Share via

Firewall Policy Idps Signatures - List

Service:
Virtual Networks
API Version:
2024-05-01

Retrieves the current status of IDPS signatures for the relevant policy. Maximal amount of returned signatures is 1000.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/listIdpsSignatures?api-version=2024-05-01

URI Parameters

Name In Required Type Description
firewallPolicyName
 path True

string

The name of the Firewall Policy.
resourceGroupName
 path True

string

The name of the resource group.
subscriptionId
 path True

string

The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version
 query True

string

Client API version.

Request Body

Name Type Description
filters

FilterItems[]

Contain all filters names and values
orderBy

OrderBy

Column to sort response by
resultsPerPage

integer (int32)

minimum: 1
maximum: 1000

The number of the results to return in each page
search

string

Search term in all columns
skip

integer (int32)

The number of records matching the filter to skip

Responses

Name Type Description
200 OK

QueryResults

Success. The operation returns an IDPS Query Response
Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

query signature overrides

Sample request

POST https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/listIdpsSignatures?api-version=2024-05-01

{
  "filters": [
    {
      "field": "Mode",
      "values": [
        "Deny"
      ]
    }
  ],
  "search": "",
  "orderBy": {
    "field": "severity",
    "order": "Ascending"
  },
  "resultsPerPage": 20,
  "skip": 0
}

Sample response

Status code:
200 
{
  "signatures": [
    {
      "signatureId": 2000015,
      "mode": 2,
      "severity": 1,
      "direction": 2,
      "group": "A Network Trojan was detected",
      "description": "P2P Phatbot Control Connection",
      "sourcePorts": [
        "any"
      ],
      "destinationPorts": [
        "any"
      ],
      "lastUpdated": "2010-07-30T00:00:00",
      "inheritedFromParentPolicy": false,
      "protocol": "tcp"
    },
    {
      "signatureId": 2000106,
      "mode": 2,
      "severity": 1,
      "direction": 1,
      "group": "Attempted User Privilege Gain",
      "description": "WEB_SERVER SQL sp_delete_alert attempt",
      "sourcePorts": [
        "any"
      ],
      "destinationPorts": [
        "any"
      ],
      "lastUpdated": "2019-09-27T00:00:00",
      "inheritedFromParentPolicy": false,
      "protocol": "http"
    }
  ],
  "matchingRecordsCount": 2
}

Definitions

Name Description
CloudError

An error response from the service.
CloudErrorBody

An error response from the service.
FilterItems

Will contain the filter name and values to operate on
FirewallPolicyIDPSQuerySortOrder

Describes if results should be in ascending/descending order
FirewallPolicyIDPSSignatureDirection

Describes in which direction signature is being enforced: 0 - OutBound, 1 - InBound, 2 - Any, 3 - Internal, 4 - InternalOutbound, 5 - InternalInbound
FirewallPolicyIDPSSignatureMode

The current mode enforced, 0 - Disabled, 1 - Alert, 2 -Deny
FirewallPolicyIDPSSignatureSeverity

Describes the severity of signature: 1 - High, 2 - Medium, 3 - Low
IDPSQueryObject

Will describe the query to run against the IDPS signatures DB
OrderBy

Describes a column to sort
QueryResults

Query result
SingleQueryResult

CloudError

Object

An error response from the service.

Name Type Description
error

CloudErrorBody

Cloud error body.

CloudErrorBody

Object

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details

CloudErrorBody[]

A list of additional details about the error.
message

string

A message describing the error, intended to be suitable for display in a user interface.
target

string

The target of the particular error. For example, the name of the property in error.

FilterItems

Object

Will contain the filter name and values to operate on

Name Type Description
field

string

The name of the field we would like to filter
values

string[]

List of values to filter the current field by

FirewallPolicyIDPSQuerySortOrder

Enumeration

Describes if results should be in ascending/descending order

Value Description
Ascending
Descending

FirewallPolicyIDPSSignatureDirection

Enumeration

Describes in which direction signature is being enforced: 0 - OutBound, 1 - InBound, 2 - Any, 3 - Internal, 4 - InternalOutbound, 5 - InternalInbound

Value Description
0
1
2
3
4
5

FirewallPolicyIDPSSignatureMode

Enumeration

The current mode enforced, 0 - Disabled, 1 - Alert, 2 -Deny

Value Description
0
1
2

FirewallPolicyIDPSSignatureSeverity

Enumeration

Describes the severity of signature: 1 - High, 2 - Medium, 3 - Low

Value Description
1
2
3

IDPSQueryObject

Object

Will describe the query to run against the IDPS signatures DB

Name Type Description
filters

FilterItems[]

Contain all filters names and values
orderBy

OrderBy

Column to sort response by
resultsPerPage

integer (int32)

minimum: 1
maximum: 1000

The number of the results to return in each page
search

string

Search term in all columns
skip

integer (int32)

The number of records matching the filter to skip

OrderBy

Object

Describes a column to sort

Name Type Description
field

string

Describes the actual column name to sort by
order

FirewallPolicyIDPSQuerySortOrder

Describes if results should be in ascending/descending order

QueryResults

Object

Query result

Name Type Description
matchingRecordsCount

integer (int64)

Number of total records matching the query.
signatures

SingleQueryResult[]

Array containing the results of the query

SingleQueryResult

Object
Name Type Description
description

string

Describes what is the signature enforces
destinationPorts

string[]

Describes the list of destination ports related to this signature
direction

FirewallPolicyIDPSSignatureDirection (int32)

Describes in which direction signature is being enforced: 0 - OutBound, 1 - InBound, 2 - Any, 3 - Internal, 4 - InternalOutbound, 5 - InternalInbound
group

string

Describes the groups the signature belongs to
inheritedFromParentPolicy

boolean

Describes if this override is inherited from base policy or not
lastUpdated

string

Describes the last updated time of the signature (provided from 3rd party vendor)
mode

FirewallPolicyIDPSSignatureMode (int32)

The current mode enforced, 0 - Disabled, 1 - Alert, 2 -Deny
protocol

string

Describes the protocol the signatures is being enforced in
severity

FirewallPolicyIDPSSignatureSeverity (int32)

Describes the severity of signature: 1 - High, 2 - Medium, 3 - Low
signatureId

integer (int32)

The ID of the signature
sourcePorts

string[]

Describes the list of source ports related to this signature