PolicyIdsEventsSummary (schema)

Intrusions with event and signature data

Intrusion event with all the event and signature details, each event
contains the signature id, name, severity, first and recent occurence,
users and VMs affected and other signature metadata.

Name Description Type Notes

affected_ip_count Count of workload IPs this signature was detected on

Count of workload IPs on which a particular signature was detected. integer Readonly

affected_vm_count Count of VMs this signature was detected on

Count of VMs on which a particular signature was detected. integer Readonly

first_occurence First occurence of the intrusion

First occurence of the intrusion, in epoch milliseconds. EpochMsTimestamp Readonly

ids_flow_details IDS event flow data details

IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol. object Readonly

is_ongoing Flag indicating an ongoing intrusion

Flag indicating an ongoing intrusion. boolean Readonly

is_rule_valid Is the rule id valid

Indicates if the rule id is valid or not. boolean Readonly

latest_occurence Latest occurence of the intrusion

Latest occurence of the intrusion, in epoch milliseconds. EpochMsTimestamp Readonly

resource_type IDSEvent resource type

IDSEvent resource type. string Required
Readonly

rule_id IDS Rule id of detected intrusion

The IDS Rule id that detected this particular intrusion. integer Readonly

signature_id Signature ID

Signature ID pertaining to the detected intrusion. integer Readonly

signature_metadata Metadata about the detected signature

Metadata about the detected signature including name, id, severity, product affected, protocol etc. object Readonly

total_count Number of occurrences of this signature

Number of times this particular signature was detected. integer Readonly

user_details List of users on the affected VMs

List of users logged into VMs on which a particular signature was detected. object Readonly

vm_details List of VMs this signature was seen

List of VMs on which a particular signature was detected with the count. object Readonly

Name	Description	Type	Notes
affected_ip_count	Count of workload IPs this signature was detected on Count of workload IPs on which a particular signature was detected.	integer	Readonly
affected_vm_count	Count of VMs this signature was detected on Count of VMs on which a particular signature was detected.	integer	Readonly
first_occurence	First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds.	EpochMsTimestamp	Readonly
ids_flow_details	IDS event flow data details IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.	object	Readonly
is_ongoing	Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion.	boolean	Readonly
is_rule_valid	Is the rule id valid Indicates if the rule id is valid or not.	boolean	Readonly
latest_occurence	Latest occurence of the intrusion Latest occurence of the intrusion, in epoch milliseconds.	EpochMsTimestamp	Readonly
resource_type	IDSEvent resource type IDSEvent resource type.	string	Required Readonly
rule_id	IDS Rule id of detected intrusion The IDS Rule id that detected this particular intrusion.	integer	Readonly
signature_id	Signature ID Signature ID pertaining to the detected intrusion.	integer	Readonly
signature_metadata	Metadata about the detected signature Metadata about the detected signature including name, id, severity, product affected, protocol etc.	object	Readonly
total_count	Number of occurrences of this signature Number of times this particular signature was detected.	integer	Readonly
user_details	List of users on the affected VMs List of users logged into VMs on which a particular signature was detected.	object	Readonly
vm_details	List of VMs this signature was seen List of VMs on which a particular signature was detected with the count.	object	Readonly