Get the list of the IPs affected for that signature for intrusion events detected on gateway

Get the list of IP addresses affected pertaining to a specific
signature for intrusion events detected on gateway.

Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/settings/firewall/security/intrusion-services/affected-ips

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Request Body:

PolicyIdsEventDataRequest+

Name	Description	Type	Notes
filters	Filter conditions An array of filter conditions.	array of FilterRequest

Example Request:

POST https://<policy-mgr>/policy/api/v1/infra/settings/firewall/security/intrusion-services/affected-ips { "filters": [ { "field_names":"intrusion_timestamp","value":" >1590533447645" }, { "field_names": "signature_detail.signature_id", "value": "(4010643)" } ] }

Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyIdsIpList+

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all affected IP addresses List of all affected IP addresses specific to a particular signature.	array of IPAddress	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Example Response:

{ "results": [ "10.108.24.20", "10.80.32.121" ], "result_count": 2, "sort_by": "displayName", "sort_ascending": false, "cursor": "2" }

Get the list of the IPs affected for that signature for intrusion events detected on gateway

Request:

ListRequestParameters (schema)

PolicyIdsEventDataRequest (schema)

Example Request:

Successful Response:

PolicyIdsIpList (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: