
    "affected_vm_count": {
      "description": "Count of VMs on which a particular signature was detected.",
      "readonly": true,
      "required": false,
      "title": "Count of VMs this signature was detected on",
      "type": "integer"
    },
    "first_occurence": {
      "$ref": "EpochMsTimestamp",
      "description": "First occurence of the intrusion, in epoch milliseconds.",
      "readonly": true,
      "required": false,
      "title": "First occurence of the intrusion"
    },
    "ids_flow_details": {
      "description": "IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.",
      "items": {
        "$ref": "PolicyIdsEventFlowData"
      },
      "readonly": true,
      "required": false,
      "title": "IDS event flow data details",
      "type": "object"
    },
    "is_ongoing": {
      "description": "Flag indicating an ongoing intrusion.",
      "readonly": true,
      "required": false,
      "title": "Flag indicating an ongoing intrusion",
      "type": "boolean"
    },
    "is_rule_valid": {
      "description": "Indicates if the rule id is valid or not.",
      "readonly": true,
      "required": false,
      "title": "Is the rule id valid",
      "type": "boolean"
    },
    "latest_occurence": {
      "$ref": "EpochMsTimestamp",
      "description": "Latest occurence of the intrusion, in epoch milliseconds.",
      "readonly": true,
      "required": false,
      "title": "Latest occurence of the intrusion"
    },
    "pcap_id": {
      "description": "ID of the packet-capture associated with an event.",
      "readonly": true,
      "required": false,
      "title": "PCAP ID",
      "type": "string"
    },
    "project_id": {
      "readonly": true,
      "required": false,
      "title": "Project Identifier",
      "type": "string"
    },
    "project_path": {
      "readonly": true,
      "required": false,
      "title": "Project path",
      "type": "string"
    },
    "resource_type": {
      "description": "IDSEvent resource type.",
      "readonly": true,
      "required": true,
      "title": "IDSEvent resource type",
      "type": "string"
    },
    "rule_id": {
      "description": "The IDS Rule id that detected this particular intrusion.",
      "readonly": true,
      "required": false,
      "title": "IDS Rule id of detected intrusion",
      "type": "integer"
    },
    "signature_id": {
      "description": "Signature ID pertaining to the detected intrusion.",
      "readonly": true,
      "required": false,
      "title": "Signature ID",
      "type": "integer"
    },
    "signature_metadata": {
      "description": "Metadata about the detected signature including name, id, severity, product affected, protocol etc.",
      "items": {
        "$ref": "IdsSignature"
      },
      "readonly": true,
      "required": false,
      "title": "Metadata about the detected signature",
      "type": "object"
    },
    "site_id": {
      "description": "Site Identifier",
      "readonly": true,
      "required": false,
      "title": "Site Identifier",
      "type": "string"
    },
    "total_count": {
      "description": "Number of times this particular signature was detected.",
      "readonly": true,
      "required": false,
      "title": "Number of occurrences of this signature",
      "type": "integer"
    },
    "user_details": {
      "description": "List of users logged into VMs on which a particular signature was detected.",
      "items": {
        "$ref": "PolicyIdsUserStats"
      },
      "readonly": true,
      "required": false,
      "title": "List of users on the affected VMs",
      "type": "object"
    },
    "vm_details": {
      "description": "List of VMs on which a particular signature was detected with the count.",
      "items": {
        "$ref": "PolicyIdsVmStats"
      },
      "readonly": true,
      "required": false,
      "title": "List of VMs this signature was seen",
      "type": "object"
    }
  },
  "title": "Intrusions with event and signature data",
  "type": "object"
}