Get the list of the IDS events that are detected, grouped by signature id.

Get the list of the IDS events that are detected with the total number of
intrusions detected, their severity and the time they occurred,
grouped by signature id.

Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-events

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

PolicyIdsEventDataRequest+

Name	Description	Type	Notes
filters	Filter conditions An array of filter conditions.	array of FilterRequest

Example Request:

POST https://<policy-mgr>/policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-events { "filters": [ { "field_names": "signature_detail.severity", "value": "HIGH OR CRITICAL" } ] }

Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyIdsEventsBySignatureResult+

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all intrusions detected List of all intrusions detected, grouped by signature. The details include signature id, name, severity, timestamp, and total number of attempts per signature.	array of PolicyIdsEventsBySignature	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Example Response:

{ "results": [ { "signature_id": 4010643, "signature_name": "ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity", "severity": "HIGH", "count": 87, "first_occurence": 1590516802000, "resource_type": "IDSEvent" }, { "signature_id": 4101968, "signature_name": "SLR Alert - GrandCrabv5 Ransomware Infection - POST to CnC", "severity": "CRITICAL", "count": 1002, "first_occurence": 1590516798000, "resource_type": "IDSEvent" } ] }

Get the list of the IDS events that are detected, grouped by signature id.

Request:

PolicyIdsEventDataRequest (schema)

Example Request:

Successful Response:

PolicyIdsEventsBySignatureResult (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: