Get Signatures in IPS Profile - Cloud Security Gov

{"type":"api","title":"Get Signatures in IPS Profile","meta":{"id":"/apps/pubhub/media/cloud-security-gov/9ead083ce611c254ac9201d1e76003bd3d4b4b6b/5a7c6e45-6e48-3ded-9e12-6072294c5775","info":{"title":"Cisco Secure Access for Government IPS Profiles API","version":"1.0.0","description":"Get the Intrusion Prevention System (IPS) profiles and IPS signatures in the Secure Access organization.","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"IPS Profiles","description":"The IPS profiles with signatures."},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/policies/ips-profiles-overview.md","uri":"secure-access-api-reference-ips-profiles-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.secureaccessfed.cisco.com/{basePath}","variables":{"basePath":{"default":"policies/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.secureaccessfed.cisco.com/auth/v2/token","scopes":{"policies.ipsconfig:read":"Read Intrusion Prevention System profiles","policies.ipsconfig:write":"Write Intrusion Prevention System profiles"}}}}}},"spec":{"summary":"Get Signatures in IPS Profile","operationId":"getSignaturesInSignatureProfile","tags":["IPS Profiles","Secure Access"],"description":"Get the IPS signatures associated with the IPS profile.","parameters":[{"in":"path","name":"id","description":"The ID of the IPS profile.","required":true,"schema":{"type":"integer"},"$$ref":"#/components/parameters/ipsSignatureProfileId"},{"name":"limit","in":"query","description":"The number of items on a page. The total number of items that are allowed on a page in the response is 100.","required":false,"schema":{"type":"integer","default":10,"format":"int32","minimum":1,"maximum":100},"example":20,"$$ref":"#/components/parameters/limit"},{"name":"page","in":"query","description":"The number of a page in the collection.","required":false,"schema":{"default":1,"type":"integer","format":"int32","minimum":1},"$$ref":"#/components/parameters/page"},{"name":"order","in":"query","description":"Set how the system returns the order of the signatures in the collection. The order is either ascending (`asc`) or descending (`desc`).\nThe value is case insensitive. If you do not set `order`, the system returns the signatures in ascending order.","required":false,"schema":{"type":"string","enum":["asc","desc"],"default":"asc"},"$$ref":"#/components/parameters/order"},{"name":"orderby","in":"query","description":"Set how the system returns the order of the signatures in the collection.\nThe order is either determined by the value of the signature `name` or `gidsid`.\nThe value is case insensitive. If you do not set `orderby`, the system returns the signatures using the `GID-SID value.","required":false,"schema":{"type":"string","enum":["gidsid","name"],"default":"gidsid"},"$$ref":"#/components/parameters/orderby"},{"name":"filters","in":"query","schema":{"type":"string","enum":["action: block | warn | ignore","searchStr: string","overridesOnly: true/false"]},"description":"Add a JSON object that sets the filter fields and values.\nThe system uses the filters to return the IPS profiles in the collection.\nUse the `action (\u003cstring\u003e)`, `overridesOnly(\u003cboolean\u003e)`, and `searchStr(\u003cstring\u003e)` query strings.\nFor example: `{\"action\":\"block\",\"searchStr\":\"malware\"}`.\n\n* If the API request does not include the `filters` query parameter, the system only returns the `block` signatures.\n* When you set `overridesOnly` to `true`, the system returns the signatures that were overriden and ignores the `action` filter option.\n* Use the `SearchStr` option to partially match against signature names, GID-SIDs, or CVEs.","required":false,"$$ref":"#/components/parameters/filters"}],"security":[{"oauthFlow":["policies.ipsconfig:read"]}],"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"meta":{"type":"object","properties":{"page":{"type":"integer","description":"The number of the page read in the collection.","example":2},"limit":{"type":"integer","description":"The number of items on the page read in the collection.","example":50},"total":{"type":"integer","description":"The total number of items in the collection.","example":51}},"$$ref":"#/components/schemas/meta"},"data":{"type":"array","description":"The list of signatures in the IPS Signature profile.","items":{"type":"object","description":"The properties of the IPS signature.","properties":{"id":{"type":"string","description":"The ID of the signature.","example":"e9279afc-3b0e-5b78-a2a3-ab9418fad29c"},"gid":{"type":"integer","description":"The generator ID (GID) component of the signature. The SID is used to identify the component in the IPS that generated the alert.","example":1},"sid":{"type":"integer","description":"The Cisco Snort or signature ID (SID) component of the signature.","example":976},"name":{"type":"string","description":"The name of the IPS signature.","example":"MALWARE-BACKDOOR fearless lite 1.01 runtime detection"},"cve":{"type":"array","description":"The list of the CVE values associated with the IPS signature.","example":["2017-11841","2017-11873"],"items":{"type":"string","description":"The CVE associated with the IPS signature.","example":"2017-11841"}},"description":{"type":"string","description":"The description of the IPS signature.","example":"alert ( gid:1; sid:976; rev:1; msg:\"(smtp) file decompression failed\"; )"},"currentAction":{"type":"string","nullable":true,"description":"When the `overridesOnly` filter is `true`, the system returns a non-null value.","example":"block"},"originalAction":{"type":"string","nullable":true,"description":"When the `overridesOnly` filter is `true`, the system returns a non-null value.","example":"warn"}},"example":{"id":"e9279afc-3b0e-5b78-a2a3-ab9418fad29c","gid":1,"sid":7091,"name":"MALWARE-BACKDOOR serveme runtime detection","cve":[],"description":"alert tcp $HOME_NET 5555 -\u003e $EXTERNAL_NET any ( msg:\\\"MALWARE-BACKDOOR serveme runtime detection\\\"; flow:to_client,established; content:\\\"ServeMe 1.x\\\",depth 11,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy security-ips drop; reference:url,www.megasecurity.org/trojans/s/serveme/Serveme.html; reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453081036; classtype:trojan-activity; sid:7091; rev:6; )","currentAction":"block","originalAction":"block"},"$$ref":"#/components/schemas/ipsSignature"}}},"example":{"meta":{"page":1,"limit":100,"total":481},"data":[{"id":"e9279afc-3b0e-5b78-a2a3-ab9418fad29c","gid":1,"sid":7091,"name":"MALWARE-BACKDOOR serveme runtime detection","cve":[],"description":"alert tcp $HOME_NET 5555 -\u003e $EXTERNAL_NET any ( msg:\\\"MALWARE-BACKDOOR serveme runtime detection\\\"; flow:to_client,established; content:\\\"ServeMe 1.x\\\",depth 11,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy security-ips drop; reference:url,www.megasecurity.org/trojans/s/serveme/Serveme.html; reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453081036; classtype:trojan-activity; sid:7091; rev:6; )","currentAction":"block","originalAction":"block"}]}}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"description":"Bad Request","type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Bad Request"}},"$$ref":"#/components/schemas/badRequest"}}},"$$ref":"#/components/responses/badRequest"},"401":{"description":"Unauthorized","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"description":"Unauthorized","type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Unauthorized"}},"$$ref":"#/components/schemas/unauthorized"}}},"$$ref":"#/components/responses/unauthorized"},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"description":"Forbidden","type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Forbidden"}},"$$ref":"#/components/schemas/forbidden"}}},"$$ref":"#/components/responses/forbidden"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"description":"Not Found","type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Not Found"}},"$$ref":"#/components/schemas/notFound"}}},"$$ref":"#/components/responses/notFound"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"description":"Internal Server Error","type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Internal Server Error"}},"$$ref":"#/components/schemas/serverError"}}},"$$ref":"#/components/responses/serverError"}},"__originalOperationId":"getSignaturesInSignatureProfile","method":"get","path":"/ipsSignatureProfiles/{id}/signatures"}}