NSX-T Data Center REST API

Associated URIs:

API Description API Path

List IDS gateway policies


List all IDS gateway policies for specified Domain.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies

Delete IDS GatewayPolicy


Delete IDS GatewayPolicy
DELETE /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}

Read IDS gateway policy


Read IDS gateway policy for a domain.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}

Update IDS gateway policy


Update the IDS gateway policy for a domain.
PATCH /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}

Revise the positioning of IDS gateway policy


This is used to set a precedence of a IDS gateway policy w.r.t others.
POST /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}?action=revise

Update IDS gateway policy


Update the IDS gateway policy for a domain.
PUT /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}

List IDS Gateway rules


List IDS Gateway rules
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules

Delete IDS Gateway rule


Delete IDS Gateway rule
DELETE /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}

Read IDS rule


Read IDS rule
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}

Update IDS gateway rule


Update the gateway rule.
PATCH /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}

Revise the positioning of IDS gateway rule


This is used to re-order a IDS gateway rule within a IDS gateway policy.
POST /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}?action=revise

Create or Update IDS gateway rule


Create or Update the IDS gateway rule.
PUT /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}

Get IDS gateway rule statistics


Get statistics of a IDS gateway rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/rules/{rule-id}/statistics

Get IDS gateway policy statistics


Get statistics of a IDS gateway policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-gateway-policies/{policy-id}/statistics

List IDS security policies


List intrusion detection system security policies.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies

Get IDS-IPS rule statistics


Get statistics of a IDS-IPS rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{ids-policy-id}/rules/{rule-id}/statistics
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{ids-policy-id}/rules/{rule-id}/statistics

Get IDS security policy statistics


Get statistics of a IDS security policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{ids-policy-id}/statistics
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{ids-policy-id}/statistics

Delete IDS security policy


Delete intrusion detection system security policy.
DELETE /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}

Get IDS security policy.


Read intrusion detection system security policy.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}

Patch IDS security policy


Patch intrusion detection system security policy for a domain.
PATCH /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}

Revise the positioning of IDS security policies


This is used to set a precedence of a security policy w.r.t others.
POST /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}?action=revise
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}?action=revise

create or update IDS security policy


Update intrusion detection system security policy for a domain.
PUT /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}

List IDS rules


List intrusion detection rules.
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules

Delete IDS rule


Delete intrusion detection rule.
DELETE /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}

Get IDS rule.


Read intrusion detection rule
GET /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}

Patch IDS rule


Patch intrusion detection system rule.
PATCH /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}

Revise the positioning of IDS rule


This is used to re-order a rule within a security policy.
POST /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}?action=revise
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}?action=revise

create or update IDS rule


Update intrusion detection system rule.
PUT /policy/api/v1/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/intrusion-service-policies/{policy-id}/rules/{rule-id}

Get IDS system settings


Intrusion detection system settings.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services

Patch Intrusion detection system settings


Intrusion detection system settings.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services

Update Intrusion detection system settings


Intrusion detection system settings.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services

Get the list of gateways where an intrusion event was detected


Get the list of gateways where an intrusion event matching a signature was detected.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/affected-ips
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/affected-ips

Get the list of the users affected for that signature


Get the list of the users affected pertaining to a specific
signature.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/affected-users
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/affected-users

Get the list of the VMs affected for that signature


Get the list of the VMs affected pertaining to a specific
signature.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/affected-vms
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/affected-vms

List IDS cluster configs


List intrusion detection system cluster configs.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs

Read IDS cluster config.


Read intrusion detection system cluster config
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/{cluster-config-id}

Patch IDS config on cluster level


Patch intrusion detection system on cluster level.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/{cluster-config-id}

create or update IDS config on cluster level


Update intrusion detection system on cluster level.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/{cluster-config-id}

List IDS Custom Signature Versions


List IDS Custom Signature Versions.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions

Get IDS Custom Signature Version


Get IDS Custom Signature Version.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}

Add IDS custom signatures


Add IDS custom signatures
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}

List IDS Custom Signatures


List IDS Custom Signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures

Publish/Cancel/Validate the custom signatures


Publish/Cancel/Validate the customer signatures.
CANCEL: Revert to earlier published state i.e. cancel/remove all the unpublished custom signatures.
VALIDATE: Trigger the validation of the custom signatures.
PUBLISH: Publish the custom signatures. This action will push all the valid custom signatures to datapath.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures

Get IDS Custom Signature difference


Get published and unpublished custom signatures difference.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures-diff
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures-diff

Get IDS Custom Signature


Get IDS Custom Signature.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/{sig-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/{sig-id}

Export Custom signatures into a file.


API can be used for user to export the existing custom signatures.
Accept application/json, text/plain, */*
Accept-Encoding gzip, deflate, br
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/export
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/export

Upload IDS custom signature bundle


Upload IDS custom signature bundle.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/custom-signatures/upload-custom-signatures

Get IDS custom signature settings


IDS custom signatures settings.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/settings

Patch IDS custom signature settings


Patch IDS custom signature settings.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/settings

Update IDS custom signature settings


Update IDS custom signature settings.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/custom-signature-versions/{version-id}/settings

List Global IDS signatures


List global intrusion detection signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures

Delete Global IDS signature


Delete global intrusion detection signature.
DELETE /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/{signature-id}

Get Global IDS signature.


Read global intrusion detection signature
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/{signature-id}

Patch Global IDS Signature


Patch global intrusion detection system signature.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/{signature-id}

create or update Global IDS Signature


Update global intrusion detection signature.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/{signature-id}

List all threshold configurations for IDS system signature


List all threshold configurations for IDS signatures.
This API is applicable only for 'System' signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/threshold-configs

Delete threshold configuration for IDS system signature


Resets threshold configuration for IDS system signature to default values.
This API is applicable only for 'System' signatures.
DELETE /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/threshold-configs/{signature-id}

Get threshold configuration for IDS system signature


Retrieve threshold and rate filter configuration for IDS signature.
This API is applicable only for 'System' signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/threshold-configs/{signature-id}

Patch threshold configuration for IDS system signature


Patch threshold and rate filter configuration for IDS signature globally.
This API is applicable only for 'System' signatures.
Either or both of threshold and rate filter configuration can be provided.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/threshold-configs/{signature-id}

Update threshold configuration for IDS system signature


Update threshold and rate filter configuration for IDS signature globally.
This API is applicable only for 'System' signatures.
Either or both of threshold and rate filter configuration can be provided.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/global-signatures/threshold-configs/{signature-id}

List Global IDS signatures


List global intrusion detection signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/gsm/global-signatures

Get the list of the IDS events that are detected, grouped by signature id.


Get the list of the IDS events that are detected with the total number of
intrusions detected, their severity and the time they occurred,
grouped by signature id.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-events
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/ids-events

Read IDS config


Read intrusion detection system config of standalone hosts.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

Patch IDS configuration


Patch intrusion detection system configuration on standalone hosts.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

Create or update IDS configuration


Update intrusion detection system configuration on standalone hosts.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

Get the summary of the intrusions that were detected.


Get the summary of all the intrusions that are detected grouped by signature
with details including signature name, id, severity, attack type, protocol,
first and recent occurence, and affected users and VMs.
The following filter criteria are supported: attack target, attack type,
gateway name, IP address, product affected, signature ID and VM name.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-summary
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/ids-summary

List IDS PCAP file metadata


List IDS PCAP file metadata.
Currently this is a node specific API and it will return the list
of PCAP metadata for a specific node.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/pcaps
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/pcaps

Download exported pcap file


Download the exported pcap file generated from the export IdsPcapFile api. The request
should have proper headers set to download the file. Please add the below
two headers, if it is not already present
Accept application/json, text/plain, */*
Accept-Encoding gzip, deflate, br

Currently this is a node specific API and it will download the PCAP
file from the specific node only. If PCAP file is not present on the specific
node, validation error will be thrown.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/pcaps/{file-name}/download
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/pcaps/{file-name}/download

Delete the IDS Pcap File


Delete IDS Pcap file entry from corfu and from file system.
Currently this is a node specific API and it will delete the PCAP
metadata and file for the specific node only. If PCAP file is not
present on the specific node, validation error will be thrown.
DELETE /policy/api/v1/infra/settings/firewall/security/intrusion-services/pcaps/{id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/pcaps/{id}

Request the IDS Pcap File Download


Trigger the process to collect all pcap files of all the pcap_ids mentioned in request payload.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/pcaps/export (Experimental)
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/pcaps/export (Experimental)

List IDS profiles


List intrusion detection profiles.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/profiles

Delete IDS profile


Delete intrusion detection profile.
DELETE /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}

Get IDS profile.


Read intrusion detection profile
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}

Patch IDS profile


Patch intrusion detection system profile.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}

create or update IDS profile


Update intrusion detection profile.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}

Get IDS profile signatures.


Get all the IDS signatures attached to the Profile.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/{profile-id}/effective-signatures (Experimental)

Get IDS signature versions


Intrusion detection system signature versions.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions

Change the state of IDS Signature Version


Make this IDS Signature version as ACTIVE version and other versions as NOTACTIVE.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions?action=make_active_version

List IDS signatures


List intrusion detection system signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions/{version-id}/signatures

Upload IDS signatures bundle


Upload IDS signatures bundle
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures?action=upload_signatures

Download and update IDS signatures


Trigger the process to Download and update the IDS signatures manually.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures?action=update_signatures

Get IDS signature status


Intrusion detection system signatures status.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures/status

Reset IDS-IPS rule statistics


Sets IDS-IPS rule statistics counter to zero.
- no enforcement point path specified: Reset of stats will be executed for
each enforcement point.
- {enforcement_point_path}: Reset of stats will be executed only for the given
enforcement point.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/stats?action=reset

List Malware Prevention profiles


List Malware Prevention profiles.
GET /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/profiles

Delete Malware Prevention profile


Delete Malware Prevention profile.
DELETE /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/profiles/{profile-id}

Get Malware Prevention profile.


Read Malware Prevention profile
GET /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/profiles/{profile-id}

Patch Malware Prevention profile


Patch Malware Prevention profile.
PATCH /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/profiles/{profile-id}

Create or Update Malware Prevention profile


Update Malware Prevention profile.
PUT /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/profiles/{profile-id}

List Malware Prevention signatures


List Malware Prevention signatures.
GET /policy/api/v1/infra/settings/firewall/security/malware-prevention-service/signatures