NSX-T Data Center REST API

PolicyIdsEventsBySignature (type)

{
  "additionalProperties": false, 
  "description": "Intrusions that are detected, grouped by signature. It contains the signature id, severity, name, the number of intrusions of that type and the first occurence.", 
  "id": "PolicyIdsEventsBySignature", 
  "module_id": "PolicyIDSMetrics", 
  "properties": {
    "count": {
      "description": "Number of times this particular signature was detected.", 
      "readonly": true, 
      "required": false, 
      "title": "Number of times signature was seen", 
      "type": "integer"
    }, 
    "first_occurence": {
      "$ref": "EpochMsTimestamp, 
      "description": "First occurence of the intrusion, in epoch milliseconds.", 
      "readonly": true, 
      "required": false, 
      "title": "First occurence of the intrusion"
    }, 
    "first_occurrence_site": {
      "description": "The site at which the intrusion first occurred.", 
      "readonly": true, 
      "required": false, 
      "title": "IDS event first occurrence site", 
      "type": "string"
    }, 
    "is_ongoing": {
      "description": "Flag indicating an ongoing intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Flag indicating an ongoing intrusion", 
      "type": "boolean"
    }, 
    "project_id": {
      "readonly": true, 
      "required": false, 
      "title": "Project Identifier", 
      "type": "string"
    }, 
    "project_path": {
      "readonly": true, 
      "required": false, 
      "title": "Project path", 
      "type": "string"
    }, 
    "resource_type": {
      "description": "IDSEvent resource type.", 
      "readonly": true, 
      "required": true, 
      "title": "IDSEvent resource type", 
      "type": "string"
    }, 
    "severity": {
      "description": "Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.", 
      "readonly": true, 
      "required": false, 
      "title": "Severity of the signature", 
      "type": "string"
    }, 
    "signature_id": {
      "description": "Signature ID pertaining to the detected intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Signature ID", 
      "type": "integer"
    }, 
    "signature_name": {
      "description": "Name of the signature pertaining to the detected intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Name of the signature", 
      "type": "string"
    }, 
    "sites_occurred": {
      "description": "The sites at which the intrusion occurred.", 
      "items": {
        "type": "string"
      }, 
      "readonly": true, 
      "required": false, 
      "title": "IDS event occurrence sites", 
      "type": "array"
    }, 
    "traffic_type": {
      "description": "The source where the intrusion was detected. Possible values are GATEWAY and HOST.", 
      "enum": [
        "GATEWAY", 
        "HOST"
      ], 
      "readonly": true, 
      "required": false, 
      "title": "IDS event detection source", 
      "type": "string"
    }
  }, 
  "title": "Detected intrusions grouped by signature", 
  "type": "object"
}