ActivityIntrusion - Cloud Security API

{"type":"model","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/9d37d008417d562ab46d4b67547a68457ce288d2/d1093732-2fd9-3760-ac85-83910c4b7111","info":{"title":"Cisco Secure Access Reporting API","description":"The Reporting API provides the data to generate the Secure Access reports.","version":"2.0.1","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Activity"},{"name":"Top Identities"},{"name":"Identity Distribution"},{"name":"Top Resources"},{"name":"Top Destinations"},{"name":"Top Categories"},{"name":"Top Event Types"},{"name":"Top DNS Query Types"},{"name":"Organization Requests by Hour"},{"name":"Organization Requests by Timerange"},{"name":"Organization Requests by Hour and Category"},{"name":"Organization Requests by Timerange and Category"},{"name":"Deployment Status"},{"name":"Bandwidth by Hour"},{"name":"Bandwidth by Timerange"},{"name":"Top Files"},{"name":"Total Requests"},{"name":"Top Threats"},{"name":"Top Threat Types"},{"name":"Utility"},{"name":"Top IPs"},{"name":"Summary"},{"name":"Summaries by Category"},{"name":"Summaries by Destination"},{"name":"Summaries by Rule"},{"name":"Remote Access"},{"name":"Private Resource"},{"name":"Requests Resource Connector"},{"name":"Requests Summary Resource Connector Groups"},{"name":"Resource Connectors"},{"name":"Rules Activity"},{"name":"Unique Resources"},{"name":"Network Tunnels"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/reports/reporting-overview.md","uri":"secure-access-api-reference-reporting-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"reports/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"client credential flow","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"reports.granularEvents:read":"Read reports granular events","reports.utilities:read":"Read reports utilities","reports.aggregations:read":"Read reports aggregations","reports.summariesByRule:read":"Read reports for the summaries of the rule","reports.privateResources:read":"Read reports for the private resources"}}}}}},"spec":{"type":"object","description":"The information about the intrusion activity.","properties":{"classification":{"type":"string","description":"The category of attack detected by a rule that is part of a more general type of attack class, such as trojan-activity, attempted-user, and unknown.","example":"trojan-activity","$$ref":"#/components/schemas/Classification"},"date":{"type":"string","description":"The date from the timestamp based on the timezone parameter.","example":"2020-07-12","$$ref":"#/components/schemas/Date"},"destinationip":{"type":"string","description":"The destination IP for the entry.","example":"12.10.10.10","$$ref":"#/components/schemas/DestinationIp"},"destinationport":{"type":"number","description":"The destination port for entry.","example":89,"$$ref":"#/components/schemas/DestinationPort"},"identities":{"type":"array","description":"The list of identities for the entry.","items":{"type":"object","description":"The information about the identity.","properties":{"id":{"type":"number","description":"The ID of the identity."},"label":{"type":"string","description":"The descriptive label for the identity."},"type":{"type":"object","description":"The information about the identity including the type.","properties":{"id":{"type":"number","description":"The ID of the origin type for the identity."},"label":{"type":"string","description":"The label of the origin type for the identity."},"type":{"type":"string","description":"The name of the origin type for the identity."}},"$$ref":"#/components/schemas/IdentityType"},"deleted":{"type":"boolean","description":"Indicates whether the identity was deleted.","example":true}},"required":["id","label","type","deleted"],"example":{"id":1,"label":"Catch Rate Testing System","type":{"id":21,"label":"Sites","type":"site"},"deleted":false},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"protocol":{"type":"object","description":"The properties of the protocol.","properties":{"id":{"type":"number","description":"The ID of protocol."},"label":{"type":"string","description":"The name of the protocol."}},"required":["id","label"],"$$ref":"#/components/schemas/Protocol"},"sessionid":{"type":"number","description":"The unique identifier of a session, which is used to group the correlated events between various services.","example":7878797,"$$ref":"#/components/schemas/SessionId"},"severity":{"type":"string","description":"The severity level of the rule.","enum":["HIGH","MEDIUM","LOW","VERY LOW"],"example":"HIGH","$$ref":"#/components/schemas/Severity"},"signature":{"type":"object","description":"The properties of the signature.","properties":{"generatorid":{"type":"number","description":"The unique ID that is assigned to the part of the IPS, which generated the event."},"id":{"type":"number","description":"The ID that is used to uniquely identify signatures."},"label":{"type":"string","description":"A descriptive label for the the signature."},"cves":{"type":"array","description":"The list of common vulnerabilites and exposures (CVEs).","items":{"type":"string","description":"An identifier for a known security vulnerability/exposure.","example":"cve-2015-0279","$$ref":"#/components/schemas/CVE"}}},"required":["generatorid","id","label","cves"],"example":{"generatorid":148,"id":2,"label":"(cip) CIP data is non-conforming to ODVA standard","cves":["cve-2015-0279"]},"$$ref":"#/components/schemas/Signature"},"signaturelist":{"type":"object","description":"The properties of the signature list.","properties":{"id":{"type":"number","description":"The unique ID assigned to a default or custom signature list."}},"required":["id"],"example":{"id":1112},"$$ref":"#/components/schemas/SignatureList"},"sourceip":{"type":"string","description":"The source IP for the entry.","example":"10.11.10.10","$$ref":"#/components/schemas/SourceIp"},"sourceport":{"type":"number","description":"The source port for the entry.","example":3000,"$$ref":"#/components/schemas/SourcePort"},"time":{"type":"string","description":"The time in 24-hour format based on the timezone parameter.","example":"12:34","$$ref":"#/components/schemas/Time"},"timestamp":{"type":"number","description":"The timestamp represented in milliseconds.","example":1594557263000,"$$ref":"#/components/schemas/Timestamp"},"type":{"type":"string","description":"The type of the request. An intrusion request always has type intrusion.","example":"intrusion"},"verdict":{"type":"string","description":"The verdict for the entry.","enum":["detected"],"example":"detected","$$ref":"#/components/schemas/verdictDetected"}},"required":["classification","date","destinationip","destinationport","identities","protocol","sessionid","severity","signature","signaturelist","sourceip","sourceport","time","timestamp","type","verdict"],"example":{"type":"intrusion","date":"12-02-22","destinationip":"10.10.10.10","protocol":{"id":17,"label":"UDP"},"sourceip":"10.10.10.10","signaturelist":{"id":1111},"classification":"malicious","sourceport":22,"sessionid":190898098,"verdict":"detected","destinationport":33,"timestamp":1594557262000,"time":"09:30","identities":[{"id":211034846,"type":{"id":34,"type":"anyconnect","label":"Anyconnect Roaming Client"},"label":"omerta","deleted":false}],"severity":"HIGH","signature":{"generatorid":1,"id":47829,"label":"SERVER-OTHER JBoss Richfaces expression language injection attempt","cves":["cve-2015-0279","cve-2018-12532"]}},"$$ref":"#/components/schemas/ActivityIntrusion","title":"ActivityIntrusion"}}