that didn't work for me. I have more filters.
{
"filters": [
{
"field": "severity",
"values":[
"High"
],
"field": "Direction",
"values":["Outbound"],
"field": "group",
"values":[
"A Network Trojan was detected",
"Exploit Kit Activity Detected",
"Attempted Administrator Privilege Gain",
"Targeted Malicious Activity was Detected"
]
}
],
"search": "",
"orderBy": {
"field": "severity",
"order": "Ascending"
},
"skip": 0
}
output:
{
"signatures": [
{
"signatureId": 2000015,
"mode": 1,
"severity": 1,
"direction": 2,
"group": "A Network Trojan was detected",
"description": "P2P Phatbot Control Connection",
"sourcePorts": [
"any"
],
"destinationPorts": [
"any"
],
"lastUpdated": "2010-07-30T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "tcp",
"alertOnly": true,
"modeDefinedBy": 1
},
{
"signatureId": 2000347,
"mode": 2,
"severity": 1,
"direction": 0,
"group": "A Network Trojan was detected",
"description": "MALWARE IRC Private message on non-standard port",
"sourcePorts": [
"any"
],
"destinationPorts": [
"!6666:7000"
],
"lastUpdated": "2022-05-03T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "tcp",
"alertOnly": false,
"modeDefinedBy": 0
},
{
"signatureId": 2001616,
"mode": 2,
"severity": 1,
"direction": 0,
"group": "A Network Trojan was detected",
"description": "ATTACK_RESPONSE Zone-H.org defacement notification",
"sourcePorts": [
"any"
],
"destinationPorts": [
"any"
],
"lastUpdated": "2020-08-24T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "http",
"alertOnly": false,
"modeDefinedBy": 0
},
{
"signatureId": 2001743,
"mode": 2,
"severity": 1,
"direction": 1,
"group": "A Network Trojan was detected",
"description": "MALWARE HackerDefender Root Kit Remote Connection Attempt Detected",
"sourcePorts": [
"any"
],
"destinationPorts": [
"any"
],
"lastUpdated": "2010-07-30T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "tcp",
"alertOnly": false,
"modeDefinedBy": 0
},
{
"signatureId": 2001891,
"mode": 2,
"severity": 1,
"direction": 0,
"group": "A Network Trojan was detected",
"description": "USER_AGENTS Suspicious User Agent (agent)",
"sourcePorts": [
"any"
],
"destinationPorts": [
"any"
],
"lastUpdated": "2020-09-17T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "http",
"alertOnly": false,
"modeDefinedBy": 0
},
{
"signatureId": 2002029,
"mode": 2,
"severity": 1,
"direction": 1,
"group": "A Network Trojan was detected",
"description": "MALWARE IRC Channel topic scan/exploit command",
"sourcePorts": [
"any"
],
"destinationPorts": [
"any"
],
"lastUpdated": "2010-07-30T00:00:00",
"inheritedFromParentPolicy": false,
"protocol": "tcp",
"alertOnly": false,
"modeDefinedBy": 0
},