{
"additionalProperties": false,
"description": "Intrusion event with all the event and signature details, each event contains the signature id, name, severity, first and recent occurence, users and VMs affected and other signature metadata.",
"id": "PolicyIdsEventsSummary",
"module_id": "PolicyIDSMetrics",
"properties": {
"affected_ip_count": {
"description": "Count of workload IPs on which a particular signature was detected.",
"readonly": true,
"required": false,
"title": "Count of workload IPs this signature was detected on",
"type": "integer"
},
"affected_vm_count": {
"description": "Count of VMs on which a particular signature was detected.",
"readonly": true,
"required": false,
"title": "Count of VMs this signature was detected on",
"type": "integer"
},
"first_occurence": {
"$ref": "EpochMsTimestamp,
"description": "First occurence of the intrusion, in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "First occurence of the intrusion"
},
"ids_flow_details": {
"description": "IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.",
"items": {
"$ref": "PolicyIdsEventFlowData
},
"readonly": true,
"required": false,
"title": "IDS event flow data details",
"type": "object"
},
"is_ongoing": {
"description": "Flag indicating an ongoing intrusion.",
"readonly": true,
"required": false,
"title": "Flag indicating an ongoing intrusion",
"type": "boolean"
},
"is_rule_valid": {
"description": "Indicates if the rule id is valid or not.",
"readonly": true,
"required": false,
"title": "Is the rule id valid",
"type": "boolean"
},
"latest_occurence": {
"$ref": "EpochMsTimestamp,
"description": "Latest occurence of the intrusion, in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "Latest occurence of the intrusion"
},
"resource_type": {
"description": "IDSEvent resource type.",
"readonly": true,
"required": true,
"title": "IDSEvent resource type",
"type": "string"
},
"rule_id": {
"description": "The IDS Rule id that detected this particular intrusion.",
"readonly": true,
"required": false,
"title": "IDS Rule id of detected intrusion",
"type": "integer"
},
"signature_id": {
"description": "Signature ID pertaining to the detected intrusion.",
"readonly": true,
"required": false,
"title": "Signature ID",
"type": "integer"
},
"signature_metadata": {
"description": "Metadata about the detected signature including name, id, severity, product affected, protocol etc.",
"items": {
"$ref": "IdsSignature
},
"readonly": true,
"required": false,
"title": "Metadata about the detected signature",
"type": "object"
},
"total_count": {
"description": "Number of times this particular signature was detected.",
"readonly": true,
"required": false,
"title": "Number of occurrences of this signature",
"type": "integer"
},
"user_details": {
"description": "List of users logged into VMs on which a particular signature was detected.",
"items": {
"$ref": "PolicyIdsUserStats
},
"readonly": true,
"required": false,
"title": "List of users on the affected VMs",
"type": "object"
},
"vm_details": {
"description": "List of VMs on which a particular signature was detected with the count.",
"items": {
"$ref": "PolicyIdsVmStats
},
"readonly": true,
"required": false,
"title": "List of VMs this signature was seen",
"type": "object"
}
},
"title": "Intrusions with event and signature data",
"type": "object"
}