Magic IDS Detections
The descriptions below detail the fields available for magic_ids_detections.
| Field | Value | Type |
|---|---|---|
| Action | What action was taken on the packet. Possible values are pass | block. | string |
| ColoCity | The city where the detection occurred. | string |
| ColoCode | The IATA airport code corresponding to where the detection occurred. | string |
| DestinationIP | The destination IP of the packet which triggered the detection. | string |
| DestinationPort | The destination port of the packet which triggered the detection. It is set to 0 if the protocol field is set to any. | int |
| Protocol | The layer 4 protocol of the packet which triggered the detection. Possible values are tcp | udp | any. Variant any means a detection occurred at a lower layer (such as IP). | string |
| SignatureID | The signature ID of the detection. | int |
| SignatureMessage | The signature message of the detection. Describes what the packet is attempting to do. | string |
| SignatureRevision | The signature revision of the detection. | int |
| SourceIP | The source IP of packet which triggered the detection. | string |
| SourcePort | The source port of the packet which triggered the detection. It is set to 0 if the protocol field is set to any. | int |
| Timestamp | A timestamp of when the detection occurred. | int or string |