NSX-T Data Center REST API
PolicyIdsEventsBySignature (schema)
Detected intrusions grouped by signature
Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.
| Name | Description | Type | Notes |
|---|---|---|---|
| count | Number of times signature was seen Number of times this particular signature was detected. |
integer | Readonly |
| first_occurence | First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| first_occurrence_site | IDS event first occurrence site The site at which the intrusion first occurred. |
string | Readonly |
| is_ongoing | Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion. |
boolean | Readonly |
| project_id | Project Identifier | string | Readonly |
| project_path | Project path | string | Readonly |
| resource_type | IDSEvent resource type IDSEvent resource type. |
string | Required Readonly |
| severity | Severity of the signature Severity of the threat covered by the signature, can be Critical, High, Medium, or Low. |
string | Readonly |
| signature_id | Signature ID Signature ID pertaining to the detected intrusion. |
integer | Readonly |
| signature_name | Name of the signature Name of the signature pertaining to the detected intrusion. |
string | Readonly |
| sites_occurred | IDS event occurrence sites The sites at which the intrusion occurred. |
array of string | Readonly |
| traffic_type | IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST. |
string | Readonly Enum: GATEWAY, HOST |