PolicyIdsEventFlowData (schema)

IDS event flow data

IDS event flow data specific to each IDS
event. The data includes source ip, source
port, destination ip, destination port,
protocol, rule id, profile id, and the
action.

Name Description Type Notes

action_type IDS Event action

The action pertaining to the detected intrusion. Possible values are ALERT, DROP, REJECT, and INVALID. ALERT - If there is a signature match on the packet, it is allowed to pass but a notification is sent to the user notifying an intrusion was detected. DROP - On a signature match, the packet is silently dropped. An alert is sent to the user that an intrusion was detected. REJECT - On a signature match, the packet is dropped and TCP RST or ICMP error messages (for non-TCP pkts) are sent to the endpoints. An alert is sent to the user that an intrusion was detected. INVALID - If the action doesn't belong to any of the above mentioned categories, it is marked as INVALID. string Readonly
Enum: ALERT, DROP, REJECT, INVALID

bytes_toclient Bytes to client

Bytes sent to client. integer Readonly

bytes_toserver Bytes to server

Bytes sent to server. integer Readonly

client_ip IP address of the client VM

IP address of the VM that initiated the communication. string Readonly

destination_ip IP address of the destination VM

IP address of the destination VM on the intrusion flow. string Readonly

destination_port Destination port

Port on the destination VM where the traffic was sent to. integer Readonly

gateway Gateway where the intrusion was detected at

Name of the gateway on which this intrusion was detected. string Readonly

gateway_tags Tags associated with the gateway

Tags associated with the gateway on which this intrusion was detected. array of Tag Readonly

host Host where intrusion was seen

Name of the host on which this intrusion was detected. string Readonly

local_vm_ip IP address of the local VM

IP address of VM on the host where IDS engine is running. string Readonly

profile_id IDS profile id

The IDS profile id that is associated with the IDS rule pertaining to the intrusion event detected. string Readonly

protocol Traffic protocol pertaining to the intrusion

Traffic protocol pertaining to the detected intrusion, could be TCP/UDP etc. string Readonly

rule_id IDS Rule id of detected intrusion

The IDS Rule id pertaining to the detected intrusion. integer Readonly

source_ip IP address of the source VM

IP address of the source VM on the intrusion flow. string Readonly

source_port Source port

Source port through which traffic was initiated that caused the intrusion to be detected. integer Readonly

traffic_type IDS event detection source

The source where the intrusion was detected. Possible values are GATEWAY and HOST. string Readonly
Enum: GATEWAY, HOST

Name	Description	Type	Notes
action_type	IDS Event action The action pertaining to the detected intrusion. Possible values are ALERT, DROP, REJECT, and INVALID. ALERT - If there is a signature match on the packet, it is allowed to pass but a notification is sent to the user notifying an intrusion was detected. DROP - On a signature match, the packet is silently dropped. An alert is sent to the user that an intrusion was detected. REJECT - On a signature match, the packet is dropped and TCP RST or ICMP error messages (for non-TCP pkts) are sent to the endpoints. An alert is sent to the user that an intrusion was detected. INVALID - If the action doesn't belong to any of the above mentioned categories, it is marked as INVALID.	string	Readonly Enum: ALERT, DROP, REJECT, INVALID
bytes_toclient	Bytes to client Bytes sent to client.	integer	Readonly
bytes_toserver	Bytes to server Bytes sent to server.	integer	Readonly
client_ip	IP address of the client VM IP address of the VM that initiated the communication.	string	Readonly
destination_ip	IP address of the destination VM IP address of the destination VM on the intrusion flow.	string	Readonly
destination_port	Destination port Port on the destination VM where the traffic was sent to.	integer	Readonly
gateway	Gateway where the intrusion was detected at Name of the gateway on which this intrusion was detected.	string	Readonly
gateway_tags	Tags associated with the gateway Tags associated with the gateway on which this intrusion was detected.	array of Tag	Readonly
host	Host where intrusion was seen Name of the host on which this intrusion was detected.	string	Readonly
local_vm_ip	IP address of the local VM IP address of VM on the host where IDS engine is running.	string	Readonly
profile_id	IDS profile id The IDS profile id that is associated with the IDS rule pertaining to the intrusion event detected.	string	Readonly
protocol	Traffic protocol pertaining to the intrusion Traffic protocol pertaining to the detected intrusion, could be TCP/UDP etc.	string	Readonly
rule_id	IDS Rule id of detected intrusion The IDS Rule id pertaining to the detected intrusion.	integer	Readonly
source_ip	IP address of the source VM IP address of the source VM on the intrusion flow.	string	Readonly
source_port	Source port Source port through which traffic was initiated that caused the intrusion to be detected.	integer	Readonly
traffic_type	IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST.	string	Readonly Enum: GATEWAY, HOST