Policy > Security > East West Security > Distributed IDS > Dashboard

Get the summary of the intrusions that were detected.

Get the summary of all the intrusions that are detected grouped by signature
with details including signature name, id, severity, attack type, protocol,
first and recent occurence, and affected users and VMs.
The following filter criteria are supported: attack target, attack type,
gateway name, IP address, product affected, signature ID and VM name.

Request:

Method:
POST
URI Path(s):
/policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-summary
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
PolicyIdsEventDataRequest+

Example Request:

POST https://<policy-mgr>/policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-summary { "filters": [ { "field_names": "signature_detail.signature_id", "value": "4010643" } ] }

Successful Response:

Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PolicyIdsSummaryListResult+

Example Response:

{ "results": [ { "signature_id": 4010643, "total_count": 87, "affected_vm_count": 1, "user_details": { "count": 0, "user_list": [] }, "rule_id": 1001, "is_rule_valid": true, "idsflow_details": { "source_ip": "192.168.56.150", "source_port": 49170, "destination_ip": "178.33.233.154", "destination_port": 80, "protocol": "TCP", "profile_id": "491B2D21-4CEA-48E4-A7C0-98D5DDFE65E3-05-26T18:19491B2D214CEA48E4A7C098D5DDFE65E3", "rule_id": 1001, "action_type": "ALERT", "local_vm_ip": "192.168.56.150", "client_ip": "192.168.56.150" }, "signature_metadata": { "resource_type": "IdsSignature", "signature_id": 4010643, "name": "ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity", "class_type": "trojan-activity", "signature_revision": 4, "signature_severity": "Major", "cvssv3": "0.0", "cvssv2": "0.0", "tag": [ "Ransomware" ], "action": "alert", "protocol": "http", "direction": "$HOME_NET any -> $EXTERNAL_NET any", "flow": "", "policy": [ "suricata-ids" ], "type": [ "suricata" ], "affected_product": "Windows_XP_Vista_7_8_10_Server_32_64_Bit", "performance_impact": "Low", "enabled": true, "attack_target": "Client_Endpoint", "malware_family": "GandCrab", "severity": "HIGH", "urls": [] }, "first_occurence": 1590516802000, "latest_occurence": 1590517147000, "resource_type": "IDSEvent" } ], "result_count": 1, "sort_by": "displayName", "sort_ascending": false, "cursor": "1" }

Required Permissions:

read

Feature:

policy_common_ids

Additional Errors: