InlineIDSEventsSummary1

JSON Example

{
    "affected_vm_count": 0,
    "first_occurence": 0,
    "idsflow_details": {},
    "is_ongoing": false,
    "is_rule_valid": false,
    "latest_occurence": 0,
    "resource_type": "string",
    "rule_id": 0,
    "signature_id": 0,
    "signature_metadata": {},
    "total_count": 0,
    "user_details": {},
    "vm_details": {}
}

integer As int64 As int64

affected_vm_count

Optional

Count of VMs on which a particular signature was detected.

integer As int64 As int64

first_occurence

Optional

First occurence of the intrusion, in epoch milliseconds.

object

idsflow_details

Optional

IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.

boolean

is_ongoing

Optional

Flag indicating an ongoing intrusion.

boolean

is_rule_valid

Optional

Indicates if the rule id is valid or not.

integer As int64 As int64

latest_occurence

Optional

Latest occurence of the intrusion, in epoch milliseconds.

string

resource_type

Optional

IDSEvent resource type.

integer As int64 As int64

rule_id

Optional

The IDS Rule id that detected this particular intrusion.

integer As int64 As int64

signature_id

Optional

Signature ID pertaining to the detected intrusion.

object

signature_metadata

Optional

Metadata about the detected signature including name, id, severity, product affected, protocol etc.

integer As int64 As int64

total_count

Optional

Number of times this particular signature was detected.

object

user_details

Optional

List of users logged into VMs on which a particular signature was detected.

object

vm_details

Optional

List of VMs on which a particular signature was detected with the count.

Used By

IDSEventsSummary