Intrusions with event and signature data
Intrusion event with all the event and signature details, each event
contains the signature id, name, severity, first and recent occurence,
users and VMs affected and other signature metadata.
Name | Description | Type | Notes |
---|---|---|---|
affected_ip_count | Count of workload IPs this signature was detected on Count of workload IPs on which a particular signature was detected. |
integer | Readonly |
affected_vm_count | Count of VMs this signature was detected on Count of VMs on which a particular signature was detected. |
integer | Readonly |
first_occurence | First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds. |
EpochMsTimestamp | Readonly |
ids_flow_details | IDS event flow data details IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol. |
object | Readonly |
is_ongoing | Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion. |
boolean | Readonly |
is_rule_valid | Is the rule id valid Indicates if the rule id is valid or not. |
boolean | Readonly |
latest_occurence | Latest occurence of the intrusion Latest occurence of the intrusion, in epoch milliseconds. |
EpochMsTimestamp | Readonly |
resource_type | IDSEvent resource type IDSEvent resource type. |
string | Required Readonly |
rule_id | IDS Rule id of detected intrusion The IDS Rule id that detected this particular intrusion. |
integer | Readonly |
signature_id | Signature ID Signature ID pertaining to the detected intrusion. |
integer | Readonly |
signature_metadata | Metadata about the detected signature Metadata about the detected signature including name, id, severity, product affected, protocol etc. |
object | Readonly |
total_count | Number of occurrences of this signature Number of times this particular signature was detected. |
integer | Readonly |
user_details | List of users on the affected VMs List of users logged into VMs on which a particular signature was detected. |
object | Readonly |
vm_details | List of VMs this signature was seen List of VMs on which a particular signature was detected with the count. |
object | Readonly |