Detcted intrusions grouped by signature
Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.
Name | Description | Type | Notes |
---|---|---|---|
count | Number of times signature was seen Number of times this particular signature was detected. |
integer | Readonly |
first_occurence | First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds. |
EpochMsTimestamp | Readonly |
is_ongoing | Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion. |
boolean | Readonly |
resource_type | IDSEvent resource type IDSEvent resource type. |
string | Required Readonly |
severity | Severity of the signature Severity of the threat covered by the signature, can be Critical, High, Medium, or Low. |
string | Readonly |
signature_id | Signature ID Signature ID pertaining to the detected intrusion. |
integer | Readonly |
signature_name | Name of the signature Name of the signature pertaining to the detected intrusion. |
string | Readonly |
traffic_type | IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST. |
string | Readonly Enum: GATEWAY, HOST |