Detcted intrusions grouped by signature
Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.
| Name | Description | Type | Notes |
|---|---|---|---|
| count | Number of times signature was seen Number of times this particular signature was detected. |
integer | Readonly |
| first_occurence | First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| is_ongoing | Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion. |
boolean | Readonly |
| resource_type | IDSEvent resource type IDSEvent resource type. |
string | Required Readonly |
| severity | Severity of the signature Severity of the threat covered by the signature, can be Critical, High, Medium, or Low. |
string | Readonly |
| signature_id | Signature ID Signature ID pertaining to the detected intrusion. |
integer | Readonly |
| signature_name | Name of the signature Name of the signature pertaining to the detected intrusion. |
string | Readonly |
| traffic_type | IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST. |
string | Readonly Enum: GATEWAY, HOST |