NSX-T Data Center REST API

Get IDS Custom Signature

Get IDS Custom Signature.
This API is only available when using VMware NSX.

Request:

Method:
GET
URI Path(s):
/policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/{sig-id}
/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/{sig-id}
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:

Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
IdsCustomSignature+

Example Response:

{ "original_signature_id": "1060921", "validation_status": "VALID", "resource_type": "IdsCustomSignature", "id": "1001060921", "path": "/infra/settings/firewall/security/intrusion-services/custom-signature-versions/Test/signatures/1001060921", "relative_path": "1001060921", "parent_path": "/infra/settings/firewall/security/intrusion-services/custom-signature-versions/Test", "marked_for_delete": false, "overridden": false, "name": "NSX - Detect Zeus activity", "class_type": "trojan-activity", "severity": "CRITICAL", "signature_revision": "3007", "signature_id": "1001060921", "categories": [ "APPLICATION" ], "cvssv3": "0.0", "cvssv2": "0.0", "attack_target": "Client_Endpoint", "product_affected": "NONE", "flow": "established,to_client", "action": "reject", "enable": true, "impact": "80", "risk_score": "100", "confidence": "80", "signature": "reject http $EXTERNAL_NET any -> $HOME_NET any (msg:\"NSX - Detect Zeus activity\"; flow:established,to_client; target:dest_ip; content:\"|00 00 00 00 8D|L|C8 15 F6|dps|C7|VQ5|03|C|DD|&\"; pcre:\"/^\\x00\\x00\\x00\\x00\\x8DL\\xC8\\x15\\xF6dps\\xC7VQ5\\x03C\\xDD&/Q\"; threshold: type limit, track by_dst, seconds 180, count 1; metadata:ll_verifier_outcome successful, flip_endpoints True, server_side False, threat_class_name command&control, threat_name Zeus Variant, ids_mode REAL, blacklist_mode REAL, exploited None, confidence 80, severity 100, detector_id 60921, signature_severity Critical; reference:url,www.lastline.com; classtype:trojan-activity; sid:1060921; rev:3007; priority:1;)", "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_time": 1717743290322, "_create_user": "admin", "_last_modified_time": 1717743290322, "_last_modified_user": "admin", "_revision": 0 }

Required Permissions:

read

Feature:

policy_common_ids

Additional Errors: