NSX-T Data Center REST API
Publish/Cancel/Validate the custom signatures
Publish/Cancel/Validate the customer signatures.CANCEL: Revert to earlier published state i.e. cancel/remove all the unpublished custom signatures.
VALIDATE: Trigger the validation of the custom signatures.
PUBLISH: Publish the custom signatures. This action will push all the valid custom signatures to datapath.
This API is only available when using VMware NSX.
Request:
Method:
POST
URI Path(s):
/policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures
Request Headers:
n/a
Query Parameters:
IdsCustomSignatureActionParameter+
Request Body:
CustomSignatureValidationPayload+
Example Request:
{ "modified_signatures": [ { "signature_id": "1001061397", "overridden_signature": { "action": "DROP" } } ] } { "modified_signatures": [ { "signature_id": "1001061397", "overridden_signature": { "action": "DROP" } }, { "signature_id": "1001060933", "raw_signature": "reject http $HOME_NET any -> $EXTERNAL_NET any (msg:\"NSX - (Initial Access) Detect CVE-2014-6332\"; flow:established,to_server; target:src_ip; content:\" } ] }Successful Response:
Response Code:
202 Accepted
Response Headers:
n/a
Response Body:
n/a