NSX-T Data Center REST API

IDSEventsBySignature (type)

{
  "additionalProperties": false, 
  "description": "Intrusions that are detected, grouped by signature. It contains the signature id, severity, name, the number of intrusions of that type and the first occurence.", 
  "extends": {
    "$ref": "Resource
  }, 
  "id": "IDSEventsBySignature", 
  "module_id": "IDSMetrics", 
  "properties": {
    "_links": {
      "description": "The server will populate this field when returing the resource. Ignored on PUT and POST.", 
      "items": {
        "$ref": "ResourceLink
      }, 
      "readonly": true, 
      "title": "References related to this resource", 
      "type": "array"
    }, 
    "_schema": {
      "readonly": true, 
      "title": "Schema for this resource", 
      "type": "string"
    }, 
    "_self": {
      "$ref": "SelfResourceLink, 
      "readonly": true, 
      "title": "Link to this resource"
    }, 
    "count": {
      "description": "Number of times this particular signature was detected.", 
      "readonly": true, 
      "required": false, 
      "title": "Number of times signature was seen", 
      "type": "integer"
    }, 
    "first_occurence": {
      "$ref": "EpochMsTimestamp, 
      "description": "First occurence of the intrusion, in epoch milliseconds.", 
      "readonly": true, 
      "required": false, 
      "title": "First occurence of the intrusion"
    }, 
    "is_ongoing": {
      "description": "Flag indicating an ongoing intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Flag indicating an ongoing intrusion", 
      "type": "boolean"
    }, 
    "resource_type": {
      "description": "IDSEvent resource type.", 
      "readonly": true, 
      "required": true, 
      "title": "IDSEvent resource type", 
      "type": "string"
    }, 
    "severity": {
      "description": "Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.", 
      "readonly": true, 
      "required": false, 
      "title": "Severity of the signature", 
      "type": "string"
    }, 
    "signature_id": {
      "description": "Signature ID pertaining to the detected intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Signature ID", 
      "type": "integer"
    }, 
    "signature_name": {
      "description": "Name of the signature pertaining to the detected intrusion.", 
      "readonly": true, 
      "required": false, 
      "title": "Name of the signature", 
      "type": "string"
    }
  }, 
  "title": "Detcted intrusions grouped by signature", 
  "type": "object"
}